Shiro:自定义Realm实现权限管理方式

Shiro权限管理

1、权限管理

权限管理：不同角色的用户进入到系统能够完成的操作是不同的，对不同角色的用户进行的可执行操作的管理称为权限管理。

2、如何实现权限管理

基于主页的权限管理：不同的用户使用不同的主页，权限通过主页功能菜单进行限制

基于用户权限的访问控制：统权限表、用户权限表、用户表，比较冗余

基于用户角色的访问控制（RBAC）：系统权限表、用户权限表、用户表、角色表、用户角色表

 

1、基于JavaSe的Shiro的基本使用

1、导入shiro依赖

<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-core</artifactId>
  <version>1.5.1</version>
</dependency>

但是出现了一点问题：就是引入这个依赖后pom文件就会报错，可以在pom文件中加入加入阿里云的代理仓库：

<repositories><!-- 阿里云代码库 -->
  <repository>
      <id>maven-ali</id>
      <url>http://maven.aliyun.com/nexus/content/repositories/central</url>
      <releases>
          <enabled>true</enabled>
      </releases>
      <snapshots>
          <enabled>true</enabled>
          <updatePolicy>always</updatePolicy>
          <checksumPolicy>fail</checksumPolicy>
      </snapshots>
  </repository>
</repositories>

2、创建shiro配置文件：shiro.ini

[users]
zhangsan=123456,seller
lisi=666666,ckmgr
admin=222222,admin
[roles]
admin=*
seller=order-add,order-del,order-list
ckmgr=ck-add,ck-del,ck-list

3、shiro的基本使用

public class TestShiro {
  public static void main(String[] args) {
      Scanner sc = new Scanner(System.in);
      System.out.println("请输入用户名：");
      String username = sc.nextLine();
      System.out.println("请输入密码:");
      String password = sc.nextLine();
      //创建安全管理器
      DefaultSecurityManager securityManager = new DefaultSecurityManager();
      //创建realm
      IniRealm realm = new IniRealm("classpath:shiro.ini");
      //将realm设置给安全管理器
      securityManager.setRealm(realm);
      //将realm设置给SecurityUtils工具
      SecurityUtils.setSecurityManager(securityManager);
      //通过SecurityUtils获取subject对象
      Subject subject = SecurityUtils.getSubject();
      //认证流程
      UsernamePasswordToken token = new UsernamePasswordToken(username, password);
      System.out.println(subject.isAuthenticated());//false
      //完成认证
      subject.login(token);
      System.out.println(subject.isAuthenticated());//true
      //授权
      //判断是否有某个角色
      subject.hasRole("seller");//true
      //判断是否有某个权限
      boolean permitted = subject.isPermitted("oredr-del");
      System.out.println(permitted);//true
  }
}

4、shiro认证授权流程

(1) 通过subject.login(token)进行登录，就会将token包含的用户信息（账号和密码）传递给SecurityManager

(2) SecurityManager会调用Authentication进行认证

(3) Authentication就会根据Realm安全信息进行认证校验

(4) Realm根据得到的token，调用doGetAuthenticationInfo()方法进行认证

(5) 认证完成后一层层返回到subject

 

2、SpringBoot整合shiro

• 1、导入shiro依赖：
• 2、配置shiro过滤器：拦截进行认证和授权的用户
• 3、配置SecurityManager到Spring容器
• 4、配置Realm（SecurityManager需要Realm）

1. 导入依赖

<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-spring</artifactId>
  <version>1.4.1</version>
</dependency>

2. 配置shiro过滤器

/**
* Shiro的配置类
*/
@Configuration
public class ShiroConfig {
  //将Realm交给Spring容器创建
  @Bean
  public IniRealm getRealm() {
      IniRealm iniRealm = new IniRealm("classpath:shiro.ini");
      return iniRealm;
  }
  //将DefaultSecurityManager交给Spring容器来创建和管理
  @Bean
  public DefaultSecurityManager getDefaultSecurityManager(IniRealm iniRealm) {
      //SecurityManager要完成认证和校验需要Realm
      DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
      securityManager.setRealm(iniRealm);
      return securityManager;
  }
  //配置shiro的过滤器
  @Bean
  public ShiroFilterFactoryBean shiroFilter(DefaultSecurityManager securityManager) {
      //过滤器工厂
      ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
      //过滤器是进行权限校验的核心，进行认证和授权需要SecurityManager
      filter.setSecurityManager(securityManager);
      //设置拦截规则
      //anon:匿名用户可以访问，authc:授权用户可以访问
      Map<String, String> filterMap = new HashMap<>();
      filterMap.put("/","anon");              //项目个根路径不拦截
      filterMap.put("/login.html","anon");    //登录页面不拦截
      filterMap.put("/register.html","anon"); //注册页面不拦截
      filterMap.put("/user/login","anon");    //登录不拦截
      filterMap.put("/user/regist","anon");   //注册不拦截
      filterMap.put("/static/**","anon");     //静态页面不拦截
      filterMap.put("/**","authc");           //除了上面的请求路径，其他路径都要拦截
      filter.setFilterChainDefinitionMap(filterMap);
      //设置默认的登录页面
      filter.setLoginUrl("/login.html");
      //设置未授权访问的页面路径（一个页面如果未授权让其跳转到登录页面）
      filter.setUnauthorizedUrl("/login.html");
      return filter;
  }
}

3. 进行认证测试

1、UserService：

@Service
public class UserService {
  public void check(String username,String password){
      Subject subject = SecurityUtils.getSubject();
      UsernamePasswordToken token = new UsernamePasswordToken(username,password);
      subject.login(token);
  }
}

2、UserController：

@Controller
@RequestMapping("/user")
public class UserController {
  @Autowired
  private UserService userService;
  @RequestMapping("/login")
  public String login(String username,String password){
      try {
          userService.check(username,password);
          System.out.println("登录成功");
          return "index";
      } catch (Exception e) {
          System.out.println("登录失败");
          return "login";
      }
  }
}

3、login.html登录页面：

<form action="user/login">
<p>用户名：<input type="text" name="username"/></p>
<p>密码：<input type="text" name="password"/></p>
<p><input type="submit" value="登录"/></p>
</form>

4、shiro.ini配置文件：

[users]
zhangsan=123456

5、认证成功：跳到index首页

6、认证失败，跳到登录页面

 

3、JdbcRealm实现权限管理

1. JdbcRealm表结构

这些表名和表结构都是固定的不能更改：

用户信息表：users

create table users(
  id int primary key auto_increment,
  username varchar(60) not null unique,
  password varchar(20) not null,
  password_salt varchar(20)
)
insert into users(username,password) values("zhangsan","123456");
insert into users(username,password) values("lisi","123456");
insert into users(username,password) values("wangwu","123456");
insert into users(username,password) values("zhaoliu","123456");
insert into users(username,password) values("chenqi","123456");

角色信息表：user_roles

create table user_roles(
  id int primary key auto_increment,
  username varchar(60) not null,
  role_name varchar(100) not null
)
insert into user_roles(username,role_name) values("zhangsan","admin");
insert into user_roles(username,role_name) values("lisi","cmanager"); -- 库管人员
insert into user_roles(username,role_name) values("wangwu","xmanager");-- 销售人员
insert into user_roles(username,role_name) values("zhaoliu","kmanager");-- 客服人员
insert into user_roles(username,role_name) values("chenqi","zmanager"); -- 行政人员

权限信息表：roles_permissions

create table roles_permissions(
  id int primary key auto_increment,
  role_name varchar(60) not null,
  permission varchar(100) not null
)
-- 管理员具备所有权限
insert into roles_permissions(role_name,permission) values("admin","*");
-- 库管人员
insert into roles_permissions(role_name,permission) values("cmanager","sys:c:save");
insert into roles_permissions(role_name,permission) values("cmanager","sys:c:delete");
insert into roles_permissions(role_name,permission) values("cmanager","sys:c:find");
insert into roles_permissions(role_name,permission) values("cmanager","sys:c:update");
-- 销售人员
insert into roles_permissions(role_name,permission) values("xmanager","sys:c:save");
insert into roles_permissions(role_name,permission) values("xmanager","sys:x:find");
insert into roles_permissions(role_name,permission) values("xmanager","sys:x:delete");
insert into roles_permissions(role_name,permission) values("xmanager","sys:x:update");
insert into roles_permissions(role_name,permission) values("xmanager","sys:k:save");
insert into roles_permissions(role_name,permission) values("xmanager","sys:k:find");
insert into roles_permissions(role_name,permission) values("xmanager","sys:k:delete");
insert into roles_permissions(role_name,permission) values("xmanager","sys:k:update");
-- 客服人员
insert into roles_permissions(role_name,permission) values("kmanager","sys:k:find");
insert into roles_permissions(role_name,permission) values("kmanager","sys:k:update");
-- 行政人员
insert into roles_permissions(role_name,permission) values("zmanager","sys:k:find");

2. 整合JdbcRealm

1、整合Druid和MyBatis：

# 数据库配置
spring.datasource.druid.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.druid.url=jdbc:mysql://localhost:3306/db_shiro1?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=UTC
spring.datasource.druid.username=root
spring.datasource.druid.password=root
# 连接池配置
#连接池建立时创建的初始化连接数
spring.datasource.druid.initial-size=5
#连接池中最大的活跃连接数
spring.datasource.druid.max-active=20
#连接池中最小的活跃连接数
spring.datasource.druid.min-idle=5
# 配置获取连接等待超时的时间
spring.datasource.druid.max-wait=60000
# mybatis 配置
mybatis.mapper-locations=classpath:mappers/*Mapper.xml
mybatis.type-aliases-package=com.hh.beans

2、导入shiro依赖：

<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-spring</artifactId>
  <version>1.4.1</version>
</dependency>

3、配置shiro过滤器：只需要将IniRealm 更改为JdbcRealm

@Configuration
public class ShiroConfig {
  @Bean
  public JdbcRealm getJDBCRealm(DataSource dataSource){
      JdbcRealm jdbcRealm = new JdbcRealm();
      //JdbcRealm会自行从数据库中查询用户和权限数据（前提是数据库表结构要符合JdbcRealm表结构）
      jdbcRealm.setDataSource(dataSource);
      //jdbcRealm默认开启认证功能，如果想要开启授权功能，需要手动开启
      jdbcRealm.setPermissionsLookupEnabled(true);
      return jdbcRealm;
  }
  //将DefaultSecurityManager交给Spring容器来创建和管理
  @Bean
  public DefaultSecurityManager getDefaultSecurityManager(JdbcRealm jdbcRealm) {
      //SecurityManager要完成认证和校验需要Realm
      DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
      securityManager.setRealm(jdbcRealm);
      return securityManager;
  }
  //配置shiro的过滤器
  @Bean
  public ShiroFilterFactoryBean shiroFilter(DefaultSecurityManager securityManager) {
      //过滤器工厂
      ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
      //过滤器是进行权限校验的核心，进行认证和授权需要SecurityManager
      filter.setSecurityManager(securityManager);
      //设置拦截规则
      //anon:匿名用户可以访问，authc:授权用户可以访问
      Map<String, String> filterMap = new HashMap<>();
      filterMap.put("/", "anon");              //项目个根路径不拦截
      filterMap.put("/login.html", "anon");    //登录页面不拦截
      filterMap.put("/register.html", "anon"); //注册页面不拦截
      filterMap.put("/user/login", "anon");    //登录不拦截
      filterMap.put("/user/regist", "anon");   //注册不拦截
      filterMap.put("/static/**", "anon");     //静态页面不拦截
      filterMap.put("/**", "authc");           //除了上面的请求路径，其他路径都要拦截
      filter.setFilterChainDefinitionMap(filterMap);
      //设置默认的登录页面
      filter.setLoginUrl("/login.html");
      //设置未授权访问的页面路径（一个页面如果未授权让其跳转到登录页面）
      filter.setUnauthorizedUrl("/login.html");
      return filter;
  }
}

4、进行认证测试：和上面测试方法相同

由于只要我们按照规定写了数据库表结构，那么既可以直接使用数据库中的信息

 

4、实现前端的权限菜单展示

1. 在Thymeleaf中使用标签

1、在pom.xml文件中导入thymeleaf模版对shiro标签支持的依赖

<dependency>
  <groupId>com.github.theborakompanioni</groupId>
  <artifactId>thymeleaf-extras-shiro</artifactId>
  <version>2.0.0</version>
</dependency>

2、在ShiroConfig中配置Shiro的方言：

@Bean
public ShiroDialect getShiroDialect(){
  return new ShiroDialect();
}

3、Thymeleaf模版中引入shiro的命名空间：

<html xmlns:th="http://www.thymeleaf.org"
xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
...
</html>

2. 常用标签

2.1 guest

判断用户是否是游客身份，如果是游客身份则显示此标签内容

<shiro:guest>
欢迎游客，<a href="login.html" rel="external nofollow"  rel="external nofollow" >请登录</a>
</shiro:guest>

2.2 user

判断用户是否是认证身份，如果是认证身份则显示此标签内容

<shiro:user>
已登录用户
</shiro:user>

2.3 principal

获取当前登录用户名

<shiro:user>
已登录用户<shiro:principal/>欢迎您！
</shiro:user>

2.4 hasRole

当期那登录用户的角色

<shiro:user>
当前用户<shiro:principal/>欢迎您！
当前用户为<shiro:hasRole name="admin">超级管理员</shiro:hasRole>
<shiro:hasRole name="cmanager">仓管人员</shiro:hasRole>
<shiro:hasRole name="xmanager">销售人员</shiro:hasRole>
<shiro:hasRole name="kmanager">客服人员</shiro:hasRole>
<shiro:hasRole name="zmanager">行政人员</shiro:hasRole>
</shiro:user>

登录用户为zhangsan：

登录用户为lisi：

2.5 hasPermission

当前登录用户具有的权限

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<shiro:guest>
欢迎游客，<a href="login.html" rel="external nofollow"  rel="external nofollow" >请登录</a>
</shiro:guest>
<shiro:user>
当前用户<shiro:principal/>欢迎您！
当前用户为<shiro:hasRole name="admin">超级管理员</shiro:hasRole>
<shiro:hasRole name="cmanager">仓管人员</shiro:hasRole>
<shiro:hasRole name="xmanager">销售人员</shiro:hasRole>
<shiro:hasRole name="kmanager">客服人员</shiro:hasRole>
<shiro:hasRole name="zmanager">行政人员</shiro:hasRole>
</shiro:user>
仓库管理：
<ul>
<shiro:hasPermission name="sys:c:save"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >入库</a> </li></shiro:hasPermission>
<shiro:hasPermission name="sys:c:delete"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >出库</a> </li></shiro:hasPermission>
<shiro:hasPermission name="sys:c:update"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >修改</a> </li></shiro:hasPermission>
<shiro:hasPermission name="sys:c:find"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >查询</a> </li></shiro:hasPermission>
</ul>
订单管理：
<ul>
<shiro:hasPermission name="sys:x:save"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >添加订单</a> </li></shiro:hasPermission>
<shiro:hasPermission name="sys:x:delete"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >删除订单</a> </li></shiro:hasPermission>
<shiro:hasPermission name="sys:x:update"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >修改订单</a> </li></shiro:hasPermission>
<shiro:hasPermission name="sys:x:find"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >查询订单</a> </li></shiro:hasPermission>
</ul>
客户管理:
<ul>
<shiro:hasPermission name="sys:k:save"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >添加客户</a></li></shiro:hasPermission>
<shiro:hasPermission name="sys:k:delete"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >删除客户</a></li></shiro:hasPermission>
<shiro:hasPermission name="sys:k:update"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >修改客户</a></li></shiro:hasPermission>
<shiro:hasPermission name="sys:k:find"><li><a href="#" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow" >查询客户</a></li></shiro:hasPermission>
</ul>
</body>
</html>

登录用户为：lisi

登录用户为zhangsan：

3. 认证流程回顾

 

5、自定义Realm实现权限管理

1. 表结构的设计

1.1 用户表：tb_users

create table tb_users(
  user_id int primary key auto_increment,
  username varchar(60) not null unique,
  password varchar(20) not null,
  password_salt varchar(60)
);
insert into tb_users(username,password) values("zhangsan","123456");
insert into tb_users(username,password) values("lisi","123456");
insert into tb_users(username,password) values("wangwu","123456");
insert into tb_users(username,password) values("zhaoliu","123456");
insert into tb_users(username,password) values("chenqi","123456");

1.2 角色表：tb_roles

create table tb_roles(
  role_id int primary key auto_increment,
  role_name varchar(100) not null
);
insert into tb_roles(role_name) values("admin");
insert into tb_roles(role_name) values("cmanager");
insert into tb_roles(role_name) values("xmanager");
insert into tb_roles(role_name) values("kmanager");
insert into tb_roles(role_name) values("zmanager");

1.3 权限表：tb_permissions

create table tb_permissions(
  permission_id int primary key auto_increment,
  permission_code varchar(20) not null,
  permission_name varchar(60) 
);
insert into tb_permissions(permission_code,permission_name) values("sys:c:save","入库");
insert into tb_permissions(permission_code,permission_name) values("sys:c:delete","出库");
insert into tb_permissions(permission_code,permission_name) values("sys:c:update","修改");
insert into tb_permissions(permission_code,permission_name) values("sys:c:find","查询");
insert into tb_permissions(permission_code,permission_name) values("sys:x:save","新增订单");
insert into tb_permissions(permission_code,permission_name) values("sys:x:delete","删除订单");
insert into tb_permissions(permission_code,permission_name) values("sys:x:update","修改订单");
insert into tb_permissions(permission_code,permission_name) values("sys:x:find","查询订单");
insert into tb_permissions(permission_code,permission_name) values("sys:k:save","新增客户");
insert into tb_permissions(permission_code,permission_name) values("sys:k:delete","删除客户");
insert into tb_permissions(permission_code,permission_name) values("sys:k:update","修改客户");
insert into tb_permissions(permission_code,permission_name) values("sys:k:find","查询客户");

1.4 用户角色表：tb_urs

create table tb_urs(
  uid int not null,
  rid int not null
  -- primary key(uid,rid),
  -- constraint FK_user foreign key(uid) references tb_users(user_id),
  -- constraint FK_role foreign key(rid) references tb_rolls(roll_id)
);
-- zhangsan具有所有角色，代表具有所有权限，不用给他分配权限
insert into tb_urs(uid,rid) values(1,1);-- zhangsan用户具有admin角色
insert into tb_urs(uid,rid) values(1,2);-- zhangsan用户具有cmanager角色
insert into tb_urs(uid,rid) values(1,3);-- zhangsan用户具有xmanager角色
insert into tb_urs(uid,rid) values(1,4);-- zhangsan用户具有kmanagerr角色
insert into tb_urs(uid,rid) values(1,5);-- zhangsan用户具有zmanager角色
insert into tb_urs(uid,rid) values(2,2);-- lisi用户具有cmanager角色
insert into tb_urs(uid,rid) values(3,3);-- wangwu用户具有xmanager角色
insert into tb_urs(uid,rid) values(4,4);-- zhaoliu用户具有kmanager角色
insert into tb_urs(uid,rid) values(5,5);-- chenqi用户具有zmanager角色

1.5 角色权限表：tb_rps

create table tb_rps(
	rid int not null,
  pid int not null
);
-- 给角色2（仓管）分配权限
insert into tb_rps(rid,pid) values(2,1);
insert into tb_rps(rid,pid) values(2,2);
insert into tb_rps(rid,pid) values(2,3);
insert into tb_rps(rid,pid) values(2,4);
-- 给角色3（销售）分配权限
insert into tb_rps(rid,pid) values(3,3);
insert into tb_rps(rid,pid) values(3,5);
insert into tb_rps(rid,pid) values(3,6);
insert into tb_rps(rid,pid) values(3,7);
insert into tb_rps(rid,pid) values(3,8);
insert into tb_rps(rid,pid) values(3,9);
insert into tb_rps(rid,pid) values(3,10);
insert into tb_rps(rid,pid) values(3,11);
insert into tb_rps(rid,pid) values(3,12);
-- 给角色4（客服）分配权限
insert into tb_rps(rid,pid) values(4,11);
insert into tb_rps(rid,pid) values(4,12);
-- 给角色5（行政）分配权限
insert into tb_rps(rid,pid) values(5,4);
insert into tb_rps(rid,pid) values(5,8);
insert into tb_rps(rid,pid) values(5,12);

2. Dao层实现

shiro 进行认证需要用户信息：

• 根据用户名查询用户信息

shiro进行权限管理需要当前用户的角色和权限：

• 根据用户名查询当前用户的角色列表
• 根据用户名查询当前用户的权限列表

2.1 根据用户名查询用户信息

实体类User

@Data
public class User {
  private String userId;
  private String userName;
  private String userPwd;
  private String pwdSalt;
}

dao接口

@Mapper
public interface UserDao {
  //根据用户名查询用户信息
  public User queryUserByUsername(String username) throws Exception;
}

映射配置

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
      PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
      "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.hh.dao.UserDao">
  <resultMap id="userMap" type="User">
      <id column="user_id" property="userId"></id>
      <result column="username" property="userName"/>
      <result column="password" property="userPwd"/>
      <result column="password_salt" property="pwdSalt"/>
  </resultMap>
  <select id="queryUserByUsername" resultMap="userMap">
      select * from tb_users
      where username=#{username}
  </select>
</mapper>

2.2 根据用户名查询角色信息

dao接口

@Mapper
public interface RoleDao {
  public Set<String> queryRoleNamesByUsername(String username) throws Exception;
}

映射配置

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
      PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
      "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.hh.dao.RoleDao">
  <select id="queryRoleNamesByUsername" resultSets="java.util.Set" resultType="string">
      select 
          role_name
      from 
          tb_users  
      join 
          tb_urs
      on 
          tb_users.user_id = tb_urs.uid
      join 
          tb_roles
      on 
          tb_urs.rid = tb_roles.role_id
      where 
          tb_users.username=#{username}
  </select>
</mapper>

2.3 根据用户名查询权限列表

dao接口

public interface PermissionDAO {
  public Set<String> queryPermissionsByUsername(String  username) throws Exception;
}

映射配置

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
      PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
      "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.hh.dao.PermissionDao">
  <select id="queryPermissionsByUsername" resultSets="java.util.Set" resultType="string">
      select 
          tb_permissions.permission_code 
      from 
          tb_users
      join 
          tb_urs 
      on 
          tb_users.user_id=tb_urs.uid
      join 
          tb_roles 
      on 
          tb_urs.rid=tb_roles.role_id
      join 
          tb_rps 
      on 
          tb_roles.role_id=tb_rps.rid
      join 
          tb_permissions 
      on 
          tb_rps.pid=tb_permissions.permission_id
      where 
          tb_users.username=#{username}
  </select>
</mapper>

3. 整合Shiro

3.1 导入依赖

<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-spring</artifactId>
  <version>1.4.1</version>
</dependency>
<dependency>
  <groupId>com.github.theborakompanioni</groupId>
  <artifactId>thymeleaf-extras-shiro</artifactId>
  <version>2.0.0</version>
</dependency>

3.2 配置Shiro过滤器

@Configuration
public class ShiroConfig {
  //1、配置Shiro的方言支持
  //2、配置Realm
  //3、配置SecurityManager
  //4、配置过滤器
  @Bean
  public ShiroDialect getShiroDialect(){
      return new ShiroDialect();
  }
  //自定义Realm,Realm相当于数据源，从数据库中查询出认证信息和授权信息
  @Bean
  public MyRealm getRealm(){
      MyRealm myRealm = new MyRealm();
      return myRealm;
  }
  @Bean
  public DefaultWebSecurityManager getDefaultWebSecurityManager(MyRealm myRealm){
      DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
      securityManager.setRealm(myRealm);
      return securityManager;
  }
  @Bean
  public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager){
      ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
      //过滤器就是shiro就行权限校验的核心，进行认证和授权是需要SecurityManager的
      filter.setSecurityManager(securityManager);
      Map<String,String> filterMap = new HashMap<>();
      filterMap.put("/","anon");
      filterMap.put("/index.html","anon");
      filterMap.put("/login.html","anon");
      filterMap.put("/regist.html","anon");
      filterMap.put("/user/login","anon");
      filterMap.put("/user/regist","anon");
      filterMap.put("/layui/**","anon");
      filterMap.put("/**","authc");
      filter.setFilterChainDefinitionMap(filterMap);
      filter.setLoginUrl("/login.html");
      //设置未授权访问的页面路径（）
      filter.setUnauthorizedUrl("/login.html");
      return filter;
  }
}

3.3 自定义Realm

/**
* 自定义Realm的规范：
* 1、创建一个类实现AuthorizingRealm，重写里面的两个方法
* 2、重写getName()方法,返回当前Realm的自定义名称
*/
public class MyRealm extends AuthorizingRealm {
  @Autowired
  private UserDao userDao;
  @Autowired
  private RoleDao roleDao;
  @Autowired
  private PermissionDao permissionDao;
  public String getName(){
      return "myRealm";
  }
  /**
   * 获取认证信息：将用户密码查询出来交给shiro
   * @param authenticationToken token就是传递的 subject.login(token)
   */
  @SneakyThrows
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
      UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
      //从token中获取用户名
      String username = token.getUsername();
      //根据用户名到数据库中查询用户信息
      User user = userDao.queryUserByUsername(username);
      if(user==null){
          return null;
      }
      //将查询出来的密码封装成安全信息给shiro
      AuthenticationInfo info = new SimpleAuthenticationInfo(
              username,//当前用户的用户名
              user.getUserPwd(),//从数据库中查询出来的安全数据
              getName()
              );
      return info;
  }
  /**
   * 获取授权信息:将当前用户的角色和权限查询出交给shiro
   * @param principalCollection
   */
  @SneakyThrows
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
      //获取用户的用户名
      String username = (String)principalCollection.iterator().next();
      //根据用户名查询用户的角色列表
      Set<String> roleNames = roleDao.queryRoleNamesByUsername(username);
      //根据用户名查询用户的权限列表
      Set<String> ps = permissionDao.queryPermissionsByUsername(username);
      SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
      info.setRoles(roleNames);
      info.setStringPermissions(ps);
      return info;
  }
}

测试结果：

以上为个人经验，希望能给大家一个参考，也希望大家多多支持服务器之家。

原文链接：https://hengheng.blog.csdn.net/article/details/106980159