• 引依賴

shiro-all包含shiro所有的包、shiro-core是核心包、shiro-web是與web整合、shiro-spring是與spring整合、shiro-ehcache是與EHCache整合、shiro-quartz是與任務(wù)調(diào)度quartz整合等等。

<dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.2</version> </dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.2</version> </dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-ehcache</artifactId><version>1.2.2</version> </dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.2.2</version> </dependency>

• 數(shù)據(jù)庫

SET FOREIGN_KEY_CHECKS=0;-- ---------------------------- -- Table structure for u_permission -- ---------------------------- DROP TABLE IF EXISTS `u_permission`; CREATE TABLE `u_permission` (`id` bigint(20) NOT NULL AUTO_INCREMENT,`url` varchar(256) DEFAULT NULL COMMENT 'url地址',`name` varchar(64) DEFAULT NULL COMMENT 'url描述',PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;-- ---------------------------- -- Records of u_permission -- ---------------------------- INSERT INTO `u_permission` VALUES ('1', '/user/select', '用戶查詢'); INSERT INTO `u_permission` VALUES ('2', '/admin/add', '管理員添加'); INSERT INTO `u_permission` VALUES ('3', '/admin/delete', '管理員刪除');-- ---------------------------- -- Table structure for u_role -- ---------------------------- DROP TABLE IF EXISTS `u_role`; CREATE TABLE `u_role` (`id` bigint(20) NOT NULL AUTO_INCREMENT,`name` varchar(32) DEFAULT NULL COMMENT '角色名稱',`type` varchar(10) DEFAULT NULL COMMENT '角色類型',PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;-- ---------------------------- -- Records of u_role -- ---------------------------- INSERT INTO `u_role` VALUES ('1', 'admin', '1'); INSERT INTO `u_role` VALUES ('2', 'user', '1'); INSERT INTO `u_role` VALUES ('3', 'visitor', '1');-- ---------------------------- -- Table structure for u_role_permission -- ---------------------------- DROP TABLE IF EXISTS `u_role_permission`; CREATE TABLE `u_role_permission` (`rid` bigint(20) DEFAULT NULL COMMENT '角色I(xiàn)D',`pid` bigint(20) DEFAULT NULL COMMENT '權(quán)限ID' ) ENGINE=InnoDB DEFAULT CHARSET=utf8;-- ---------------------------- -- Records of u_role_permission -- ---------------------------- INSERT INTO `u_role_permission` VALUES ('1', '3'); INSERT INTO `u_role_permission` VALUES ('1', '2'); INSERT INTO `u_role_permission` VALUES ('2', '1');-- ---------------------------- -- Table structure for u_user -- ---------------------------- DROP TABLE IF EXISTS `u_user`; CREATE TABLE `u_user` (`id` bigint(20) NOT NULL AUTO_INCREMENT,`nickname` varchar(20) DEFAULT NULL COMMENT '用戶昵稱',`email` varchar(128) DEFAULT NULL COMMENT '郵箱|登錄帳號(hào)',`pswd` varchar(32) DEFAULT NULL COMMENT '密碼',`create_time` datetime DEFAULT NULL COMMENT '創(chuàng)建時(shí)間',`last_login_time` datetime DEFAULT NULL COMMENT '最后登錄時(shí)間',`status` bigint(1) DEFAULT '1' COMMENT '1:有效，0:禁止登錄',PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;-- ---------------------------- -- Records of u_user -- ---------------------------- INSERT INTO `u_user` VALUES ('1', 'admin', null, '123456', '2017-05-10 20:22:59', null, '1'); INSERT INTO `u_user` VALUES ('2', 'user', null, '123456', null, null, '1');-- ---------------------------- -- Table structure for u_user_role -- ---------------------------- DROP TABLE IF EXISTS `u_user_role`; CREATE TABLE `u_user_role` (`uid` bigint(20) DEFAULT NULL COMMENT '用戶ID',`rid` bigint(20) DEFAULT NULL COMMENT '角色I(xiàn)D' ) ENGINE=InnoDB DEFAULT CHARSET=utf8;-- ---------------------------- -- Records of u_user_role -- ---------------------------- INSERT INTO `u_user_role` VALUES ('1', '1'); INSERT INTO `u_user_role` VALUES ('2', '2'); SET FOREIGN_KEY_CHECKS=1;

• Controller

@RestController public class AdminController {private static Logger logger = LoggerFactory.getLogger(AdminController.class);@Autowiredprivate URoleDao uRoleDao;//跳轉(zhuǎn)到登錄表單頁面@RequestMapping(value = "/login", method = RequestMethod.GET)public String login() {return "need login";}//登錄成功后，跳轉(zhuǎn)的頁面@RequestMapping("/success")public String index(Model model) {return "success";}//未登錄，可以訪問的頁面@RequestMapping("/index")public String list(Model model) {return "index";}//登陸驗(yàn)證，這里方便url測試，正式上線需要使用POST方式提交@RequestMapping(value = "/ajaxLogin", method = RequestMethod.GET)public String index(UUser user) {if (user.getNickname() != null && user.getPswd() != null) {UsernamePasswordToken token = new UsernamePasswordToken(user.getNickname(), user.getPswd(), "login");Subject currentUser = SecurityUtils.getSubject();logger.info("對(duì)用戶[" + user.getNickname() + "]進(jìn)行登錄驗(yàn)證..驗(yàn)證開始");try {currentUser.login( token );//驗(yàn)證是否登錄成功if (currentUser.isAuthenticated()) {logger.info("用戶[" + user.getNickname() + "]登錄認(rèn)證通過(這里可以進(jìn)行一些認(rèn)證通過后的一些系統(tǒng)參數(shù)初始化操作)");System.out.println("用戶[" + user.getNickname() + "]登錄認(rèn)證通過(這里可以進(jìn)行一些認(rèn)證通過后的一些系統(tǒng)參數(shù)初始化操作)");return "redirect:/";} else {token.clear();System.out.println("用戶[" + user.getNickname() + "]登錄認(rèn)證失敗,重新登陸");return "redirect:/login";}} catch ( UnknownAccountException uae ) {logger.info("對(duì)用戶[" + user.getNickname() + "]進(jìn)行登錄驗(yàn)證..驗(yàn)證失敗-username wasn't in the system");} catch ( IncorrectCredentialsException ice ) {logger.info("對(duì)用戶[" + user.getNickname() + "]進(jìn)行登錄驗(yàn)證..驗(yàn)證失敗-password didn't match");} catch ( LockedAccountException lae ) {logger.info("對(duì)用戶[" + user.getNickname() + "]進(jìn)行登錄驗(yàn)證..驗(yàn)證失敗-account is locked in the system");} catch ( AuthenticationException ae ) {logger.error(ae.getMessage());}}return "login";}/*** ajax登錄請(qǐng)求接口方式登陸* @param username* @param password* @return*/@RequestMapping(value="/ajaxLogin",method= RequestMethod.POST)@ResponseBodypublic Map<String,Object> submitLogin(@RequestParam(value = "nickname") String username, @RequestParam(value = "pswd") String password) {Map<String, Object> resultMap = new LinkedHashMap<String, Object>();try {UsernamePasswordToken token = new UsernamePasswordToken(username, password);SecurityUtils.getSubject().login(token);resultMap.put("status", 200);resultMap.put("message", "登錄成功");} catch (Exception e) {resultMap.put("status", 500);resultMap.put("message", e.getMessage());}return resultMap;}//登出@RequestMapping(value = "/logout")public String logout(){return "logout";}//錯(cuò)誤頁面展示@GetMapping("/403")public String error(){return "error ok!";}//管理員功能@RequiresRoles("admin")@RequiresPermissions("管理員添加")@RequestMapping(value = "/admin/add")public String create(){return "add success!";}//用戶功能@RequiresRoles("user")@RequiresPermissions("用戶查詢")@RequestMapping(value = "/user/select")public String detail(){return "select success"; } }

• shiro配置

shiroConfiguration.java

@Configuration public class ShiroConfiguration {/*** ShiroFilterFactoryBean 處理攔截資源文件問題。* 注意：單獨(dú)一個(gè)ShiroFilterFactoryBean配置是或報(bào)錯(cuò)的，以為在* 初始化ShiroFilterFactoryBean的時(shí)候需要注入：SecurityManager** Filter Chain定義說明 1、一個(gè)URL可以配置多個(gè)Filter，使用逗號(hào)分隔 2、當(dāng)設(shè)置多個(gè)過濾器時(shí)，全部驗(yàn)證通過，才視為通過* 3、部分過濾器可指定參數(shù)，如perms，roles**/@Bean(name = "lifecycleBeanPostProcessor")public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {return new LifecycleBeanPostProcessor();}@Bean(name = "shiroRealm")@DependsOn("lifecycleBeanPostProcessor")public ShiroRealm shiroRealm() {ShiroRealm realm = new ShiroRealm();return realm;}@Bean(name = "ehCacheManager")@DependsOn("lifecycleBeanPostProcessor")public EhCacheManager ehCacheManager(){EhCacheManager ehCacheManager = new EhCacheManager();return ehCacheManager;}@Bean(name = "securityManager")public DefaultWebSecurityManager securityManager(){DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();securityManager.setRealm(shiroRealm());securityManager.setCacheManager(ehCacheManager());//用戶授權(quán)/認(rèn)證信息Cache, 采用EhCache 緩存return securityManager;}@Bean(name = "shiroFilter")public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();shiroFilterFactoryBean.setSecurityManager(securityManager);System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");// 過濾鏈定義，從上向下順序執(zhí)行，一般將 /**放在最為下邊Map<String, String> filterChainDefinitionManager = new LinkedHashMap<String, String>();// 配置退出過濾器,其中的具體的退出代碼Shiro已經(jīng)替我們實(shí)現(xiàn)了filterChainDefinitionManager.put("/logout", "logout");// authc:所有url都必須認(rèn)證通過才可以訪問; anon:所有url都都可以匿名訪問filterChainDefinitionManager.put("/user/**", "authc,roles[user]");filterChainDefinitionManager.put("/admin/**", "authc,roles[admin]");filterChainDefinitionManager.put("/login", "anon");filterChainDefinitionManager.put("/index", "anon");filterChainDefinitionManager.put("/ajaxLogin", "anon");filterChainDefinitionManager.put("/statistic/**", "anon");filterChainDefinitionManager.put("/**", "authc,roles[user]");//其他資源全部攔截shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager);// 如果不設(shè)置默認(rèn)會(huì)自動(dòng)尋找Web工程根目錄下的"/login.jsp"頁面shiroFilterFactoryBean.setLoginUrl("/login");// 登錄成功后要跳轉(zhuǎn)的鏈接shiroFilterFactoryBean.setSuccessUrl("/success");// 未授權(quán)界面shiroFilterFactoryBean.setUnauthorizedUrl("/403");return shiroFilterFactoryBean;}@Bean@ConditionalOnMissingBeanpublic DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();daap.setProxyTargetClass(true);return daap;}@Beanpublic AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();aasa.setSecurityManager(securityManager);return aasa;}}

shiroRealm.java

public class ShiroRealm extends AuthorizingRealm {private Logger logger = LoggerFactory.getLogger(ShiroRealm.class);//一般這里都寫的是servic，這里省略直接調(diào)用dao@Autowiredprivate UUserDao uUserDao;@Autowiredprivate URoleDao uRoleDao;@Autowiredprivate UPermissionDao uPermissionDao;/*** 登錄認(rèn)證* @param authenticationToken* @return* @throws AuthenticationException*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;logger.info("驗(yàn)證當(dāng)前Subject時(shí)獲取到token為：" + token.toString());//查出是否有此用戶String username = token.getUsername();UUser hasUser = uUserDao.selectAllByName(username);if (hasUser != null) {// 若存在，將此用戶存放到登錄認(rèn)證info中，無需自己做密碼對(duì)比，Shiro會(huì)為我們進(jìn)行密碼對(duì)比校驗(yàn)List<URole> rlist = uRoleDao.findRoleByUid(hasUser.getId());//獲取用戶角色List<UPermission> plist = uPermissionDao.findPermissionByUid(hasUser.getId());//獲取用戶權(quán)限List<String> roleStrlist=new ArrayList<String>();用戶的角色集合List<String> perminsStrlist=new ArrayList<String>();//用戶的權(quán)限集合for (URole role : rlist) {roleStrlist.add(role.getName());}for (UPermission uPermission : plist) {perminsStrlist.add(uPermission.getName());}hasUser.setRoleStrlist(roleStrlist);hasUser.setPerminsStrlist(perminsStrlist);// 若存在，將此用戶存放到登錄認(rèn)證info中，無需自己做密碼對(duì)比，Shiro會(huì)為我們進(jìn)行密碼對(duì)比校驗(yàn)return new SimpleAuthenticationInfo(hasUser, hasUser.getPswd(), getName());}return null;}/*** 權(quán)限認(rèn)證* @param principalCollection* @return*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {logger.info("##################執(zhí)行Shiro權(quán)限認(rèn)證##################");UUser user = (UUser) principalCollection.getPrimaryPrincipal();if (user != null) {//權(quán)限信息對(duì)象info,用來存放查出的用戶的所有的角色（role）及權(quán)限（permission）SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();//用戶的角色集合info.addRoles(user.getRoleStrlist());//用戶的權(quán)限集合info.addStringPermissions(user.getPerminsStrlist());return info;}// 返回null的話，就會(huì)導(dǎo)致任何用戶訪問被攔截的請(qǐng)求時(shí)，都會(huì)自動(dòng)跳轉(zhuǎn)到unauthorizedUrl指定的地址return null;} }

總結(jié)

以上是生活随笔為你收集整理的springboot+mybatis整合shiro——登录认证和权限控制的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。