首页 > 其他分享 >SpringBoot 集成 Shiro 简单教程

SpringBoot 集成 Shiro 简单教程

时间:2023-05-04 11:25:15浏览次数:40  
标签:教程 SpringBoot permission -- utf8 role user id Shiro

1. 前言 

Apache Shiro是一个功能强大且易于使用的Java安全框架,提供了认证,授权,加密,和会话管理。

Shiro有三大核心组件:

  • Subject: 即当前用户,在权限管理的应用程序里往往需要知道谁能够操作什么,谁拥有操作该程序的权利,shiro中则需要通过Subject来提供基础的当前用户信息,Subject 不仅仅代表某个用户,与当前应用交互的任何东西都是Subject,如网络爬虫等。所有的Subject都要绑定到SecurityManager上,与Subject的交互实际上是被转换为与SecurityManager的交互。
  • SecurityManager: 即所有Subject的管理者,这是Shiro框架的核心组件,可以把他看做是一个Shiro框架的全局管理组件,用于调度各种Shiro框架的服务。作用类似于SpringMVC中的DispatcherServlet,用于拦截所有请求并进行处理。
  • Realm: Realm是用户的信息认证器和用户的权限人证器,我们需要自己来实现Realm来自定义的管理我们自己系统内部的权限规则。SecurityManager要验证用户,需要从Realm中获取用户。可以把Realm看做是数据源。

2. 数据库设计

2.1 User(用户)

SETNAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for user
-- ----------------------------
DROPTABLEIFEXISTS`user`;
CREATETABLE`user`  (
`id`bigint(20) NOTNULL AUTO_INCREMENT,
`password`varchar(255) CHARACTERSET utf8 COLLATE utf8_general_ci NULLDEFAULTNULL,
`username`varchar(255) CHARACTERSET utf8 COLLATE utf8_general_ci NULLDEFAULTNULL,
`account`varchar(255) CHARACTERSET utf8 COLLATE utf8_general_ci NULLDEFAULTNULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = MyISAM AUTO_INCREMENT = 4CHARACTERSET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of user
-- ----------------------------
INSERTINTO`user`VALUES (1, 'root', '超级用户', 'root');
INSERTINTO`user`VALUES (2, 'user', '普通用户', 'user');
INSERTINTO`user`VALUES (3, 'vip', 'VIP用户', 'vip');

SET FOREIGN_KEY_CHECKS = 1;

2.2 Role(角色)

SETNAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for role
-- ----------------------------
DROPTABLEIFEXISTS`role`;
CREATETABLE`role`  (
`id`int(11) NOTNULL AUTO_INCREMENT,
`role`varchar(255) CHARACTERSET utf8 COLLATE utf8_general_ci NULLDEFAULTNULL,
`desc`varchar(255) CHARACTERSET utf8 COLLATE utf8_general_ci NULLDEFAULTNULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = MyISAM AUTO_INCREMENT = 4CHARACTERSET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of role
-- ----------------------------
INSERTINTO`role`VALUES (1, 'admin', '超级管理员');
INSERTINTO`role`VALUES (2, 'user', '普通用户');
INSERTINTO`role`VALUES (3, 'vip_user', 'VIP用户');

SET FOREIGN_KEY_CHECKS = 1;

2.3 Permission(权限)

SETNAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for permission
-- ----------------------------
DROPTABLEIFEXISTS`permission`;
CREATETABLE`permission`  (
`id`int(11) NOTNULL AUTO_INCREMENT,
`permission`varchar(255) CHARACTERSET utf8 COLLATE utf8_general_ci NULLDEFAULTNULLCOMMENT'权限名称',
`desc`varchar(255) CHARACTERSET utf8 COLLATE utf8_general_ci NULLDEFAULTNULLCOMMENT'权限描述',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = MyISAM AUTO_INCREMENT = 5CHARACTERSET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of permission
-- ----------------------------
INSERTINTO`permission`VALUES (1, 'add', '增加');
INSERTINTO`permission`VALUES (2, 'update', '更新');
INSERTINTO`permission`VALUES (3, 'select', '查看');
INSERTINTO`permission`VALUES (4, 'delete', '删除');

SET FOREIGN_KEY_CHECKS = 1;

2.4 User_Role(用户-角色)

SETNAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROPTABLEIFEXISTS`user_role`;
CREATETABLE`user_role`  (
`id`int(11) NOTNULL AUTO_INCREMENT,
`user_id`int(11) NULLDEFAULTNULL,
`role_id`int(11) NULLDEFAULTNULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = MyISAM AUTO_INCREMENT = 4CHARACTERSET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Fixed;

-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERTINTO`user_role`VALUES (1, 1, 1);
INSERTINTO`user_role`VALUES (2, 2, 2);
INSERTINTO`user_role`VALUES (3, 3, 3);

SET FOREIGN_KEY_CHECKS = 1;

2.5 Role_Permission(角色-权限)

SETNAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for role_permission
-- ----------------------------
DROPTABLEIFEXISTS`role_permission`;
CREATETABLE`role_permission`  (
`id`int(11) NOTNULL AUTO_INCREMENT,
`role_id`int(11) NULLDEFAULTNULL,
`permission_id`int(255) NULLDEFAULTNULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = MyISAM AUTO_INCREMENT = 9CHARACTERSET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Fixed;

-- ----------------------------
-- Records of role_permission
-- ----------------------------
INSERTINTO`role_permission`VALUES (1, 1, 1);
INSERTINTO`role_permission`VALUES (2, 1, 2);
INSERTINTO`role_permission`VALUES (3, 1, 3);
INSERTINTO`role_permission`VALUES (4, 1, 4);
INSERTINTO`role_permission`VALUES (5, 2, 3);
INSERTINTO`role_permission`VALUES (6, 3, 3);
INSERTINTO`role_permission`VALUES (7, 3, 2);
INSERTINTO`role_permission`VALUES (8, 2, 1);

SET FOREIGN_KEY_CHECKS = 1;

3. 项目结构

4. 前期准备

4.1 导入Pom

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>

<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.3.2</version>
</dependency>

<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>

4.2 application.yml

server:
port:8903
spring:
application:
name:lab-user
datasource:
driver-class-name:com.mysql.jdbc.Driver
url:jdbc:mysql://127.0.0.1:3306/laboratory?charset=utf8
username:root
password:root
mybatis:
type-aliases-package:cn.ntshare.laboratory.entity
mapper-locations:classpath:mapper/*.xml
configuration:
map-underscore-to-camel-case:true

4.3 实体类

4.3.1 User.java

@Data
@ToString
publicclass User implements Serializable {

privatestaticfinallong serialVersionUID = -6056125703075132981L;

private Integer id;

private String account;

private String password;

private String username;
}

4.3.2 Role.java

@Data
@ToString
publicclass Role implements Serializable {

privatestaticfinallong serialVersionUID = -1767327914553823741L;

private Integer id;

private String role;

private String desc;
}

4.4 Dao层

4.4.1 PermissionMapper.java

@Mapper
@Repository
publicinterface PermissionMapper {

List<String> findByRoleId(@Param("roleIds") List<Integer> roleIds);
}

4.4.2 PermissionMapper.xml

<mapper namespace="cn.ntshare.laboratory.dao.PermissionMapper">
<sql id="base_column_list">
        id, permission, desc
</sql>

<select id="findByRoleId" parameterType="List" resultType="String">
        select permission
        from permission, role_permission rp
        where rp.permission_id = permission.id and rp.role_id in
<foreach collection="roleIds" item="id" open="(" close=")" separator=",">
            #{id}
</foreach>
</select>
</mapper>

4.4.3 RoleMapper.java

@Mapper
@Repository
publicinterface RoleMapper {

List<Role> findRoleByUserId(@Param("userId") Integer userId);
}

4.4.4 RoleMapper.xml

<mapper namespace="cn.ntshare.laboratory.dao.RoleMapper">
<sql id="base_column_list">
        id, user_id, role_id
</sql>

<select id="findRoleByUserId" parameterType="Integer" resultType="Role">
        select role.id, role
        from role, user, user_role ur
        where role.id = ur.role_id and ur.user_id = user.id and user.id = #{userId}
</select>
</mapper>

4.4.5 UserMapper.java

@Mapper
@Repository
publicinterface UserMapper {
User findByAccount(@Param("account") String account);
}

4.4.6 UserMapper.xml

<mapper namespace="cn.ntshare.laboratory.dao.UserMapper">

<sql id="base_column_list">
        id, account, password, username
</sql>

<select id="findByAccount" parameterType="Map" resultType="User">
        select
<include refid="base_column_list"/>
        from user
        where account = #{account}
</select>
</mapper>

4.5 Service层

4.5.1 PermissionServiceImpl.java

@Service
publicclass PermissionServiceImpl implements PermissionService {

@Autowired
private PermissionMapper permissionMapper;

@Override
public List<String> findByRoleId(List<Integer> roleIds) {
return permissionMapper.findByRoleId(roleIds);
    }
}

4.5.2 RoleServiceImpl.java

@Service
publicclass RoleServiceImpl implements RoleService {

@Autowired
private RoleMapper roleMapper;

@Override
public List<Role> findRoleByUserId(Integer id) {
return roleMapper.findRoleByUserId(id);
    }
}

4.5.3 UserServiceImpl.java

@Service
publicclass UserServiceImpl implements UserService {

@Autowired
private UserMapper userMapper;

@Override
public User findByAccount(String account) {
return userMapper.findByAccount(account);
    }
}

4.6. 系统返回状态枚举与包装函数

4.6.1 ServerResponseEnum.java

@AllArgsConstructor
@Getter
publicenum ServerResponseEnum {
    SUCCESS(0, "成功"),
    ERROR(10, "失败"),

    ACCOUNT_NOT_EXIST(11, "账号不存在"),
    DUPLICATE_ACCOUNT(12, "账号重复"),
    ACCOUNT_IS_DISABLED(13, "账号被禁用"),
    INCORRECT_CREDENTIALS(14, "账号或密码错误"),
    NOT_LOGIN_IN(15, "账号未登录"),
    UNAUTHORIZED(16, "没有权限")
    ;
    Integer code;
    String message;
}

4.6.2 ServerResponseVO.java

@Getter
@Setter
@NoArgsConstructor
publicclass ServerResponseVO<T> implements Serializable {
privatestaticfinallong serialVersionUID = -1005863670741860901L;
// 响应码
private Integer code;

// 描述信息
private String message;

// 响应内容
private T data;

private ServerResponseVO(ServerResponseEnum responseCode) {
this.code = responseCode.getCode();
this.message = responseCode.getMessage();
    }

private ServerResponseVO(ServerResponseEnum responseCode, T data) {
this.code = responseCode.getCode();
this.message = responseCode.getMessage();
this.data = data;
    }

private ServerResponseVO(Integer code, String message) {
this.code = code;
this.message = message;
    }

/**
     * 返回成功信息
     * @param data      信息内容
     * @param <T>
     * @return
     */
public static<T> ServerResponseVO success(T data) {
returnnew ServerResponseVO<>(ServerResponseEnum.SUCCESS, data);
    }

/**
     * 返回成功信息
     * @return
     */
public static ServerResponseVO success() {
returnnew ServerResponseVO(ServerResponseEnum.SUCCESS);
    }

/**
     * 返回错误信息
     * @param responseCode      响应码
     * @return
     */
public static ServerResponseVO error(ServerResponseEnum responseCode) {
returnnew ServerResponseVO(responseCode);
    }
}

4.7 统一异常处理

当用户身份认证失败时,会抛出UnauthorizedException,我们可以通过统一异常处理来处理该异常

@RestControllerAdvice
publicclass UserExceptionHandler {

@ExceptionHandler(UnauthorizedException.class)
    @ResponseStatus(HttpStatus.UNAUTHORIZED)
public ServerResponseVO UnAuthorizedExceptionHandler(UnauthorizedException e) {
return ServerResponseVO.error(ServerResponseEnum.UNAUTHORIZED);
    }
}

5. 集成Shiro

5.1 UserRealm.java

/**
 * 负责认证用户身份和对用户进行授权
 */
publicclass UserRealm extends AuthorizingRealm {

@Autowired
private UserService userService;

@Autowired
private RoleService roleService;

@Autowired
private PermissionService permissionService;

// 用户授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        User user = (User) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        List<Role> roleList = roleService.findRoleByUserId(user.getId());
        Set<String> roleSet = new HashSet<>();
        List<Integer> roleIds = new ArrayList<>();
for (Role role : roleList) {
            roleSet.add(role.getRole());
            roleIds.add(role.getId());
        }
// 放入角色信息
        authorizationInfo.setRoles(roleSet);
// 放入权限信息
        List<String> permissionList = permissionService.findByRoleId(roleIds);
        authorizationInfo.setStringPermissions(new HashSet<>(permissionList));

return authorizationInfo;
    }

// 用户认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authToken;
        User user = userService.findByAccount(token.getUsername());
if (user == null) {
returnnull;
        }
returnnew SimpleAuthenticationInfo(user, user.getPassword(), getName());
    }
}

5.2 ShiroConfig.java

@Configuration
publicclass ShiroConfig {

@Bean
public UserRealm userRealm() {
returnnew UserRealm();
    }

@Bean
public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm());
return securityManager;
    }

/**
     * 路径过滤规则
     * @return
     */
@Bean
public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        shiroFilterFactoryBean.setLoginUrl("/login");
        shiroFilterFactoryBean.setSuccessUrl("/");
        Map<String, String> map = new LinkedHashMap<>();
// 有先后顺序
        map.put("/login", "anon");      // 允许匿名访问
        map.put("/**", "authc");        // 进行身份认证后才能访问
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
    }

/**
     * 开启Shiro注解模式,可以在Controller中的方法上添加注解
     * @param securityManager
     * @return
     */
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") DefaultSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
    }

5.3 LoginController.java

@RestController
@RequestMapping("")
publicclass LoginController {

@PostMapping("/login")
public ServerResponseVO login(@RequestParam(value = "account") String account,
                                  @RequestParam(value = "password") String password) {
        Subject userSubject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(account, password);
try {
// 登录验证
            userSubject.login(token);
return ServerResponseVO.success();
        } catch (UnknownAccountException e) {
return ServerResponseVO.error(ServerResponseEnum.ACCOUNT_NOT_EXIST);
        } catch (DisabledAccountException e) {
return ServerResponseVO.error(ServerResponseEnum.ACCOUNT_IS_DISABLED);
        } catch (IncorrectCredentialsException e) {
return ServerResponseVO.error(ServerResponseEnum.INCORRECT_CREDENTIALS);
        } catch (Throwable e) {
            e.printStackTrace();
return ServerResponseVO.error(ServerResponseEnum.ERROR);
        }
    }

@GetMapping("/login")
public ServerResponseVO login() {
return ServerResponseVO.error(ServerResponseEnum.NOT_LOGIN_IN);
    }

@GetMapping("/auth")
public String auth() {
return"已成功登录";
    }

@GetMapping("/role")
@RequiresRoles("vip")
public String role() {
return"测试Vip角色";
    }

@GetMapping("/permission")
@RequiresPermissions(value = {"add", "update"}, logical = Logical.AND)
public String permission() {
return"测试Add和Update权限";
    }
}

6. 测试

 

 

6.1 用root用户登录

 

 

6.1.1 登录

6.1.2 验证是否登录

6.1.3 测试角色权限

6.1.4 测试用户操作权限

6.2 user用户和vip用户测试略

7. 总结

本文演示了SpringBoot极简集成Shiro框架,实现了基础的身份认证和授权功能

 

 

 

转: https://baijiahao.baidu.com/s?id=1712844010119534899

 

标签:教程,SpringBoot,permission,--,utf8,role,user,id,Shiro
From: https://www.cnblogs.com/fps2tao/p/17370541.html

相关文章

  • SpringBoot项目部署在外置Tomcat正常启动,但项目没有被加载的问题
    最近打算部署个SpringBoot项目到外置Tomcat运行,但是发现tomcat启动成功,访问却一直404,刚开始以为是Tomcat的问题,就一直在改Tomcat配置。最后发现tomcat启动时根本就没加载到项目,因为控制台没有打印"SpringBoot"的项目标志经过一番百度查找,最后发现是因为项目启动类没有继承Spring......
  • 在Alibaba Cloud Linux操作系统上安装Redis教程
    AlibabaCloudLinux2内置Redis6.0.5和Redis3.2.12的yum源,执行sudoyuminstall命令即可部署Redis6.0.5和Redis3.2.12。本文阿里云百科以阿里云持久内存服务器ECS为例,使用AlibabaCloudLinux2.1903LTS64位操作系统,安装Redis6.0.5或Redis3.2.12详细流程如下:AlibabaCloud......
  • Flask-Avatars插件教程
    原文链接:https://flask-avatars.readthedocs.io/en/latest/我们经常在一些网站上看到,在用户没有自定义头像的情况下,会给每个用户都生成一个头像,这让网站显得更美观,那这个是怎么实现的呢?在Flask中有一个插件,叫做Flask-avatars,专门提供头像解决方案。里面集成了各种头像解决方案......
  • Flask-Caching教程
    原文链接:https://flask-caching.readthedocs.io/en/latest/Flask-Caching是一个Flask扩展,增加了各种后端任何Flask应用程序缓存的支持。除了通过统一的API为所有werkzeug的原始缓存后端提供支持外 ,还可以通过对类进行子flask_caching.backends.base.BaseCache类化来开发自己......
  • Flask中使用Celery教程
    不管是使用什么编程语言,使用什么框架。在服务器上执行耗时操作,比如网络请求、视频转码、图片处理等。如果想实现快速响应客户端的需求,则必须使用任务队列。任务队列是一个单独的程序,和网站没有直接关系,任务队列提供了接口,能在网站中通过代码操作任务队列,比如:添加任务,查看任务结......
  • 记录一件很神奇的类型转换问题(springboot项目+echarts)
    今天博主在应付学校的实验,想要使用echarts绘制一张很简单的条形图(博主是初学者),如下(时间还未作排序) 对于横轴,我封装了一个dateList,这个datelist是用java,将数据库中date类型的数据,提取其年月拼装而成的,代码如下:Stringdate=String.valueOf(art.getArticleCreateTime().getYea......
  • java基于springboot+vue非前后端分离的网上商城购物系统、在线商城管理系统,附源码+数
    1、项目介绍java基于springboot+vue非前后端分离的网上商城购物系统、在线商城管理系统,实现管理员:首页、个人中心、用户管理、商品分类管理、商品信息管理、订单评价管理、系统管理、订单管理,用户;首页、个人中心、订单评价管理、我的收藏管理、订单管理,前台首页;首页、商品信息、......
  • 魔兽服务端编译部署NPCBots和机器人模块教程
    魔兽服务端编译部署NPCBots和机器人模块教程大家好,我是艾西。在平时自己一个人玩魔兽的时候是不是会比较无聊,因为游戏机制或副本难度自己一个人无法进行快乐的玩耍。今天艾西教大家编译部署NPCBots和Al机器人模块,直接一个人玩魔兽也不孤单首先到GIT去下载ai机器人以及bots模块解压......
  • 魔兽世界服务端自定义添加NPC教程
    魔兽世界自定义NPC教程大家好,我是艾西今天跟大家聊一下自定义NPC,自定义NPC可以添加自己想要售卖的物品以及定价等可以更好的将一个游戏设定以及游戏的拓展性有质的提升creature表是游戏所有生物人物等表格Creature_template是所有生物模板,根据生物模板可以创建很多的生物。我们在某......
  • Vue2入门之超详细教程八-计算属性
    1、简介计算属性:1.定义:要用的属性不存在,要通过已有的属性计算得来2.原理:底层借助Object.defineproperty方法提供的getter和setter3.Get函数什么时候执行?(1) 初次读取时会执行一次(2) 当依赖的数据发生改变时会被再次......