shiro|Spring Boot 极简集成 Shiro

点击关注公众号,Java干货及时送达shiro|Spring Boot 极简集成 Shiro
文章图片

1. 前言

Apache Shiro是一个功能强大且易于使用的Java安全框架,提供了认证,授权,加密,和会话管理。
shiro|Spring Boot 极简集成 Shiro
文章图片
Shiro有三大核心组件:
Subject:即当前用户,在权限管理的应用程序里往往需要知道谁能够操作什么,谁拥有操作该程序的权利,shiro中则需要通过Subject来提供基础的当前用户信息,Subject 不仅仅代表某个用户,与当前应用交互的任何东西都是Subject,如网络爬虫等。所有的Subject都要绑定到SecurityManager上,与Subject的交互实际上是被转换为与SecurityManager的交互。
SecurityManager:即所有Subject的管理者,这是Shiro框架的核心组件,可以把他看做是一个Shiro框架的全局管理组件,用于调度各种Shiro框架的服务。作用类似于SpringMVC中的DispatcherServlet,用于拦截所有请求并进行处理。
Realm:Realm是用户的信息认证器和用户的权限人证器,我们需要自己来实现Realm来自定义的管理我们自己系统内部的权限规则。SecurityManager要验证用户,需要从Realm中获取用户。可以把Realm看做是数据源。
2. 数据库设计
2.1 User(用户) shiro|Spring Boot 极简集成 Shiro
文章图片

SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for user -- ---------------------------- DROP TABLE IF EXISTS `user`; CREATE TABLE `user`( `id` bigint(20) NOT NULL AUTO_INCREMENT, `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, `username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, `account` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = MyISAM AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; -- ---------------------------- -- Records of user -- ---------------------------- INSERT INTO `user` VALUES (1, 'root', '超级用户', 'root'); INSERT INTO `user` VALUES (2, 'user', '普通用户', 'user'); INSERT INTO `user` VALUES (3, 'vip', 'VIP用户', 'vip'); SET FOREIGN_KEY_CHECKS = 1;

2.2 Role(角色) shiro|Spring Boot 极简集成 Shiro
文章图片
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for role -- ---------------------------- DROP TABLE IF EXISTS `role`; CREATE TABLE `role`( `id` int(11) NOT NULL AUTO_INCREMENT, `role` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, `desc` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = MyISAM AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; -- ---------------------------- -- Records of role -- ---------------------------- INSERT INTO `role` VALUES (1, 'admin', '超级管理员'); INSERT INTO `role` VALUES (2, 'user', '普通用户'); INSERT INTO `role` VALUES (3, 'vip_user', 'VIP用户'); SET FOREIGN_KEY_CHECKS = 1;

2.3 Permission(权限) shiro|Spring Boot 极简集成 Shiro
文章图片
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for permission -- ---------------------------- DROP TABLE IF EXISTS `permission`; CREATE TABLE `permission`( `id` int(11) NOT NULL AUTO_INCREMENT, `permission` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '权限名称', `desc` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '权限描述', PRIMARY KEY (`id`) USING BTREE ) ENGINE = MyISAM AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; -- ---------------------------- -- Records of permission -- ---------------------------- INSERT INTO `permission` VALUES (1, 'add', '增加'); INSERT INTO `permission` VALUES (2, 'update', '更新'); INSERT INTO `permission` VALUES (3, 'select', '查看'); INSERT INTO `permission` VALUES (4, 'delete', '删除'); SET FOREIGN_KEY_CHECKS = 1;

2.4 User_Role(用户-角色) shiro|Spring Boot 极简集成 Shiro
文章图片
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for user_role -- ---------------------------- DROP TABLE IF EXISTS `user_role`; CREATE TABLE `user_role`( `id` int(11) NOT NULL AUTO_INCREMENT, `user_id` int(11) NULL DEFAULT NULL, `role_id` int(11) NULL DEFAULT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = MyISAM AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Fixed; -- ---------------------------- -- Records of user_role -- ---------------------------- INSERT INTO `user_role` VALUES (1, 1, 1); INSERT INTO `user_role` VALUES (2, 2, 2); INSERT INTO `user_role` VALUES (3, 3, 3); SET FOREIGN_KEY_CHECKS = 1;

2.5 Role_Permission(角色-权限) shiro|Spring Boot 极简集成 Shiro
文章图片
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for role_permission -- ---------------------------- DROP TABLE IF EXISTS `role_permission`; CREATE TABLE `role_permission`( `id` int(11) NOT NULL AUTO_INCREMENT, `role_id` int(11) NULL DEFAULT NULL, `permission_id` int(255) NULL DEFAULT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = MyISAM AUTO_INCREMENT = 9 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Fixed; -- ---------------------------- -- Records of role_permission -- ---------------------------- INSERT INTO `role_permission` VALUES (1, 1, 1); INSERT INTO `role_permission` VALUES (2, 1, 2); INSERT INTO `role_permission` VALUES (3, 1, 3); INSERT INTO `role_permission` VALUES (4, 1, 4); INSERT INTO `role_permission` VALUES (5, 2, 3); INSERT INTO `role_permission` VALUES (6, 3, 3); INSERT INTO `role_permission` VALUES (7, 3, 2); INSERT INTO `role_permission` VALUES (8, 2, 1); SET FOREIGN_KEY_CHECKS = 1;

3. 项目结构

shiro|Spring Boot 极简集成 Shiro
文章图片
4. 前期准备
4.1 导入Pom
org.springframework.boot spring-boot-starter-web mysql mysql-connector-java org.mybatis.spring.boot mybatis-spring-boot-starter 1.3.2 org.apache.shiro shiro-spring 1.4.0

4.2 application.yml
server: port: 8903 spring: application: name: lab-user datasource: driver-class-name: com.mysql.jdbc.Driver url: jdbc:mysql://127.0.0.1:3306/laboratory?charset=utf8 username: root password: root mybatis: type-aliases-package: cn.ntshare.laboratory.entity mapper-locations: classpath:mapper/*.xml configuration: map-underscore-to-camel-case: true

4.3 实体类 4.3.1 User.java
@Data @ToString public class User implements Serializable {private static final long serialVersionUID = -6056125703075132981L; private Integer id; private String account; private String password; private String username; }

4.3.2 Role.java
@Data @ToString public class Role implements Serializable {private static final long serialVersionUID = -1767327914553823741L; private Integer id; private String role; private String desc; }

4.4 Dao层

4.4.1 PermissionMapper.java
@Mapper @Repository public interface PermissionMapper {List findByRoleId(@Param("roleIds") List roleIds); }

4.4.2 PermissionMapper.xml
id, permission, descselect permission from permission, role_permission rp where rp.permission_id = permission.id and rp.role_id in #{id}

4.4.3 RoleMapper.java
@Mapper @Repository public interface RoleMapper {List findRoleByUserId(@Param("userId") Integer userId); }

4.4.4 RoleMapper.xml
id, user_id, role_idselect role.id, role from role, user, user_role ur where role.id = ur.role_id and ur.user_id = user.id and user.id = #{userId}

4.4.5 UserMapper.java
@Mapper @Repository public interface UserMapper { User findByAccount(@Param("account") String account); }

4.4.6 UserMapper.xml
id, account, password, usernameselect from user where account = #{account}

4.5 Service层 4.5.1 PermissionServiceImpl.java
@Service public class PermissionServiceImpl implements PermissionService {@Autowired private PermissionMapper permissionMapper; @Override public List findByRoleId(List roleIds) { return permissionMapper.findByRoleId(roleIds); } }

4.5.2 RoleServiceImpl.java
@Service public class RoleServiceImpl implements RoleService {@Autowired private RoleMapper roleMapper; @Override public List findRoleByUserId(Integer id) { return roleMapper.findRoleByUserId(id); } }

4.5.3 UserServiceImpl.java
@Service public class UserServiceImpl implements UserService {@Autowired private UserMapper userMapper; @Override public User findByAccount(String account) { return userMapper.findByAccount(account); } }

4.6. 系统返回状态枚举与包装函数 4.6.1 ServerResponseEnum.java
@AllArgsConstructor @Getter public enum ServerResponseEnum { SUCCESS(0, "成功"), ERROR(10, "失败"),ACCOUNT_NOT_EXIST(11, "账号不存在"), DUPLICATE_ACCOUNT(12, "账号重复"), ACCOUNT_IS_DISABLED(13, "账号被禁用"), INCORRECT_CREDENTIALS(14, "账号或密码错误"), NOT_LOGIN_IN(15, "账号未登录"), UNAUTHORIZED(16, "没有权限") ; Integer code; String message; }

4.6.2 ServerResponseVO.java
@Getter @Setter @NoArgsConstructor public class ServerResponseVO implements Serializable { private static final long serialVersionUID = -1005863670741860901L; // 响应码 private Integer code; // 描述信息 private String message; // 响应内容 private T data; private ServerResponseVO(ServerResponseEnum responseCode) { this.code = responseCode.getCode(); this.message = responseCode.getMessage(); }private ServerResponseVO(ServerResponseEnum responseCode, T data) { this.code = responseCode.getCode(); this.message = responseCode.getMessage(); this.data = https://www.it610.com/article/data; }private ServerResponseVO(Integer code, String message) { this.code = code; this.message = message; }/** * 返回成功信息 * @param data 信息内容 * @param * @return */ public static ServerResponseVO success(T data) { return new ServerResponseVO<>(ServerResponseEnum.SUCCESS, data); }/** * 返回成功信息 * @return */ public static ServerResponseVO success() { return new ServerResponseVO(ServerResponseEnum.SUCCESS); }/** * 返回错误信息 * @param responseCode 响应码 * @return */ public static ServerResponseVO error(ServerResponseEnum responseCode) { return new ServerResponseVO(responseCode); } }

4.7 统一异常处理 当用户身份认证失败时,会抛出UnauthorizedException,我们可以通过统一异常处理来处理该异常
@RestControllerAdvice public class UserExceptionHandler {@ExceptionHandler(UnauthorizedException.class) @ResponseStatus(HttpStatus.UNAUTHORIZED) public ServerResponseVO UnAuthorizedExceptionHandler(UnauthorizedException e) { return ServerResponseVO.error(ServerResponseEnum.UNAUTHORIZED); } }

5. 集成Shiro
5.1 UserRealm.java
/** * 负责认证用户身份和对用户进行授权 */ public class UserRealm extends AuthorizingRealm {@Autowired private UserService userService; @Autowired private RoleService roleService; @Autowired private PermissionService permissionService; // 用户授权 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { User user = (User) principalCollection.getPrimaryPrincipal(); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); List roleList = roleService.findRoleByUserId(user.getId()); Set roleSet = new HashSet<>(); List roleIds = new ArrayList<>(); for (Role role : roleList) { roleSet.add(role.getRole()); roleIds.add(role.getId()); } // 放入角色信息 authorizationInfo.setRoles(roleSet); // 放入权限信息 List permissionList = permissionService.findByRoleId(roleIds); authorizationInfo.setStringPermissions(new HashSet<>(permissionList)); return authorizationInfo; }// 用户认证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authToken; User user = userService.findByAccount(token.getUsername()); if (user == null) { return null; } return new SimpleAuthenticationInfo(user, user.getPassword(), getName()); } }

5.2 ShiroConfig.java
@Configuration public class ShiroConfig {@Bean public UserRealm userRealm() { return new UserRealm(); }@Bean public DefaultWebSecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm()); return securityManager; }/** * 路径过滤规则 * @return */ @Bean public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); shiroFilterFactoryBean.setLoginUrl("/login"); shiroFilterFactoryBean.setSuccessUrl("/"); Map map = new LinkedHashMap<>(); // 有先后顺序 map.put("/login", "anon"); // 允许匿名访问 map.put("/**", "authc"); // 进行身份认证后才能访问 shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; }/** * 开启Shiro注解模式,可以在Controller中的方法上添加注解 * @param securityManager * @return */ @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") DefaultSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; }

5.3 LoginController.java
@RestController @RequestMapping("") public class LoginController {@PostMapping("/login") public ServerResponseVO login(@RequestParam(value = "https://www.it610.com/article/account") String account, @RequestParam(value = "https://www.it610.com/article/password") String password) { Subject userSubject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(account, password); try { // 登录验证 userSubject.login(token); return ServerResponseVO.success(); } catch (UnknownAccountException e) { return ServerResponseVO.error(ServerResponseEnum.ACCOUNT_NOT_EXIST); } catch (DisabledAccountException e) { return ServerResponseVO.error(ServerResponseEnum.ACCOUNT_IS_DISABLED); } catch (IncorrectCredentialsException e) { return ServerResponseVO.error(ServerResponseEnum.INCORRECT_CREDENTIALS); } catch (Throwable e) { e.printStackTrace(); return ServerResponseVO.error(ServerResponseEnum.ERROR); } }@GetMapping("/login") public ServerResponseVO login() { return ServerResponseVO.error(ServerResponseEnum.NOT_LOGIN_IN); }@GetMapping("/auth") public String auth() { return "已成功登录"; }@GetMapping("/role") @RequiresRoles("vip") public String role() { return "测试Vip角色"; }@GetMapping("/permission") @RequiresPermissions(value = https://www.it610.com/article/{"add", "update"}, logical = Logical.AND) public String permission() { return "测试Add和Update权限"; } }

6. 测试
6.1 用root用户登录 6.1.1 登录 shiro|Spring Boot 极简集成 Shiro
文章图片
6.1.2 验证是否登录 shiro|Spring Boot 极简集成 Shiro
文章图片
6.1.3 测试角色权限 shiro|Spring Boot 极简集成 Shiro
文章图片
6.1.4 测试用户操作权限 shiro|Spring Boot 极简集成 Shiro
文章图片

7. 总结
本文演示了 Spring Boot 极简集成 Shiro 框架,实现了基础的身份认证和授权功能,如有不足,请多指教。
后续可扩展的功能点有:
1. 集成 Redis 实现 Shiro 的分布式会话
2. 集成 JWT 实现单点登录功能
链接:juejin.cn/post/6844903887871148039
热门内容:常用正则表达式最强整理(速查手册) 还在写大量 if 来判断?试试用一个规则执行器来替代它请立即卸载这款 IDEA 插件 最近面试BAT,整理一份面试资料《Java面试BAT通关手册》,覆盖了Java核心技术、JVM、Java并发、SSM、微服务、数据库、数据结构等等。获取方式:点“在看”,关注公众号并回复 666 领取,更多内容陆续奉上。

【shiro|Spring Boot 极简集成 Shiro】明天见(??ω??)??

    推荐阅读