Spring整合Shiro做權限控制模塊詳細案例分析
1.引入Shiro的Maven依賴
<!-- Spring 整合Shiro需要的依賴 --><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.1</version> </dependency> <!-- 除此之外還有一些東西也不可少spring, spring-mvc, ibatis等 spring.3.1.2 spring-mvc.3.1.2 ibatis.2.3.4 cglib.2.2 --></pre> <h2>2.web.xml中配置</h2><!-- 配置shiro的核心攔截器 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>3. 編寫自己的UserRealm類繼承自Realm,主要實現認證和授權的管理操作
package com.jay.demo.shiro;import java.util.HashSet; import java.util.Iterator; import java.util.Set;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired;
import com.jay.demo.bean.Permission; import com.jay.demo.bean.Role; import com.jay.demo.bean.User; import com.jay.demo.service.UserService;
public class UserRealm extends AuthorizingRealm{
@Autowired private UserService userService; /** * 授權操作 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {// String username = (String) getAvailablePrincipal(principals); String username = (String) principals.getPrimaryPrincipal();
Set<Role> roleSet = userService.findUserByUsername(username).getRoleSet(); //角色名的集合 Set<String> roles = new HashSet<String>(); //權限名的集合 Set<String> permissions = new HashSet<String>(); Iterator<Role> it = roleSet.iterator(); while(it.hasNext()){ roles.add(it.next().getName()); for(Permission per:it.next().getPermissionSet()){ permissions.add(per.getName()); } } SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addRoles(roles); authorizationInfo.addStringPermissions(permissions); return authorizationInfo; } /** * 身份驗證操作 */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal(); User user = userService.findUserByUsername(username); if(user==null){ //木有找到用戶 throw new UnknownAccountException("沒有找到該賬號"); } /* if(Boolean.TRUE.equals(user.getLocked())) { throw new LockedAccountException(); //帳號鎖定 } */ /** * 交給AuthenticatingRealm使用CredentialsMatcher進行密碼匹配,如果覺得人家的不好可以在此判斷或自定義實現 */ SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(),getName()); return info; } @Override public String getName() { return getClass().getName(); }}</pre>
4.在Spring的applicationContext.xml中進行Shiro的相關配置
1、添加shiroFilter定義
Xml代碼
- <!-- Shiro Filter -->
- < bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean" >
- < property name = "securityManager" ref = "securityManager" />
- < property name = "loginUrl" value = "/login" />
- < property name = "successUrl" value = "/user/list" />
- < property name = "unauthorizedUrl" value = "/login" />
- < property name = "filterChainDefinitions" >
- < value >
- / login = anon
- /user/** = authc
- /role/edit/* = perms[role:edit]
- /role/ save = perms [role:edit]
- /role/ list = perms [role:view]
- /** = authc
- </ value >
- </ property >
- </ bean >
</ol> </div>2、添加securityManager定義
Xml代碼
- < bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager" >
- < property name = "realm" ref = "myRealm" />
- </ bean >
</ol> </div>3、添加realm定義
Xml代碼
- < bean id = " myRealm" class = "com.jay.demo.shiro.
</ol> </div>UserRealm<span class="attribute-value" style="font-size: 1em; font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', Consolas, 'Courier New', monospace; background-color: rgb(250, 250, 250);">"</span><span style="color: black; font-size: 1em; font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', Consolas, 'Courier New', monospace; background-color: rgb(250, 250, 250);"> </span><span class="tag" style="font-size: 1em; font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', Consolas, 'Courier New', monospace; color: rgb(0, 102, 153); font-weight: bold; background-color: rgb(250, 250, 250);">/></span><span style="color: black; font-size: 1em; font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', Consolas, 'Courier New', monospace; background-color: rgb(250, 250, 250);"> </span>4、配置EhCache
< bean id = "cacheManager" class = "org.apache.shiro.cache.ehcache.EhCacheManager" />
5、 保證實現了Shiro內部lifecycle函數的bean執行
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>特別注意:
如果使用Shiro相關的注解,需要在springmvc-servlet.xml中配置一下信息
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/><bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/></bean>備注:Shiro權限管理的過濾器解釋:
默認過濾器(10個) anon -- org.apache.shiro.web.filter.authc.AnonymousFilter authc -- org.apache.shiro.web.filter.authc.FormAuthenticationFilter authcBasic -- org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter perms -- org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter port -- org.apache.shiro.web.filter.authz.PortFilter rest -- org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter roles -- org.apache.shiro.web.filter.authz.RolesAuthorizationFilter ssl -- org.apache.shiro.web.filter.authz.SslFilter user -- org.apache.shiro.web.filter.authc.UserFilter logout -- org.apache.shiro.web.filter.authc.LogoutFilteranon:例子/admins/=anon 沒有參數,表示可以匿名使用。 authc:例如/admins/user/=authc表示需要認證(登錄)才能使用,沒有參數 roles:例子/admins/user/=roles[admin],參數可以寫多個,多個時必須加上引號,并且參數之間用逗號分割,當有多個參數時,例如admins/user/=roles["admin,guest"],每個參數通過才算通過,相當于hasAllRoles()方法。 perms:例子/admins/user/=perms[user:add:*],參數可以寫多個,多個時必須加上引號,并且參數之間用逗號分割,例如/admins/user/=perms["user:add:,user:modify:"],當有多個參數時必須每個參數都通過才通過,想當于isPermitedAll()方法。 rest:例子/admins/user/=rest[user],根據請求的方法,相當于/admins/user/=perms[user:method] ,其中method為post,get,delete等。 port:例子/admins/user/=port[8081],當請求的url的端口不是8081是跳轉到schemal://serverName:8081?queryString,其中schmal是協議http或https等,serverName是你訪問的host,8081是url配置里port的端口,queryString是你訪問的url里的?后面的參數。 authcBasic:例如/admins/user/=authcBasic沒有參數表示httpBasic認證 ssl:例子/admins/user/=ssl沒有參數,表示安全的url請求,協議為https user:例如/admins/user/=user沒有參數表示必須存在用戶,當登入操作時不做檢查</pre>
關于Shiro的標簽應用:
<shiro:authenticated> 登錄之后 <shiro:notAuthenticated> 不在登錄狀態時 <shiro:guest> 用戶在沒有RememberMe時 <shiro:user> 用戶在RememberMe時 <shiro:hasAnyRoles name="abc,123" > 在有abc或者123角色時 <shiro:hasRole name="abc"> 擁有角色abc <shiro:lacksRole name="abc"> 沒有角色abc <shiro:hasPermission name="abc"> 擁有權限abc <shiro:lacksPermission name="abc"> 沒有權限abc <shiro:principal> 顯示用戶登錄名以上是Shiro的相關配置,出于安全的考慮,一般都會使用ACL(基于角色的用戶權限管理去控制用戶登錄后的權限)
ACL詳細代碼案例如下:
涉及到的表:3+2(User,Role,Permission + user-role,role-permission)
3張實體表+2張關系表
1.關于User類:
package com.jay.demo.bean;import java.util.HashSet; import java.util.Set;
public class User { private String id; private String username; private String password; private Set<Role> roleSet = new HashSet<Role>();
public User() { } public String getId() { return id; } public void setId(String id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public Set<Role> getRoleSet() { return roleSet; } public void setRoleSet(Set<Role> roleSet) { this.roleSet = roleSet; }}</pre>
2.關于Role表
package com.jay.demo.bean;import java.io.Serializable; import java.util.HashSet; import java.util.Set;
public class Role implements Serializable {
private static final long serialVersionUID = -4987248128309954399L; private Integer id; private String name; private Set<Permission> permissionSet = new HashSet<Permission>(); public Role() { super(); } // -------------------------------------------------------------------------------- @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((id == null) ? 0 : id.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; Role other = (Role) obj; if (id == null) { if (other.id != null) return false; } else if (!id.equals(other.id)) return false; return true; } // -------------------------------------------------------------------------------- public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public Set<Permission> getPermissionSet() { return permissionSet; } public void setPermissionSet(Set<Permission> permissionSet) { this.permissionSet = permissionSet; }}</pre>
3.關于permission表
<pre name="code" class="java">package com.jay.demo.bean;import java.io.Serializable;
public class Permission implements Serializable {
private static final long serialVersionUID = -8025597823572680802L; private Integer id; private String name; public Permission() { super(); } // -------------------------------------------------------------------------------------- @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((id == null) ? 0 : id.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; Permission other = (Permission) obj; if (id == null) { if (other.id != null) return false; } else if (!id.equals(other.id)) return false; return true; } // -------------------------------------------------------------------------------------- public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; }}</pre>
4.dao層接口
package com.jay.demo.dao;import com.jay.demo.bean.User;
public interface UserDao {
User findUserByUsername(String username);}</pre>
4.使用Mybatis完成的Dao層實現
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "</resultMap> <!-- 通過User來查找Role --> <!-- <select id="selectRoleByUser" parameterType="int" resultMap="RoleMap"> select * from tbl_role_user user_id = #{id} </select> <resultMap id="roleMap" type="com.jay.demo.bean.User"> <result property="id" column="ROLE_ID" /> <result property="name" column="ROLE_NAME" /> </resultMap> <resultMap id="permissionMap" type="com.jay.demo.bean.Permission"> <result property="id" column="PERMISSION_ID" /> <result property="name" column="PERMISSION_NAME" /> </resultMap> --><sql id="select-base-01">
SELECT
u.USER_ID,
u.USER_USERNAME,
u.USER_PASSWORD,
r.ROLE_ID,
r.ROLE_NAME,
p.PERMISSION_ID,
p.PERMISSION_NAME
FROM
tbl_user as u,
tbl_role as r,
tbl_permission as p,
tbl_permission_role as pr,
tbl_role_user as ru
WHERE
u.USER_ID = ru.USER_ID
AND
r.ROLE_ID = ru.ROLE_ID
AND
p.PERMISSION_ID = pr.PERMISSION_ID
AND
r.ROLE_ID = pr.ROLE_ID
</sql><select id="findUserByUsername" parameterType="string" resultMap="userMap"> <include refid="select-base-01" /> AND u.USER_USERNAME = #{username} <!-- select * from tbl_user u, tbl_role r, tbl_role_user tu where u.user_id = tu.user_id and r.role_id = tu.role_id and user_username=#{username} --> </select></mapper></pre>
說明:詳細代碼和demo見附件
</div> </span></span></span></span></span></span></span></span></span></span></span></span>本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!相關經驗
相關資訊