首先看下shiro configuration 的配置,重要部分用红色标出了

package cn.xiaojf.today.shiro.configuration;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;

import cn.xiaojf.today.sys.security.credentials.RetryLimitHashedCredentialsMatcher;

import cn.xiaojf.today.sys.security.filter.MyLogoutFilter;

import cn.xiaojf.today.sys.security.filter.RoleAuthorizationFilter;

import cn.xiaojf.today.sys.security.realm.UsernameRealm;

import cn.xiaojf.today.sys.service.SysResService;

import org.apache.shiro.spring.LifecycleBeanPostProcessor;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;

import org.springframework.boot.web.servlet.FilterRegistrationBean;

import org.springframework.context.ApplicationContext;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.web.filter.DelegatingFilterProxy;

import javax.servlet.Filter;

import java.util.LinkedHashMap;

import java.util.Map;

/**

 * shiro配置

 * @author xiaojf 2017/2/10 11:30.

 */

@Configuration

public class ShiroConfiguration {

    @Bean

    public FilterRegistrationBean filterRegistrationBean() {

        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();

        filterRegistrationBean.setFilter(new DelegatingFilterProxy("shiroFilter"));

        filterRegistrationBean.addInitParameter("targetFilterLifecycle", "true");

        filterRegistrationBean.setEnabled(true);

        filterRegistrationBean.addUrlPatterns("/*");

        return filterRegistrationBean;

    }

    @Bean

    public RetryLimitHashedCredentialsMatcher credentialsMatcher() {

        RetryLimitHashedCredentialsMatcher credentialsMatcher = new RetryLimitHashedCredentialsMatcher();

        credentialsMatcher.setHashAlgorithmName("sha");

        credentialsMatcher.setHashIterations(2);

        credentialsMatcher.setStoredCredentialsHexEncoded(true);

        credentialsMatcher.setRetryCount(5);

        credentialsMatcher.setRetryTime(1800000);

        return credentialsMatcher;

    }

    @Bean

    public UsernameRealm usernameRealm(RetryLimitHashedCredentialsMatcher credentialsMatcher) {

        UsernameRealm usernameRealm = new UsernameRealm();

        usernameRealm.setCredentialsMatcher(credentialsMatcher);

        usernameRealm.setCachingEnabled(true);

        return  usernameRealm;

    }

    @Bean

    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {

        return new LifecycleBeanPostProcessor();

    }

    @Bean

    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {

        DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();

        daap.setProxyTargetClass(true);

        return daap;

    }

    @Bean

    public DefaultWebSecurityManager securityManager(UsernameRealm usernameRealm) {

        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();

        dwsm.setRealm(usernameRealm);

        return dwsm;

    }

    @Bean

    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager) {

        AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();

        aasa.setSecurityManager(defaultWebSecurityManager);

        return aasa;

    }

    @Bean

    public MyLogoutFilter logoutFilter() {

        MyLogoutFilter myLogoutFilter = new MyLogoutFilter();

        myLogoutFilter.setRedirectUrl("/login/index");

        return myLogoutFilter;

    }

    @Bean(name = "shiroFilter")

    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager,

                                                         MyLogoutFilter logoutFilter, ApplicationContext context) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager);

        shiroFilterFactoryBean.setLoginUrl("/login/index");

        shiroFilterFactoryBean.setUnauthorizedUrl("/login/index");

        Map<String, Filter> filters = new LinkedHashMap<>();

//        filters.put("logout", logoutFilter);

        filters.put("role", new RoleAuthorizationFilter());

        shiroFilterFactoryBean.getFilters().putAll(filters);//加载自定义拦截器

        SysResService resService = context.getBean(SysResService.class);//只有通过这种方式才能获得resService,因为此处会优先于resService实例化

        loadShiroFilterChain(shiroFilterFactoryBean,resService);//加载拦截规则

        return shiroFilterFactoryBean;

    }

    private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean,SysResService resService) {

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
     //默认拦截规则

        filterChainDefinitionMap.put("/login/index", "anon");

        filterChainDefinitionMap.put("/error/403", "anon");

        filterChainDefinitionMap.put("/error/404", "anon");

        filterChainDefinitionMap.put("/error/500", "anon");

        filterChainDefinitionMap.put("/login/auth", "anon");

        filterChainDefinitionMap.put("/logout", "logout");

        filterChainDefinitionMap.put("/plugins/**", "anon");

        filterChainDefinitionMap.put("/css/**", "anon");

        filterChainDefinitionMap.put("/js/**", "anon");

        filterChainDefinitionMap.put("/images/**", "anon");

     //用户自定义拦截规则

        filterChainDefinitionMap = resService.loadFilterChainDefinitions(filterChainDefinitionMap);

     //都不满足的时候,需要超级管理员权限才能访问

        filterChainDefinitionMap.put("/**", "role[ROLE_SUPER]");

    

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

    }

    @Bean

    public ShiroDialect shiroDialect() {//thymeleaf 集成shiro使用,如果没有可以删除

        return new ShiroDialect();

    }

}

自定义realm,用于认证和授权

package cn.xiaojf.today.sys.security.realm;

import cn.xiaojf.today.base.constant.DataStatus;

import cn.xiaojf.today.base.constant.SystemConstant;

import cn.xiaojf.today.sys.entity.SysUser;

import cn.xiaojf.today.sys.service.SysUserService;

import org.apache.shiro.authc.*;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.util.ByteSource;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Lazy;

import java.util.Set;

/**

 * 根据用户名和密码校验登陆

 *

 * @author xiaojf 2016-01-07 16:05:55

 */

public class UsernameRealm extends AuthorizingRealm {

    /**

     * 系统用户service

     */

    @Autowired

    @Lazy

    private SysUserService sysUserService;

    /**

     * 加载用户授权信息, 包括权限资源和角色\用户组资源

     *

     * @author xiaojf 2016-01-07 16:05:55

     */

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        // 登陆名

        String username = (String) principals.getPrimaryPrincipal();

        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

        Set<String> roles = sysUserService.loadEnabledRolesByUsername(username);

        if (roles.contains(SystemConstant.ROLE_SUPER)) {

            authorizationInfo.addStringPermission("*");

        }else {

            // 加载权限资源

            authorizationInfo.setStringPermissions(sysUserService.loadEnabledPermissionsByUsername(username));

        }

        // 加载角色/用户组

        authorizationInfo.setRoles(roles);

        return authorizationInfo;

    }

    /**

     * 加载用户身份认证信息

     *

     * @author xiaojf 2016-01-07 16:05:55

     */

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        String username = (String) token.getPrincipal();

        // 获取账号信息

        SysUser sysUser = sysUserService.getByUsername(username);

        if (sysUser == null) {

            throw new UnknownAccountException();    // 没找到帐号

        }

        if (sysUser.getStatus() == DataStatus.LOGIC_DELETE.getValue()) {

            throw new UnknownAccountException();    // 没找到帐号

        }

        if (sysUser.getStatus() == DataStatus.DISABLE.getValue()) {

            throw new LockedAccountException();    // 帐号锁定

        }

        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(sysUser.getUsername(),

                sysUser.getPwd(), ByteSource.Util.bytes(sysUser.getSalt()),

                getName());

        return authenticationInfo;

    }

}

自定义登出过滤器

package cn.xiaojf.today.sys.security.filter;

import org.apache.shiro.web.filter.authc.LogoutFilter;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import java.util.Date;

/**

 * 自定义退出过滤器

 * @author xiaojf 294825811@qq.com

 *

 * 2015-3-20

 */

public class MyLogoutFilter extends LogoutFilter {

    @Override

    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {

        return true;

    }

}

自定义权限校验过滤器

package cn.xiaojf.today.sys.security.filter;

import com.alibaba.fastjson.JSON;

import cn.xiaojf.today.base.model.CommonResult;

import org.apache.shiro.subject.Subject;

import org.apache.shiro.util.CollectionUtils;

import org.apache.shiro.util.StringUtils;

import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.PrintWriter;

import java.util.Set;

/**

 * 自定义认证器,区分ajax请求

 * @author xiaojf 2017/2/10 11:30.

 */

public class RoleAuthorizationFilter extends AuthorizationFilter {

    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)

            throws IOException {

        Subject subject = getSubject(request, response);

        String[] rolesArray = (String[]) mappedValue;

        if (rolesArray == null || rolesArray.length == 0) {

            // no roles specified, so nothing to check - allow access.

            return true;

        }

        Set<String> roles = CollectionUtils.asSet(rolesArray);

        for (String role : roles) {

            if (subject.hasRole(role)) {

                return true;

            }

        }

        return false;

    }

    @Override

    protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;

        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        Subject subject = getSubject(request, response);

        if (subject.getPrincipal() == null) {

            if ("XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("X-Requested-With"))) {

                httpServletResponse.setCharacterEncoding("UTF-8");

                httpServletResponse.setHeader("Charset","UTF-8");

                PrintWriter out = httpServletResponse.getWriter();

                CommonResult result = new CommonResult(false);

                result.setCode("401");

                result.setMsg("请重新登录");

                out.write(JSON.toJSONString(result));

                out.flush();

                out.close();

            } else {

//                saveRequestAndRedirectToLogin(request, response);

                String unauthorizedUrl = getUnauthorizedUrl();

                WebUtils.issueRedirect(request, response, unauthorizedUrl);

            }

        } else {

            if ("XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("X-Requested-With"))) {

                httpServletResponse.setCharacterEncoding("UTF-8");

                httpServletResponse.setHeader("Charset","UTF-8");

                PrintWriter out = httpServletResponse.getWriter();

                CommonResult result = new CommonResult(false);

                result.setCode("403");

                result.setMsg("没有足够的权限: "+((HttpServletRequest) request).getServletPath());

                out.println(JSON.toJSONString(result));

                out.flush();

                out.close();

            } else {

                String unauthorizedUrl = getUnauthorizedUrl();

                if (StringUtils.hasText(unauthorizedUrl)) {

                    WebUtils.issueRedirect(request, response, unauthorizedUrl);

                } else {

                    WebUtils.toHttp(response).sendError(403);

                }

            }

        }

        return false;

    }

}

springboot 集成shiro的更多相关文章

  1. SpringBoot集成Shiro并用MongoDB做Session存储

    之前项目鉴权一直使用的Shiro,那是在Spring MVC里面使用的比较多,而且都是用XML来配置,用Shiro来做权限控制相对比较简单而且成熟,而且我一直都把Shiro的session放在mong ...

  2. springboot集成shiro实现权限认证

    github:https://github.com/peterowang/shiro 基于上一篇:springboot集成shiro实现身份认证 1.加入UserController package ...

  3. SpringBoot集成Shiro 实现动态加载权限

    一.前言 本文小编将基于 SpringBoot 集成 Shiro 实现动态uri权限,由前端vue在页面配置uri,Java后端动态刷新权限,不用重启项目,以及在页面分配给用户 角色 . 按钮 .ur ...

  4. SpringBoot学习笔记(五):SpringBoot集成lombok工具、SpringBoot集成Shiro安全框架

    SpringBoot集成lombok工具 什么是lombok? 自动生成setget方法,构造函数,打印日志 官网:http://projectlombok.org/features/index. 平 ...

  5. SpringBoot集成Shiro安全框架

    跟着我的步骤:先运行起来再说 Spring集成Shiro的GitHub:https://github.com/yueshutong/shiro-imooc 一:导包 <!-- Shiro安全框架 ...

  6. springboot集成shiro 实现权限控制(转)

    shiro apache shiro 是一个轻量级的身份验证与授权框架,与spring security 相比较,简单易用,灵活性高,springboot本身是提供了对security的支持,毕竟是自 ...

  7. 【Shiro】SpringBoot集成Shiro

    项目版本: springboot2.x shiro:1.3.2 Maven配置: <dependency> <groupId>org.apache.shiro</grou ...

  8. SpringBoot集成Shiro实现权限控制

    Shiro简介 Apache Shiro是一个功能强大且易于使用的Java安全框架,用于执行身份验证,授权,加密和会话管理.使用Shiro易于理解的API,您可以快速轻松地保护任何应用程序-从最小的移 ...

  9. springboot集成shiro——使用RequiresPermissions注解无效

    在Springboot环境中继承Shiro时,使用注解@RequiresPermissions时无效 @RequestMapping("add") @RequiresPermiss ...

随机推荐

  1. 这个demo是为解决IQKeyboardManager和Masonry同时使用时,导航栏上移和make.right失效的问题

    原文链接在我的个人博客主页 (一).引言: 在 IQKeyboardManager 和 Masonry 同时使用时,导航栏上移和make.right失效等问题多多. 其实我们完美的效果应该是这样的:* ...

  2. Python多层目录模块调用

    一. 引用模块在 父+级目录中: 1. 将导入模块所在目录(../model/模块)添加到系统环境变量path下,可添加多个 import syssys.path.append("../mo ...

  3. 初探CSRF在ASP.NET Core中的处理方式

    前言 前几天,有个朋友问我关于AntiForgeryToken问题,由于对这一块的理解也并不深入,所以就去研究了一番,梳理了一下. 在梳理之前,还需要简单了解一下背景知识. AntiForgeryTo ...

  4. ReentrantLock 以及 AQS 实现原理

    什么是可重入锁?       ReentrantLock是可重入锁,什么是可重入锁呢?可重入锁就是当前持有该锁的线程能够多次获取该锁,无需等待.可重入锁是如何实现的呢?这要从ReentrantLock ...

  5. angular ng-bind

    <body ng-app=""> <div ng-controller="firstController"> <input typ ...

  6. jasmine 初探(一)

    前言 <敏捷软件开发>这本书由享誉全球的软件开发专家和软件大师Robert C.Martin所著中提到两个开发方式: TDD(Test Driven Development)测试驱动开发 ...

  7. Android 代码库(自定义一套 Dialog通用提示框 )

          做Android开发五年了,期间做做停停(去做后台开发,服务器管理),当回来做Android的时候,发现很生疏,好些控件以前写得很顺手,现在好像忘记些什么了,总要打开这个项目,打开那个项目 ...

  8. 解决Javascript大数据列表引起的网页加载慢/卡死问题。

    在一些网页应用中,有时会碰到一个超级巨大的列表,成千上万行,这时大部份浏览器解析起来就非常痛苦了(有可能直接卡死). 也许你们会说可以分页或动态加载啊?但是有可能需求不允许分页,动态加载?网络的延迟也 ...

  9. php生成二维码的几种方式整理及使用实例

    hp生成二维码的方式:1.google开放api:2.php类库PHP QR Code:3.libqrencode:4.QRcode Perl CGI & PHP scripts感兴趣的朋友可 ...

  10. spring、spring mvc、mybatis框架整合基本知识

    学习了一个多月的框架知识了,这两天很想将它整合一下.网上看了很多整合案例,基本都是基于Eclipse的,但现在外面公司基本都在用Intellij IDEA了,所以结合所学知识,自己做了个总结,有不足之 ...