shiro架构(外部)
shiro架构(内部)
具体API操作
获取当前的用户对象
Subject currentUser = SecurityUtils.getSubject();
通过当前用户拿到session
Session session = currentUser.getSession();
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("Subject = >session [" + value + "]");
}
判断当前的用户是否被认证
!currentUser.isAuthenticated()
获得当前用户的认证
currentUser.getPrincipal()
获得用户是否拥有什么角色
currentUser.hasRole("schwartz")
获得当前用户的权限
currentUser.isPermitted("lightsaber:wield")
注销
currentUser.logout();
springboot集成shiro
环境搭建
导入shiro整合sping的包
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.9.0</version>
</dependency>
新建config层
java
@Configuration
public class ShiroConfig {
@Bean
//ShiroFilterFactoryBean 3
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
return shiroFilterFactoryBean;
}
@Bean(name = "defaultWebSecurityManager")
//DafaultWebSecurityManager 2 //指定方法名
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//关联realm
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
//创建realm 对象,需要自定义类 1
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}Realm配置
java
public class UserRealm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了=>doGetAuthorizationInfo");
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行了=>doGetAuthenticationInfo");
return null;
}
}shiro登录拦截
/* anon:无霹认证就可以访问
authc:必须认证了 才能让问
user:必须拥有记住我功能才能用
perms:拥有对某个资源的权限才能访间;
role:拥有某 个角色权限才能访问*/
controller层
@Controller
public class MyController {
@GetMapping({"/","index"})
public String toIndex(Model model){
model.addAttribute("msg","hello,shiro");
return "index";
}
@RequestMapping("/User/add")
public String add(){
return "User/add";
}
@RequestMapping("/User/update")
public String update(){
return "User/update";
}
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
shiroConfig类
java
@Configuration
public class ShiroConfig {
@Bean
//ShiroFilterFactoryBean 3
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
/* anon:无霹认证就可以访问
authc:必须认证了 才能让问
user:必须拥有记住我功能才能用
perms:拥有对某个资源的权限才能访间;
role:拥有某 个角色权限才能访问*/
Map<String ,String> filterMap = new LinkedHashMap<>();
filterMap.put("/User/add","authc");
filterMap.put("/User/update","authc");
//filterMap.put("/User/*","authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
//设置登录请求的页面
shiroFilterFactoryBean.setLoginUrl("/toLogin");
return shiroFilterFactoryBean;
}
@Bean(name = "defaultWebSecurityManager")
//DafaultWebSecurityManager 2 //指定方法名
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//关联realm
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
//创建realm 对象,需要自定义类 1
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}