SpringBoot系列十二:SpringBoot整合 Shiro

1、概念:SpringBoot 整合 Shiro

2、具体内容

Shiro 是现在最为流行的权限认证开发框架,与它起名的只有最初的 SpringSecurity(这个开发框架非常不好用,但是千万不要 以为 SpringSecurity 没有用处,它在 SpringCloud 阶段将发挥重大的作用)。但是现在如果要想整合 Shiro 开发框架有一点很遗憾, SpringBoot 没有直接的配置支持,它不像整合所谓的 Kafka、Redis、DataSource,也就是说如果要想整合 Shiro 开发框架那么就必须 自己来进行配置。

2.1、项目开发准备

在整个的 Shiro 之中最为重要的部分:认证以及授权处理(Realm),在 Realm 里面实际上在开发之中所需要调用的业务方法 只有两类:根据用户编号取得用户的完整信息,在认证通过之后根据用户编号获得用户对应的所有的角色以及权限信息,而且既然已经到了微架构的阶段,那么不得不去面对一个问题,对于这种用户的业务操作是放在 WEB 端还是单独提出来做成一个 Rest 服务? 很明显,应该作为一个服务进行抽象出来,也就是说在整体的调用处理之中,Realm 需要进行 Rest 服务调用(RestTemplate 存在可 以让整个的调用更加容易)。

那么按照如上的设计方案,现在的整体的项目里面认为应该包含有如下的几个开发模块:

· microboot-shiro-api:应该提供有服务的 VO 类、各种加密处理的工具类;

· microboot-shiro-member-provider:进行用户认证与授权 REST 服务的提供,要暴露两个接口:用户信息获得、角色与权限信息获得;

· microboot-shiro-web:主要进行 Shiro 的认证与授权检测处理。

1、 【microboot-shiro-member-provider】保存本次的数据库脚本

-- 删除数据库
DROP DATABASE IF EXISTS study ;
-- 创建数据库
CREATE DATABASE study CHARACTER SET UTF8 ;
-- 使用数据库
USE study ;
CREATE TABLE member(
    mid            VARCHAR(50) ,
    name        VARCHAR(50) ,
    password    VARCHAR(32) ,
    locked        INT ,
    CONSTRAINT pk_mid PRIMARY KEY(mid)
) ;
CREATE TABLE role (
    rid            VARCHAR(50)  ,
    title        VARCHAR(50) ,
    CONSTRAINT pk_rid PRIMARY KEY(rid)
) ;
CREATE TABLE action (
    actid        VARCHAR(50)    ,
    title        VARCHAR(50) ,
    rid            VARCHAR(50) ,
    CONSTRAINT pk_actid PRIMARY KEY(actid)
) ;
CREATE TABLE member_role (
    mid            VARCHAR(50) ,
    rid            VARCHAR(50)
) ;
INSERT INTO member(mid,name,password,locked) VALUES (‘studyjava‘,‘study‘,‘2E866BF58289E01583AD418F486A69DF‘,0) ;
INSERT INTO member(mid,name,password,locked) VALUES (‘admin‘,‘admin‘,‘2E866BF58289E01583AD418F486A69DF‘,0) ;
INSERT INTO role(rid,title) VALUES (‘emp‘,‘雇员管理‘) ;
INSERT INTO role(rid,title) VALUES (‘dept‘,‘部门管理‘) ;
INSERT INTO action(actid,title,rid) VALUES (‘emp:add‘,‘雇员入职‘,‘emp‘) ;
INSERT INTO action(actid,title,rid) VALUES (‘emp:remove‘,‘雇员离职‘,‘emp‘) ;
INSERT INTO action(actid,title,rid) VALUES (‘emp:list‘,‘雇员列表‘,‘emp‘) ;
INSERT INTO action(actid,title,rid) VALUES (‘emp:edit‘,‘雇员编辑‘,‘emp‘) ;
INSERT INTO action(actid,title,rid) VALUES (‘dept:list‘,‘部门列表‘,‘dept‘) ;
INSERT INTO action(actid,title,rid) VALUES (‘dept:edit‘,‘部门编辑‘,‘dept‘) ;
INSERT INTO member_role(mid,rid) VALUES (‘studyjava‘,‘emp‘) ;
INSERT INTO member_role(mid,rid) VALUES (‘admin‘,‘emp‘) ;
INSERT INTO member_role(mid,rid) VALUES (‘admin‘,‘dept‘) ;

2、 【microboot-shiro-api】建立一个 Member 程序类,保存认证返回的信息;

· Shiro 进行认证处理的时候是要求根据一个用户的编号获得用户对应的完整信息,而后再进行用户是否存在的判断、密码 是否正确的判断、是否被锁定的判断。

package cn.study.vo;

import java.io.Serializable;

@SuppressWarnings("serial")
public class Member implements Serializable {
    private String mid ;
    private String name ;
    private String password ;
    private Integer locked ;
    public String getMid() {
        return mid;
    }
    public void setMid(String mid) {
        this.mid = mid;
    }
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public Integer getLocked() {
        return locked;
    }
    public void setLocked(Integer locked) {
        this.locked = locked;
    }
    @Override
    public String toString() {
        return "Member [mid=" + mid + ", name=" + name + ", password="
                + password + ", locked=" + locked + "]";
    }
}

3、 【microboot-shiro-api】密码的加密处理;

package cn.study.util.enctype;

public class MD5Code {
    /*
     * 下面这些S11-S44实际上是一个4*4的矩阵,在原始的C实现中是用#define 实现的, 这里把它们实现成为static
     * final是表示了只读,且能在同一个进程空间内的多个 Instance间共享
     */
    static final int S11 = 7;

    static final int S12 = 12;

    static final int S13 = 17;

    static final int S14 = 22;

    static final int S21 = 5;

    static final int S22 = 9;

    static final int S23 = 14;

    static final int S24 = 20;

    static final int S31 = 4;

    static final int S32 = 11;

    static final int S33 = 16;

    static final int S34 = 23;

    static final int S41 = 6;

    static final int S42 = 10;

    static final int S43 = 15;

    static final int S44 = 21;

    static final byte[] PADDING = { -128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
            0, 0, 0, 0, 0, 0, 0 };

    /*
     * 下面的三个成员是MD5计算过程中用到的3个核心数据,在原始的C实现中 被定义到MD5_CTX结构中
     */
    private long[] state = new long[4];// state (ABCD)

    private long[] count = new long[2];// number of bits, modulo 2^64 (lsb

    // first)

    private byte[] buffer = new byte[64]; // input buffer

    /*
     * digestHexStr是MD5的唯一一个公共成员,是最新一次计算结果的 16进制ASCII表示.
     */

    public String digestHexStr;

    /*
     * digest,是最新一次计算结果的2进制内部表示,表示128bit的MD5值.
     */
    private byte[] digest = new byte[16];

    /*
     * getMD5ofStr是类MD5最主要的公共方法,入口参数是你想要进行MD5变换的字符串
     * 返回的是变换完的结果,这个结果是从公共成员digestHexStr取得的.
     */
    public String getMD5ofStr(String inbuf) {
        md5Init();
        md5Update(inbuf.getBytes(), inbuf.length());
        md5Final();
        digestHexStr = "";
        for (int i = 0; i < 16; i++) {
            digestHexStr += byteHEX(digest[i]);
        }
        return digestHexStr;
    }

    // 这是MD5这个类的标准构造函数,JavaBean要求有一个public的并且没有参数的构造函数
    public MD5Code() {
        md5Init();
        return;
    }

    /* md5Init是一个初始化函数,初始化核心变量,装入标准的幻数 */
    private void md5Init() {
        count[0] = 0L;
        count[1] = 0L;
        // /* Load magic initialization constants.
        state[0] = 0x67452301L;
        state[1] = 0xefcdab89L;
        state[2] = 0x98badcfeL;
        state[3] = 0x10325476L;
        return;
    }

    /*
     * F, G, H ,I 是4个基本的MD5函数,在原始的MD5的C实现中,由于它们是
     * 简单的位运算,可能出于效率的考虑把它们实现成了宏,在java中,我们把它们 实现成了private方法,名字保持了原来C中的。
     */
    private long F(long x, long y, long z) {
        return (x & y) | ((~x) & z);
    }

    private long G(long x, long y, long z) {
        return (x & z) | (y & (~z));
    }

    private long H(long x, long y, long z) {
        return x ^ y ^ z;
    }

    private long I(long x, long y, long z) {
        return y ^ (x | (~z));
    }

    /*
     * FF,GG,HH和II将调用F,G,H,I进行近一步变换 FF, GG, HH, and II transformations for
     * rounds 1, 2, 3, and 4. Rotation is separate from addition to prevent
     * recomputation.
     */
    private long FF(long a, long b, long c, long d, long x, long s, long ac) {
        a += F(b, c, d) + x + ac;
        a = ((int) a << s) | ((int) a >>> (32 - s));
        a += b;
        return a;
    }

    private long GG(long a, long b, long c, long d, long x, long s, long ac) {
        a += G(b, c, d) + x + ac;
        a = ((int) a << s) | ((int) a >>> (32 - s));
        a += b;
        return a;
    }

    private long HH(long a, long b, long c, long d, long x, long s, long ac) {
        a += H(b, c, d) + x + ac;
        a = ((int) a << s) | ((int) a >>> (32 - s));
        a += b;
        return a;
    }

    private long II(long a, long b, long c, long d, long x, long s, long ac) {
        a += I(b, c, d) + x + ac;
        a = ((int) a << s) | ((int) a >>> (32 - s));
        a += b;
        return a;
    }

    /*
     * md5Update是MD5的主计算过程,inbuf是要变换的字节串,inputlen是长度,这个
     * 函数由getMD5ofStr调用,调用之前需要调用md5init,因此把它设计成private的
     */
    private void md5Update(byte[] inbuf, int inputLen) {
        int i, index, partLen;
        byte[] block = new byte[64];
        index = (int) (count[0] >>> 3) & 0x3F;
        // /* Update number of bits */
        if ((count[0] += (inputLen << 3)) < (inputLen << 3))
            count[1]++;
        count[1] += (inputLen >>> 29);
        partLen = 64 - index;
        // Transform as many times as possible.
        if (inputLen >= partLen) {
            md5Memcpy(buffer, inbuf, index, 0, partLen);
            md5Transform(buffer);
            for (i = partLen; i + 63 < inputLen; i += 64) {
                md5Memcpy(block, inbuf, 0, i, 64);
                md5Transform(block);
            }
            index = 0;
        } else
            i = 0;
        // /* Buffer remaining input */
        md5Memcpy(buffer, inbuf, index, i, inputLen - i);
    }

    /*
     * md5Final整理和填写输出结果
     */
    private void md5Final() {
        byte[] bits = new byte[8];
        int index, padLen;
        // /* Save number of bits */
        Encode(bits, count, 8);
        // /* Pad out to 56 mod 64.
        index = (int) (count[0] >>> 3) & 0x3f;
        padLen = (index < 56) ? (56 - index) : (120 - index);
        md5Update(PADDING, padLen);
        // /* Append length (before padding) */
        md5Update(bits, 8);
        // /* Store state in digest */
        Encode(digest, state, 16);
    }

    /*
     * md5Memcpy是一个内部使用的byte数组的块拷贝函数,从input的inpos开始把len长度的
     * 字节拷贝到output的outpos位置开始
     */
    private void md5Memcpy(byte[] output, byte[] input, int outpos, int inpos,
            int len) {
        int i;
        for (i = 0; i < len; i++)
            output[outpos + i] = input[inpos + i];
    }

    /*
     * md5Transform是MD5核心变换程序,有md5Update调用,block是分块的原始字节
     */
    private void md5Transform(byte block[]) {
        long a = state[0], b = state[1], c = state[2], d = state[3];
        long[] x = new long[16];
        Decode(x, block, 64);
        /* Round 1 */
        a = FF(a, b, c, d, x[0], S11, 0xd76aa478L); /* 1 */
        d = FF(d, a, b, c, x[1], S12, 0xe8c7b756L); /* 2 */
        c = FF(c, d, a, b, x[2], S13, 0x242070dbL); /* 3 */
        b = FF(b, c, d, a, x[3], S14, 0xc1bdceeeL); /* 4 */
        a = FF(a, b, c, d, x[4], S11, 0xf57c0fafL); /* 5 */
        d = FF(d, a, b, c, x[5], S12, 0x4787c62aL); /* 6 */
        c = FF(c, d, a, b, x[6], S13, 0xa8304613L); /* 7 */
        b = FF(b, c, d, a, x[7], S14, 0xfd469501L); /* 8 */
        a = FF(a, b, c, d, x[8], S11, 0x698098d8L); /* 9 */
        d = FF(d, a, b, c, x[9], S12, 0x8b44f7afL); /* 10 */
        c = FF(c, d, a, b, x[10], S13, 0xffff5bb1L); /* 11 */
        b = FF(b, c, d, a, x[11], S14, 0x895cd7beL); /* 12 */
        a = FF(a, b, c, d, x[12], S11, 0x6b901122L); /* 13 */
        d = FF(d, a, b, c, x[13], S12, 0xfd987193L); /* 14 */
        c = FF(c, d, a, b, x[14], S13, 0xa679438eL); /* 15 */
        b = FF(b, c, d, a, x[15], S14, 0x49b40821L); /* 16 */
        /* Round 2 */
        a = GG(a, b, c, d, x[1], S21, 0xf61e2562L); /* 17 */
        d = GG(d, a, b, c, x[6], S22, 0xc040b340L); /* 18 */
        c = GG(c, d, a, b, x[11], S23, 0x265e5a51L); /* 19 */
        b = GG(b, c, d, a, x[0], S24, 0xe9b6c7aaL); /* 20 */
        a = GG(a, b, c, d, x[5], S21, 0xd62f105dL); /* 21 */
        d = GG(d, a, b, c, x[10], S22, 0x2441453L); /* 22 */
        c = GG(c, d, a, b, x[15], S23, 0xd8a1e681L); /* 23 */
        b = GG(b, c, d, a, x[4], S24, 0xe7d3fbc8L); /* 24 */
        a = GG(a, b, c, d, x[9], S21, 0x21e1cde6L); /* 25 */
        d = GG(d, a, b, c, x[14], S22, 0xc33707d6L); /* 26 */
        c = GG(c, d, a, b, x[3], S23, 0xf4d50d87L); /* 27 */
        b = GG(b, c, d, a, x[8], S24, 0x455a14edL); /* 28 */
        a = GG(a, b, c, d, x[13], S21, 0xa9e3e905L); /* 29 */
        d = GG(d, a, b, c, x[2], S22, 0xfcefa3f8L); /* 30 */
        c = GG(c, d, a, b, x[7], S23, 0x676f02d9L); /* 31 */
        b = GG(b, c, d, a, x[12], S24, 0x8d2a4c8aL); /* 32 */
        /* Round 3 */
        a = HH(a, b, c, d, x[5], S31, 0xfffa3942L); /* 33 */
        d = HH(d, a, b, c, x[8], S32, 0x8771f681L); /* 34 */
        c = HH(c, d, a, b, x[11], S33, 0x6d9d6122L); /* 35 */
        b = HH(b, c, d, a, x[14], S34, 0xfde5380cL); /* 36 */
        a = HH(a, b, c, d, x[1], S31, 0xa4beea44L); /* 37 */
        d = HH(d, a, b, c, x[4], S32, 0x4bdecfa9L); /* 38 */
        c = HH(c, d, a, b, x[7], S33, 0xf6bb4b60L); /* 39 */
        b = HH(b, c, d, a, x[10], S34, 0xbebfbc70L); /* 40 */
        a = HH(a, b, c, d, x[13], S31, 0x289b7ec6L); /* 41 */
        d = HH(d, a, b, c, x[0], S32, 0xeaa127faL); /* 42 */
        c = HH(c, d, a, b, x[3], S33, 0xd4ef3085L); /* 43 */
        b = HH(b, c, d, a, x[6], S34, 0x4881d05L); /* 44 */
        a = HH(a, b, c, d, x[9], S31, 0xd9d4d039L); /* 45 */
        d = HH(d, a, b, c, x[12], S32, 0xe6db99e5L); /* 46 */
        c = HH(c, d, a, b, x[15], S33, 0x1fa27cf8L); /* 47 */
        b = HH(b, c, d, a, x[2], S34, 0xc4ac5665L); /* 48 */
        /* Round 4 */
        a = II(a, b, c, d, x[0], S41, 0xf4292244L); /* 49 */
        d = II(d, a, b, c, x[7], S42, 0x432aff97L); /* 50 */
        c = II(c, d, a, b, x[14], S43, 0xab9423a7L); /* 51 */
        b = II(b, c, d, a, x[5], S44, 0xfc93a039L); /* 52 */
        a = II(a, b, c, d, x[12], S41, 0x655b59c3L); /* 53 */
        d = II(d, a, b, c, x[3], S42, 0x8f0ccc92L); /* 54 */
        c = II(c, d, a, b, x[10], S43, 0xffeff47dL); /* 55 */
        b = II(b, c, d, a, x[1], S44, 0x85845dd1L); /* 56 */
        a = II(a, b, c, d, x[8], S41, 0x6fa87e4fL); /* 57 */
        d = II(d, a, b, c, x[15], S42, 0xfe2ce6e0L); /* 58 */
        c = II(c, d, a, b, x[6], S43, 0xa3014314L); /* 59 */
        b = II(b, c, d, a, x[13], S44, 0x4e0811a1L); /* 60 */
        a = II(a, b, c, d, x[4], S41, 0xf7537e82L); /* 61 */
        d = II(d, a, b, c, x[11], S42, 0xbd3af235L); /* 62 */
        c = II(c, d, a, b, x[2], S43, 0x2ad7d2bbL); /* 63 */
        b = II(b, c, d, a, x[9], S44, 0xeb86d391L); /* 64 */
        state[0] += a;
        state[1] += b;
        state[2] += c;
        state[3] += d;
    }

    /*
     * Encode把long数组按顺序拆成byte数组,因为java的long类型是64bit的, 只拆低32bit,以适应原始C实现的用途
     */
    private void Encode(byte[] output, long[] input, int len) {
        int i, j;
        for (i = 0, j = 0; j < len; i++, j += 4) {
            output[j] = (byte) (input[i] & 0xffL);
            output[j + 1] = (byte) ((input[i] >>> 8) & 0xffL);
            output[j + 2] = (byte) ((input[i] >>> 16) & 0xffL);
            output[j + 3] = (byte) ((input[i] >>> 24) & 0xffL);
        }
    }

    /*
     * Decode把byte数组按顺序合成成long数组,因为java的long类型是64bit的,
     * 只合成低32bit,高32bit清零,以适应原始C实现的用途
     */
    private void Decode(long[] output, byte[] input, int len) {
        int i, j;
        for (i = 0, j = 0; j < len; i++, j += 4)
            output[i] = b2iu(input[j]) | (b2iu(input[j + 1]) << 8)
                    | (b2iu(input[j + 2]) << 16) | (b2iu(input[j + 3]) << 24);
        return;
    }

    /*
     * b2iu是我写的一个把byte按照不考虑正负号的原则的"升位"程序,因为java没有unsigned运算
     */
    public static long b2iu(byte b) {
        return b < 0 ? b & 0x7F + 128 : b;
    }

    /*
     * byteHEX(),用来把一个byte类型的数转换成十六进制的ASCII表示,
     * 因为java中的byte的toString无法实现这一点,我们又没有C语言中的 sprintf(outbuf,"%02X",ib)
     */
    public static String byteHEX(byte ib) {
        char[] Digit = { ‘0‘, ‘1‘, ‘2‘, ‘3‘, ‘4‘, ‘5‘, ‘6‘, ‘7‘, ‘8‘, ‘9‘, ‘A‘,
                ‘B‘, ‘C‘, ‘D‘, ‘E‘, ‘F‘ };
        char[] ob = new char[2];
        ob[0] = Digit[(ib >>> 4) & 0X0F];
        ob[1] = Digit[ib & 0X0F];
        String s = new String(ob);
        return s;
    }
}
package cn.study.util.enctype;

import java.util.Base64;

public class PasswordUtil {
    private static final String SEED  = "studyjava" ;    // 该数据为种子数,如果要加密则需要使用Base64做多次迭代
    private static final int NE_NUM = 3 ;    // 密码迭代处理3次
    private PasswordUtil() {}
    private static String createSeed() {    // 创建一个基于Base64的种子数
        String str = SEED ;
        for (int x = 0 ; x < NE_NUM ; x ++) {
            str = Base64.getEncoder().encodeToString(str.getBytes()) ;
        }
        return str ;
    }
    /**
     * 进行密码的处理操作
     * @param password 用户输入的真实密码
     * @return 与数据库保存匹配的加密的处理密码
     */
    public static String getPassword(String password) {
        MD5Code md5 = new MD5Code() ;
        String pass = "{" + password + ":" + createSeed() + "}";
        for (int x = 0 ; x < NE_NUM ; x ++) {
            pass = md5.getMD5ofStr(pass) ;
        }
        return pass ;
    }
}

2.2、用户微服务

所谓的用户微服务指的是要求在“microboot-shiro-member-provider”里面进行实现,该服务之中需要考虑如下的几点:

· 该服务需要进行数据库的开发,所以一定要进行数据库连接池的配置;

· 既然要进行微服务的编写,那么就一定需要提供有业务接口以及 DAO 实现子类,现在的实现将依靠 MyBatis 完成;

· 所有的微服务最终要通过控制器的 Rest 进行发布处理。

1、 【microboot-shiro-member-provider】配置 Druid 数据库连接池;

· 需要修改 pom.xml 配置文件,为项目的整合添加相关的支持包:

        <dependency>
            <groupId>cn.mldn</groupId>
            <artifactId>microboot-shiro-api</artifactId>
            <version>0.0.1-SNAPSHOT</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-core</artifactId>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
        </dependency>

2、 【microboot-shiro-member-provider】建立几个 DAO 接口:

· 提供用户认证的 DAO 接口:IMemberDAO;

package cn.study.microboot.dao;

import org.apache.ibatis.annotations.Mapper;

import cn.study.vo.Member;

@Mapper
public interface IMemberDAO {
    public Member findById(String mid) ;
}

· 提供角色检测的 IRoleDAO 接口:

package cn.study.microboot.dao;

import java.util.Set;

import org.apache.ibatis.annotations.Mapper;

@Mapper
public interface IRoleDAO {
    public Set<String> findAllRoleByMember(String mid) ;
}

· 提供所有权限检测的 IActionDAO 接口:

package cn.study.microboot.dao;

import java.util.Set;

import org.apache.ibatis.annotations.Mapper;

@Mapper
public interface IActionDAO {
    public Set<String> findAllActionByMember(String mid) ;
}

3、 【microboot-shiro-member-provider】将 mybatis 的配置文件拷贝到项目的“src/main/resources”中:

· src/main/resources/mybatis/mybatis.cfg.xml 文件配置:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
    PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
    "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>    <!-- 进行Mybatis的相应的环境的属性定义 -->
    <settings>    <!-- 在本项目之中开启二级缓存 -->
        <setting name="cacheEnabled" value="true"/>
    </settings>
</configuration>

· 配置 src/main/resources/mybatis/mapper/cn/mldn/Member.xml 配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.study.microboot.dao.IMemberDAO">
    <select id="findById" parameterType="String" resultType="Member">
        SELECT mid,name,password,locked FROM member WHERE mid=#{mid} ;
    </select>
</mapper>  

· 配置 src/main/resources/mybatis/mapper/cn/mldn/Role.xml 配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.study.microboot.dao.IRoleDAO">
    <select id="findAllRoleByMember" parameterType="String" resultType="String">
        SELECT rid FROM role WHERE rid IN (
            SELECT rid FROM member_role WHERE mid=#{mid}) ;
    </select>
</mapper>
 

· 配置 src/main/resources/mybatis/mapper/cn/mldn/Action.xml 配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.study.microboot.dao.IActionDAO">
    <select id="findAllActionByMember" parameterType="String" resultType="String">
        SELECT actid FROM action WHERE rid IN (
            SELECT rid FROM member_role WHERE mid=#{mid}) ;
    </select>
</mapper>
 

4、 【microboot-shiro-member-provider】修改 application.yml 配置文件:

server:
  port: 8001
mybatis:
  config-location: classpath:mybatis/mybatis.cfg.xml    # mybatis配置文件所在路径
  type-aliases-package: cn.study.vo            # 定义所有操作类的别名所在包
  mapper-locations:                                     # 所有的mapper映射文件
  - classpath:mybatis/mapper/**/*.xml
spring:
  messages:
    basename: i18n/Messages,i18n/Pages
  datasource:
    type: com.alibaba.druid.pool.DruidDataSource    # 配置当前要使用的数据源的操作类型
    driver-class-name: org.gjt.mm.mysql.Driver      # 配置MySQL的驱动程序类
    url: jdbc:mysql://localhost:3306/study           # 数据库连接地址
    username: root                                  # 数据库用户名
    password: mysqladmin                            # 数据库连接密码
    dbcp2:                                          # 进行数据库连接池的配置
      min-idle: 5                                   # 数据库连接池的最小维持连接数
      initial-size: 5                               # 初始化提供的连接数
      max-total: 5                                  # 最大的连接数
      max-wait-millis: 200                          # 等待连接获取的最大超时时间

5、 【microboot-shiro-member-provider】定义 IMemberService 业务接口:

package cn.study.microboot.service;

import java.util.Map;
import java.util.Set;

import cn.study.vo.Member;

public interface IMemberService {
    public Member get(String mid) ;
    public Map<String,Set<String>> listAuthByMember(String mid) ;
}
package cn.study.microboot.service.impl;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;

import javax.annotation.Resource;

import org.springframework.stereotype.Service;

import cn.study.microboot.dao.IActionDAO;
import cn.study.microboot.dao.IMemberDAO;
import cn.study.microboot.dao.IRoleDAO;
import cn.study.microboot.service.IMemberService;
import cn.study.vo.Member;
@Service
public class MemberServiceImpl implements IMemberService {
    @Resource
    private IMemberDAO memberDAO;
    @Resource
    private IRoleDAO roleDAO;
    @Resource
    private IActionDAO actionDAO;
    @Override
    public Member get(String mid) {
        return this.memberDAO.findById(mid);
    }

    @Override
    public Map<String, Set<String>> listAuthByMember(String mid) {
        Map<String, Set<String>> map = new HashMap<String, Set<String>>();
        map.put("allRoles", this.roleDAO.findAllRoleByMember(mid));
        map.put("allActions", this.actionDAO.findAllActionByMember(mid));
        return map;
    }

}

6、 【microboot-shiro-member-provider】编写业务层功能测试类;

package cn.study.microboot;

import javax.annotation.Resource;

import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;

import cn.study.microboot.service.IMemberService;

@SpringBootTest(classes = StartSpringBootMain.class)
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
public class TestMemberService {
    @Resource
    private IMemberService memberService ;
    @Test
    public void testGet() {
        System.out.println(this.memberService.get("admin"));
    }
    @Test
    public void testAuth() {
        System.out.println(this.memberService.listAuthByMember("admin"));
    }
}

7、 【microboot-shiro-member-provider】进行控制层编写,控制层现在给出的一定是 Rest 服务:

package cn.study.microboot.controller;

import javax.annotation.Resource;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import cn.study.microboot.service.IMemberService;

@RestController
public class MemberController {
    @Resource
    private IMemberService memberService;
    @RequestMapping(value="/member/get",method=RequestMethod.POST)
    public Object get(String mid) {
        return this.memberService.get(mid) ;
    }
    @RequestMapping(value="/member/auth",method=RequestMethod.POST)
    public Object auth(String mid) {
        return this.memberService.listAuthByMember(mid) ;
    }
}

认证服务端口:http://localhost:8001/member/get?mid=admin;

授权服务端口:http://localhost:8001/member/auth?mid=admin;

8、 【microboot-shiro-member-provider】编写控制层测试,如果要访问 Rest 服务肯定要使用 RestTemplate 完成,这个类现在为了 简单起见,直接进行对象实例化处理:

package cn.study.microboot;

import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.web.client.RestTemplate;

import cn.study.vo.Member;

@SpringBootTest(classes = StartSpringBootMain.class)
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
public class TestMemberController {
    private RestTemplate restTemplate = new RestTemplate() ;
    @Test
    public void testGet() {
        String url = "http://localhost:8001/member/get?mid=admin" ;
        Member vo = this.restTemplate.postForObject(url, null, Member.class) ;
        System.out.println(vo);
    }
    @SuppressWarnings("unchecked")
    @Test
    public void testAuth() {
        String url = "http://localhost:8001/member/auth?mid=admin" ;
        Map<String,Object> map = this.restTemplate.postForObject(url, null, Map.class) ;
        Set<String> allRoles = new HashSet<String>() ;
        Set<String> allActions = new HashSet<String>() ;
        allRoles.addAll((List<String>) map.get("allRoles"));
        allActions.addAll((List<String>) map.get("allActions")) ;
        System.out.println("【角色】" + allRoles);
        System.out.println("【权限】" + allActions);
    }
}

那么此时一个专门进行用户认证以及授权检测的微服务开发完成。

 2.3、定义 Shiro 整合服务

在本次项目之中 WEB 模块为“microboot-shiro-web”,很明显对于 WEB 模块之中必须要求调用用户认证与授权微服务(Realm), 而后需要进行各种依赖包的配置(Shiro)、考虑到各种缓存的问题、认证与授权检测问题。

1、 【microboot-shiro-web】修改 pom.xml 配置文件,追加 Shiro 的相关依赖程序包:

        <dependency>
            <groupId>cn.study</groupId>
            <artifactId>microboot-shiro-api</artifactId>
            <version>0.0.1-SNAPSHOT</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.3.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-quartz</artifactId>
            <version>1.3.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.3.1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>

2、 【microboot-shiro-web】建立一个 RestTemplate 的配置类对象:

package cn.study.microboot.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.client.RestTemplate;

@Configuration
public class RestConfig {
    @Bean
    public RestTemplate getRestTemplate() {
        return new RestTemplate() ;
    }
}

3、 【microboot-shiro-web】Shiro 之中所有认证与授权的处理都在 Realm 之中定义了;

package cn.study.microboot.realm;

import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.annotation.Resource;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.web.client.RestTemplate;

import cn.study.util.enctype.PasswordUtil;
import cn.study.vo.Member;

public class MemberRealm extends AuthorizingRealm {
    @Resource
    private RestTemplate restTemplate ;
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken token) throws AuthenticationException {
        System.out.println("============== 1、进行认证操作处理 ==============");
        String mid = token.getPrincipal().toString(); // 用户名
        // 取得用户名之后就需要通过业务层获取用户对象以确定改用户名是否可用
        String url = "http://localhost:8001/member/get?mid=" + mid ;
        Member member = this.restTemplate.postForObject(url, null, Member.class) ; // 通过用户名获取用户信息
        if (member == null) { // 表示该用户信息不存在,不存在则应该抛出一个异常
            throw new UnknownAccountException("搞什么搞,用户名不存在!");
        }
        // 用户名如果存在了,那么就需要确定密码是否正确
        String password = PasswordUtil
                .getPassword(new String((char[]) token.getCredentials()));
        if (!password.equals(member.getPassword())) { // 密码验证
            throw new IncorrectCredentialsException("密码都记不住,去死吧!");
        }
        // 随后还需要考虑用户被锁定的问题
        if (member.getLocked().equals(1)) { // 1表示非0,非0就是true
            throw new LockedAccountException("被锁了,求解锁去吧!");
        }
        // 定义需要进行返回的操作数据信息项,返回的认证信息使用应该是密文
        SimpleAuthenticationInfo auth = new SimpleAuthenticationInfo(
                token.getPrincipal(), password, "memberRealm");
        // 在认证完成之后可以直接取得用户所需要的信息内容,保存在Session之中
        SecurityUtils.getSubject().getSession().setAttribute("name", "我的名字");
        return auth;
    }
    @SuppressWarnings("unchecked")
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(
            PrincipalCollection principals) {
        System.out.println("++++++++++++++ 2、进行授权操作处理 ++++++++++++++");
        // 该操作的主要目的是取得授权信息,说的直白一点就是角色和权限数据
        SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();
        // 执行到此方法的时候一定是已经进行过用户认证处理了(用户名和密码一定是正确的)
        String mid = (String) principals.getPrimaryPrincipal(); // 取得用户名
        String url = "http://localhost:8001/member/auth?mid=" + mid ;
        Map<String,Object> map = this.restTemplate.postForObject(url, null, Map.class) ;
        Set<String> allRoles = new HashSet<String>() ;
        Set<String> allActions = new HashSet<String>() ;
        allRoles.addAll((List<String>) map.get("allRoles"));
        allActions.addAll((List<String>) map.get("allActions")) ;
        auth.setRoles(allRoles); // 保存所有的角色
        auth.setStringPermissions(allActions); // 保存所有的权限
        return auth;
    }
}

4、 【microboot-shiro-web】现在虽然准备好了 Realm 程序类,但是在整个 Shiro 进行整合处理的时候实际上需要编写大量的配置 程序类,所以这个时候如果直接使用 xml 配置文件虽然可以,但是不标准,最好的做法是你将所有的 xml 配置项变为 Bean 配置。

package cn.study.microboot.config;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.Filter;

import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;
import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
import org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import cn.study.microboot.realm.CustomerCredentialsMatcher;
import cn.study.microboot.realm.MemberRealm;

@Configuration
public class ShiroConfig {
    @Bean
    public MemberRealm getRealm() {// 1、获取配置的Realm,之所以没使用注解配置,是因为此处需要考虑到加密处理
        MemberRealm realm = new MemberRealm();
        realm.setCredentialsMatcher(new CustomerCredentialsMatcher());
        return realm;
    }

    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
        daap.setProxyTargetClass(true);
        return daap;
    }

    @Bean
    public EhCacheManager getCacheManager() {// 2、缓存配置
        EhCacheManager cacheManager = new EhCacheManager();
        cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
        return cacheManager;
    }

    @Bean
    public SessionIdGenerator getSessionIdGenerator() { // 3
        return new JavaUuidSessionIdGenerator();
    }

    @Bean
    public SessionDAO getSessionDAO(SessionIdGenerator sessionIdGenerator) { // 4
        EnterpriseCacheSessionDAO sessionDAO = new EnterpriseCacheSessionDAO();
        sessionDAO.setActiveSessionsCacheName("shiro-activeSessionCache");
        sessionDAO.setSessionIdGenerator(sessionIdGenerator);
        return sessionDAO;
    }

    @Bean
    public RememberMeManager getRememberManager() { // 5
        CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
        SimpleCookie cookie = new SimpleCookie("studyJAVA-RememberMe");
        cookie.setHttpOnly(true);
        cookie.setMaxAge(3600);
        rememberMeManager.setCookie(cookie);
        return rememberMeManager;
    }

    @Bean
    public QuartzSessionValidationScheduler getQuartzSessionValidationScheduler() {
        QuartzSessionValidationScheduler sessionValidationScheduler = new QuartzSessionValidationScheduler();
        sessionValidationScheduler.setSessionValidationInterval(100000);
        return sessionValidationScheduler;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(
            DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
        aasa.setSecurityManager(securityManager);
        return aasa;
    }

    @Bean
    public DefaultWebSessionManager getSessionManager(SessionDAO sessionDAO,
            QuartzSessionValidationScheduler sessionValidationScheduler) { // 6
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setGlobalSessionTimeout(1000000);
        sessionManager.setDeleteInvalidSessions(true);
        sessionManager.setSessionValidationScheduler(sessionValidationScheduler);
        sessionManager.setSessionValidationSchedulerEnabled(true);
        sessionManager.setSessionDAO(sessionDAO);
        SimpleCookie sessionIdCookie = new SimpleCookie("study-session-id");
        sessionIdCookie.setHttpOnly(true);
        sessionIdCookie.setMaxAge(-1);
        sessionManager.setSessionIdCookie(sessionIdCookie);
        sessionManager.setSessionIdCookieEnabled(true);
        return sessionManager;
    }

    @Bean
    public DefaultWebSecurityManager getSecurityManager(Realm memberRealm, EhCacheManager cacheManager,
            SessionManager sessionManager, RememberMeManager rememberMeManager) {// 7
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(memberRealm);
        securityManager.setCacheManager(cacheManager);
        securityManager.setSessionManager(sessionManager);
        securityManager.setRememberMeManager(rememberMeManager);
        return securityManager;
    }

    public FormAuthenticationFilter getLoginFilter() { // 在ShiroFilterFactoryBean中使用
        FormAuthenticationFilter filter = new FormAuthenticationFilter();
        filter.setUsernameParam("mid");
        filter.setPasswordParam("password");
        filter.setRememberMeParam("rememberMe");
        filter.setLoginUrl("/loginPage");    // 登录提交页面
        filter.setFailureKeyAttribute("error");
        return filter;
    }

    public LogoutFilter getLogoutFilter() { // 在ShiroFilterFactoryBean中使用
        LogoutFilter logoutFilter = new LogoutFilter();
        logoutFilter.setRedirectUrl("/");    // 首页路径,登录注销后回到的页面
        return logoutFilter;
    }

    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/loginPage");    // 设置登录页路径
        shiroFilterFactoryBean.setSuccessUrl("/pages/hello");    // 设置跳转成功页
        shiroFilterFactoryBean.setUnauthorizedUrl("/pages/unauthUrl");    // 授权错误页
        Map<String, Filter> filters = new HashMap<String, Filter>();
        filters.put("authc", this.getLoginFilter());
        filters.put("logout", this.getLogoutFilter());
        shiroFilterFactoryBean.setFilters(filters);
        Map<String, String> filterChainDefinitionMap = new HashMap<String, String>();
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/loginPage", "authc");    // 定义内置登录处理
        filterChainDefinitionMap.put("/pages/back/**", "authc");
        filterChainDefinitionMap.put("/*", "anon");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }
}

在src/main/resources 目录之中编写ehcache.xml 配置文件;

<?xml version="1.1" encoding="UTF-8"?>
<ehcache name="shirocache">

    <diskStore path="java.io.tmpdir"/>

     <defaultCache
        maxElementsInMemory="2000"
        eternal="true"
        timeToIdleSeconds="120"
        timeToLiveSeconds="120"
        overflowToDisk="true"/>

<!--     <cache name="diskCache"
           maxEntriesLocalHeap="2000"
           eternal="false"
           timeToIdleSeconds="300"
           timeToLiveSeconds="0"
           overflowToDisk="false"
           statistics="true">
    </cache> -->

    <cache name="passwordRetryCache"
           maxElementsInMemory="2000"
           eternal="false"
           timeToIdleSeconds="300"
           timeToLiveSeconds="0"
           overflowToDisk="false">
    </cache>

    <cache name="authorizationCache"
           maxElementsInMemory="2000"
           eternal="false"
           timeToIdleSeconds="1800"
           timeToLiveSeconds="0"
           overflowToDisk="false">
    </cache>

    <cache name="authenticationCache"
           maxElementsInMemory="2000"
           eternal="false"
           timeToIdleSeconds="1800"
           timeToLiveSeconds="0"
           overflowToDisk="false">
    </cache>

    <cache name="shiro-activeSessionCache"
           maxElementsInMemory="2000"
           eternal="false"
           timeToIdleSeconds="1800"
           timeToLiveSeconds="0"
           overflowToDisk="false">
    </cache>
</ehcache>

5、 【microboot-shiro-web】建立一个控制器

package cn.study.microboot.controller;

import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DeptController {
    @RequiresRoles("dept")
    @RequestMapping("/pages/back/dept/get")
    public String get() {
        return "部门信息" ;
    }
}

6、 【microboot-shiro-web】登录出现了错误之后应该跑到表单上,所以建立一个 MemberController,这个程序类负责此跳转处理

package cn.study.microboot.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class MemberController {
    @RequestMapping({"/loginPage"})
    public String get() {
        return "member_login";
    }
}

7、 【microboot-shiro-web】建立一个 templates/member_login.html 的页面;

<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>SpringBoot模版渲染</title>
    <script type="text/javascript" th:src="@{/js/main.js}"></script>
    <link rel="icon" type="image/x-icon" href="/images/study.ico"/>
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
</head>
<body>
    <h1>用户登录表单、<span th:text="${error}"/></h1>
    <form th:action="@{/loginPage}" method="post">
        登录名:<input type="text" name="mid" value="studyjava"/><br/>
        密&nbsp;码:<input type="text" name="password" value="hello"/><br/>
        <input type="submit" value="登录"/>
    </form>
</body>
</html>

此时实现了一个最基础的整合处理操作。

2.4、使用 Redis 进行数据缓存

现在是使用了 EHCache 缓存组件进行了缓存处理,而实际的项目之中往往会利用 Redis 实现缓存配置,那么下面将对程序进 行一些修改。

1、 【microboot-shiro-web】如果要进行缓存的使用,则首先一定要配置缓存处理类;

package cn.study.microboot.cache;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.connection.RedisConnection;
import org.springframework.data.redis.core.RedisCallback;
import org.springframework.data.redis.core.RedisTemplate;

public class RedisCache<K, V> implements Cache<K, V> {
    private Log log = LogFactory.getLog(RedisCache.class);
    private RedisTemplate<String, Object> redisTempate; // 要提供有Redis处理工具类
    public RedisCache(RedisTemplate<String, Object> redisTempate) {
        this.redisTempate = redisTempate;
    }
    @Override
    public V get(K key) throws CacheException {
        log.info("### get() : K = " + key);
        return (V) this.redisTempate.opsForValue().get(key.toString());
    }
    @Override
    public V put(K key, V value) throws CacheException {
        log.info("### put() : K = " + key + "、V = " + value);
        this.redisTempate.opsForValue().set(key.toString(), value);
        return value;
    }

    @Override
    public V remove(K key) throws CacheException {
        log.info("### remove() : K = " + key);
        V val = this.get(key);
        this.redisTempate.delete(key.toString());
        return val;
    }

    @Override
    public void clear() throws CacheException {
        log.info("### clear()");
        this.redisTempate.execute(new RedisCallback<Boolean>() {
            @Override
            public Boolean doInRedis(RedisConnection connection)
                    throws DataAccessException {
                connection.flushDb(); // 清空数据库
                return true;
            }
        });
    }

    @Override
    public int size() {
        log.info("### size()");
        return this.redisTempate.execute(new RedisCallback<Integer>() {
            @Override
            public Integer doInRedis(RedisConnection connection)
                    throws DataAccessException {
                return connection.keys("*".getBytes()).size();
            }
        });
    }

    @Override
    public Set<K> keys() {
        log.info("### keys()");
        return this.redisTempate.execute(new RedisCallback<Set<K>>() {
            @Override
            public Set<K> doInRedis(RedisConnection connection)
                    throws DataAccessException {
                Set<K> set = new HashSet<K>();
                Set<byte[]> keys = connection.keys("*".getBytes());
                Iterator<byte[]> iter = keys.iterator();
                while (iter.hasNext()) {
                    set.add((K) iter.next());
                }
                return set;
            }
        });
    }

    @Override
    public Collection<V> values() {
        log.info("### values()");
        return this.redisTempate.execute(new RedisCallback<Set<V>>() {
            @Override
            public Set<V> doInRedis(RedisConnection connection)
                    throws DataAccessException {
                Set<V> set = new HashSet<V>();
                Set<byte[]> keys = connection.keys("*".getBytes());
                Iterator<byte[]> iter = keys.iterator();
                while (iter.hasNext()) {
                    set.add((V) connection.get(iter.next()));
                }
                return set;
            }
        });
    }
}

2、 【microboot-shiro-web】进行 Redis 缓存管理类的配置

package cn.study.microboot.cache;

import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;

import javax.annotation.Resource;

import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.apache.shiro.cache.CacheManager;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
@Component
public class RedisCacheManager implements CacheManager {
    // CacheManager负责所有数据的缓存,那么对于数据而言,应该保存在缓存里面
    private final ConcurrentMap<String, Cache> caches = new ConcurrentHashMap<String, Cache>();
    @Resource
    private RedisTemplate<String, Object> redisTemplate;
    @Override
    public Cache<Object, Object> getCache(String name) throws CacheException {
        Cache<Object, Object> cache = this.caches.get(name); // 通过Map取得cache数据
        if (cache == null) { // 当前的集合里面没有Cache的数据
            cache = new RedisCache(this.redisTemplate); // 实例化一个新的Cache对象
            this.caches.put(name, cache);
        }
        return cache;
    }

}

3、 【microboot-shiro-web】配置一个 Shiro 中的 Session 管理操作

package cn.study.microboot.session;

import java.io.Serializable;

import javax.annotation.Resource;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;
// 此时的类将实现SessionDAO的改写
import org.springframework.data.redis.core.RedisTemplate;
public class RedisSessionDAO extends EnterpriseCacheSessionDAO {
    private Log log = LogFactory.getLog(RedisSessionDAO.class);
    @Resource
    private RedisTemplate<String, Object> redisTempate; // 要提供有Redis处理工具类
    @Override
    protected Serializable doCreate(Session session) { // 创建Session,返回session id
        log.info("*** doCreate : " + session);
        Serializable sessionId = super.doCreate(session); // 创建sessionid
        // 将当前创建好的Session的数据保存在Redis数据库里面
        this.redisTempate.opsForValue().set(sessionId.toString(), session,
                1800);
        return sessionId;
    }
    @Override
    protected Session doReadSession(Serializable sessionId) { // 根据session
                                                                // id读取session数据
        log.info("*** doReadSession : " + sessionId);
        Session session = super.doReadSession(sessionId); // 读取Session数据
        if (session == null) { // 现在没有读取到session数据,通过Redis读取
            return (Session) this.redisTempate.opsForValue()
                    .get(sessionId.toString());
        }
        return null;
    }
    @Override
    protected void doUpdate(Session session) { // 实现Session更新,每次操作都要更新
        log.info("*** doUpdate : " + session);
        super.doUpdate(session);
        if (session != null) {
            this.redisTempate.opsForValue().set(session.getId().toString(),
                    session, 1800);
        }
    }
    @Override
    protected void doDelete(Session session) { // session的删除处理
        log.info("*** doDelete : " + session);
        super.doDelete(session);
        this.redisTempate.delete(session.getId().toString());
    }
}

4、 【microboot-shiro-web】在当前的项目开发过程之中,配置 Shiro 的 Bean 里面所使用的还是 EHCache 缓存组件,所以需要进 行更换处理。

· 更换现在要使用的 SessionDAO 实现子类:

· 更换使用的缓存组件:

  1 package cn.mldn.microboot.config;
  2 import java.util.HashMap;
  3 import java.util.Map;
  4
  5 import javax.servlet.Filter;
  6
  7 import org.apache.shiro.mgt.RememberMeManager;
  8 import org.apache.shiro.realm.Realm;
  9 import org.apache.shiro.session.mgt.SessionManager;
 10 import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
 11 import org.apache.shiro.session.mgt.eis.SessionDAO;
 12 import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
 13 import org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler;
 14 import org.apache.shiro.spring.LifecycleBeanPostProcessor;
 15 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 16 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
 17 import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
 18 import org.apache.shiro.web.filter.authc.LogoutFilter;
 19 import org.apache.shiro.web.mgt.CookieRememberMeManager;
 20 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 21 import org.apache.shiro.web.servlet.SimpleCookie;
 22 import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
 23 import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
 24 import org.springframework.context.annotation.Bean;
 25 import org.springframework.context.annotation.Configuration;
 26 import org.springframework.context.annotation.DependsOn;
 27
 28 import cn.mldn.microboot.cache.RedisCacheManager;
 29 import cn.mldn.microboot.realm.CustomerCredentialsMatcher;
 30 import cn.mldn.microboot.realm.MemberRealm;
 31 import cn.mldn.microboot.session.RedisSessionDAO;
 32
 33 @Configuration
 34 public class ShiroConfig {
 35     @Bean
 36     public MemberRealm getRealm() {// 1、获取配置的Realm,之所以没使用注解配置,是因为此处需要考虑到加密处理
 37         MemberRealm realm = new MemberRealm();
 38         realm.setCredentialsMatcher(new CustomerCredentialsMatcher());
 39         return realm;
 40     }
 41
 42     @Bean(name = "lifecycleBeanPostProcessor")
 43     public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
 44         return new LifecycleBeanPostProcessor();
 45     }
 46
 47     @Bean
 48     @DependsOn("lifecycleBeanPostProcessor")
 49     public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
 50         DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
 51         daap.setProxyTargetClass(true);
 52         return daap;
 53     }
 54
 55 //    @Bean
 56 //    public EhCacheManager getCacheManager() {// 2、缓存配置
 57 //        EhCacheManager cacheManager = new EhCacheManager();
 58 //        cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
 59 //        return cacheManager;
 60 //    }
 61
 62     @Bean
 63     public SessionIdGenerator getSessionIdGenerator() { // 3
 64         return new JavaUuidSessionIdGenerator();
 65     }
 66     //更换现在要使用的 SessionDAO 实现子类
 67     @Bean
 68     public SessionDAO getSessionDAO(SessionIdGenerator sessionIdGenerator) { // 4
 69         RedisSessionDAO sessionDAO = new RedisSessionDAO();    // 使用Redis进行Session管理
 70         sessionDAO.setActiveSessionsCacheName("shiro-activeSessionCache");
 71         sessionDAO.setSessionIdGenerator(sessionIdGenerator);
 72         return sessionDAO;
 73     }
 74
 75     @Bean
 76     public RememberMeManager getRememberManager() { // 5
 77         CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
 78         SimpleCookie cookie = new SimpleCookie("MLDNJAVA-RememberMe");
 79         cookie.setHttpOnly(true);
 80         cookie.setMaxAge(3600);
 81         rememberMeManager.setCookie(cookie);
 82         return rememberMeManager;
 83     }
 84
 85     @Bean
 86     public QuartzSessionValidationScheduler getQuartzSessionValidationScheduler() {
 87         QuartzSessionValidationScheduler sessionValidationScheduler = new QuartzSessionValidationScheduler();
 88         sessionValidationScheduler.setSessionValidationInterval(100000);
 89         return sessionValidationScheduler;
 90     }
 91
 92     @Bean
 93     public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(
 94             DefaultWebSecurityManager securityManager) {
 95         AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
 96         aasa.setSecurityManager(securityManager);
 97         return aasa;
 98     }
 99
100     @Bean
101     public DefaultWebSessionManager getSessionManager(SessionDAO sessionDAO,
102             QuartzSessionValidationScheduler sessionValidationScheduler) { // 6
103         DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
104         sessionManager.setGlobalSessionTimeout(1000000);
105         sessionManager.setDeleteInvalidSessions(true);
106         sessionManager.setSessionValidationScheduler(sessionValidationScheduler);
107         sessionManager.setSessionValidationSchedulerEnabled(true);
108         sessionManager.setSessionDAO(sessionDAO);
109         SimpleCookie sessionIdCookie = new SimpleCookie("mldn-session-id");
110         sessionIdCookie.setHttpOnly(true);
111         sessionIdCookie.setMaxAge(-1);
112         sessionManager.setSessionIdCookie(sessionIdCookie);
113         sessionManager.setSessionIdCookieEnabled(true);
114         return sessionManager;
115     }
116      //更换使用的缓存组件
117     @Bean
118     public DefaultWebSecurityManager getSecurityManager(Realm memberRealm, RedisCacheManager cacheManager,
119             SessionManager sessionManager, RememberMeManager rememberMeManager) {// 7
120         DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
121         securityManager.setRealm(memberRealm);
122         securityManager.setCacheManager(cacheManager);
123         securityManager.setSessionManager(sessionManager);
124         securityManager.setRememberMeManager(rememberMeManager);
125         return securityManager;
126     }
127
128     public FormAuthenticationFilter getLoginFilter() { // 在ShiroFilterFactoryBean中使用
129         FormAuthenticationFilter filter = new FormAuthenticationFilter();
130         filter.setUsernameParam("mid");
131         filter.setPasswordParam("password");
132         filter.setRememberMeParam("rememberMe");
133         filter.setLoginUrl("/loginPage");    // 登录提交页面
134         filter.setFailureKeyAttribute("error");
135         return filter;
136     }
137
138     public LogoutFilter getLogoutFilter() { // 在ShiroFilterFactoryBean中使用
139         LogoutFilter logoutFilter = new LogoutFilter();
140         logoutFilter.setRedirectUrl("/");    // 首页路径,登录注销后回到的页面
141         return logoutFilter;
142     }
143
144     @Bean
145     public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
146         ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
147         // 必须设置 SecurityManager
148         shiroFilterFactoryBean.setSecurityManager(securityManager);
149         shiroFilterFactoryBean.setLoginUrl("/loginPage");    // 设置登录页路径
150         shiroFilterFactoryBean.setSuccessUrl("/pages/hello");    // 设置跳转成功页
151         shiroFilterFactoryBean.setUnauthorizedUrl("/pages/unauthUrl");    // 授权错误页
152         Map<String, Filter> filters = new HashMap<String, Filter>();
153         filters.put("authc", this.getLoginFilter());
154         filters.put("logout", this.getLogoutFilter());
155         shiroFilterFactoryBean.setFilters(filters);
156         Map<String, String> filterChainDefinitionMap = new HashMap<String, String>();
157         filterChainDefinitionMap.put("/logout", "logout");
158         filterChainDefinitionMap.put("/loginPage", "authc");    // 定义内置登录处理
159         filterChainDefinitionMap.put("/pages/back/**", "authc");
160         filterChainDefinitionMap.put("/*", "anon");
161         shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
162         return shiroFilterFactoryBean;
163     }
164 }

5、 【microboot-shiro-web】修改 application.yml 配置文件进行 Redis 配置:

spring:
  redis:
    host: x.x.x.x
    port: 6379
    password: studyjava
    timeout: 1000
    database: 0
    pool:
      max-active: 10
      max-idle: 8
      min-idle: 2
      max-wait: 100
server:
  port: 8080

6、 【microboot-shiro-web】建立一个 RedisTemplate 的配置程序类。

· 定义 Redis 序列化管理器:

package cn.study.microboot.util;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.serializer.support.DeserializingConverter;
import org.springframework.core.serializer.support.SerializingConverter;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.data.redis.serializer.SerializationException;
public class RedisObjectSerializer implements RedisSerializer<Object> {
    private Converter<Object, byte[]> serializer = new SerializingConverter();
    private Converter<byte[], Object> deserializer = new DeserializingConverter();
    private static final byte[] EMPTY_ARRAY = new byte[0];
    @Override
    public byte[] serialize(Object object) throws SerializationException {
        if (object == null) {
            return EMPTY_ARRAY;
        }
        try {
            return serializer.convert(object);
        } catch (Exception ex) {
            return EMPTY_ARRAY;
        }
    }
    @Override
    public Object deserialize(byte[] bytes) throws SerializationException {
        if (this.isEmpty(bytes)) {
            return null;
        }
        try {
            return deserializer.convert(bytes);
        } catch (Exception ex) {
            throw new SerializationException("序列化对象出错!", ex);
        }
    }
    private boolean isEmpty(byte[] data) {
        return (data == null || data.length == 0);
    }
}

· 实现 RedisTemplate 配置程序类:

package cn.study.microboot.config;

import cn.study.microboot.util.RedisObjectSerializer;
import javax.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;

@Configuration
public class RedisConfig {
    @Resource
    private JedisConnectionFactory jedisConnectionFactory;

    @Bean({"shiroRedis"})
    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory factory) {
        RedisTemplate template = new RedisTemplate();
        template.setConnectionFactory(this.jedisConnectionFactory);
        template.setKeySerializer(new StringRedisSerializer());
        template.setValueSerializer(new RedisObjectSerializer());
        return template;
    }
}

此时就使用了 Redis 实现了缓存处理,这样将适合于分布式集群开发。

2.5、thymeleaf 整合 Shiro 标签

在使用 JSP 的时候可以直接在 JSP 页面之中使用 shiro 标签来判断用户是否登录或者来进行授权检测,但是在 SpringBoot 里面 所使用的页面技术为 thymeleaf,那么如果要想在这样的模版页面之中实现 Shiro 控制,就必须去引入新的依赖包,同时做出一些新 的配置

1、 【microboot-shiro-web】修改 pom.xml 配置文件,追加 thymeleaf 与 shiro 的整合依赖:

        <dependency>
            <groupId>com.github.theborakompanioni</groupId>
            <artifactId>thymeleaf-extras-shiro</artifactId>
            <version>1.2.1</version>
        </dependency>

2、 【microboot-shiro-web】随后需要修改一下 Shiro 配置类,在这个配置类之中需要启用 Shiro 页面支持:

package cn.study.microboot.config;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.Filter;

import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
import org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import cn.study.microboot.cache.RedisCacheManager;
import cn.study.microboot.realm.CustomerCredentialsMatcher;
import cn.study.microboot.realm.MemberRealm;
import cn.study.microboot.session.RedisSessionDAO;

@Configuration
public class ShiroConfig {
    @Bean
    public ShiroDialect getShiroDialect() {    // 必须配置此操作才可以使用thymeleaf-extras-shiro开发包
        return new ShiroDialect() ;
    }
    
    @Bean
    public MemberRealm getRealm() {// 1、获取配置的Realm,之所以没使用注解配置,是因为此处需要考虑到加密处理
        MemberRealm realm = new MemberRealm();
        realm.setCredentialsMatcher(new CustomerCredentialsMatcher());
        return realm;
    }

    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
        daap.setProxyTargetClass(true);
        return daap;
    }

//    @Bean
//    public EhCacheManager getCacheManager() {// 2、缓存配置
//        EhCacheManager cacheManager = new EhCacheManager();
//        cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
//        return cacheManager;
//    }

    @Bean
    public SessionIdGenerator getSessionIdGenerator() { // 3
        return new JavaUuidSessionIdGenerator();
    }

    @Bean
    public SessionDAO getSessionDAO(SessionIdGenerator sessionIdGenerator) { // 4
        RedisSessionDAO sessionDAO = new RedisSessionDAO();    // 使用Redis进行Session管理
        sessionDAO.setActiveSessionsCacheName("shiro-activeSessionCache");
        sessionDAO.setSessionIdGenerator(sessionIdGenerator);
        return sessionDAO;
    }

    @Bean
    public RememberMeManager getRememberManager() { // 5
        CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
        SimpleCookie cookie = new SimpleCookie("studyJAVA-RememberMe");
        cookie.setHttpOnly(true);
        cookie.setMaxAge(3600);
        rememberMeManager.setCookie(cookie);
        return rememberMeManager;
    }

    @Bean
    public QuartzSessionValidationScheduler getQuartzSessionValidationScheduler() {
        QuartzSessionValidationScheduler sessionValidationScheduler = new QuartzSessionValidationScheduler();
        sessionValidationScheduler.setSessionValidationInterval(100000);
        return sessionValidationScheduler;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(
            DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
        aasa.setSecurityManager(securityManager);
        return aasa;
    }

    @Bean
    public DefaultWebSessionManager getSessionManager(SessionDAO sessionDAO,
            QuartzSessionValidationScheduler sessionValidationScheduler) { // 6
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setGlobalSessionTimeout(1000000);
        sessionManager.setDeleteInvalidSessions(true);
        sessionManager.setSessionValidationScheduler(sessionValidationScheduler);
        sessionManager.setSessionValidationSchedulerEnabled(true);
        sessionManager.setSessionDAO(sessionDAO);
        SimpleCookie sessionIdCookie = new SimpleCookie("study-session-id");
        sessionIdCookie.setHttpOnly(true);
        sessionIdCookie.setMaxAge(-1);
        sessionManager.setSessionIdCookie(sessionIdCookie);
        sessionManager.setSessionIdCookieEnabled(true);
        return sessionManager;
    }

    @Bean
    public DefaultWebSecurityManager getSecurityManager(Realm memberRealm, RedisCacheManager cacheManager,
            SessionManager sessionManager, RememberMeManager rememberMeManager) {// 7
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(memberRealm);
        securityManager.setCacheManager(cacheManager);
        securityManager.setSessionManager(sessionManager);
        securityManager.setRememberMeManager(rememberMeManager);
        return securityManager;
    }

    public FormAuthenticationFilter getLoginFilter() { // 在ShiroFilterFactoryBean中使用
        FormAuthenticationFilter filter = new FormAuthenticationFilter();
        filter.setUsernameParam("mid");
        filter.setPasswordParam("password");
        filter.setRememberMeParam("rememberMe");
        filter.setLoginUrl("/loginPage");    // 登录提交页面
        filter.setFailureKeyAttribute("error");
        return filter;
    }

    public LogoutFilter getLogoutFilter() { // 在ShiroFilterFactoryBean中使用
        LogoutFilter logoutFilter = new LogoutFilter();
        logoutFilter.setRedirectUrl("/");    // 首页路径,登录注销后回到的页面
        return logoutFilter;
    }

    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/loginPage");    // 设置登录页路径
        shiroFilterFactoryBean.setSuccessUrl("/pages/hello");    // 设置跳转成功页
        shiroFilterFactoryBean.setUnauthorizedUrl("/pages/unauthUrl");    // 授权错误页
        Map<String, Filter> filters = new HashMap<String, Filter>();
        filters.put("authc", this.getLoginFilter());
        filters.put("logout", this.getLogoutFilter());
        shiroFilterFactoryBean.setFilters(filters);
        Map<String, String> filterChainDefinitionMap = new HashMap<String, String>();
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/loginPage", "authc");    // 定义内置登录处理
        filterChainDefinitionMap.put("/pages/back/**", "authc");
        filterChainDefinitionMap.put("/*", "anon");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }
}

3、 【microboot-shiro-web】建立一个新的页面:dept_show.html 页面;

· 修改 DeptController 程序类进行一个跳转的配置:

package cn.study.microboot.controller;

import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class DeptController {
    @RequiresAuthentication
    @RequestMapping("/pages/back/dept/get")
    @ResponseBody
    public String get() {
        return "部门信息" ;
    }
    @RequestMapping("/pages/back/dept/show")
    public String show() {
        return "dept_show" ;
    }
}

· 建立 dept_show.html 页面,而后在页面之中需要编写以下代码:

<!DOCTYPE HTML>
<html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
<head>
    <title>SpringBoot模版渲染</title>
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
</head>
<body>
    <h1>显示部门信息的内容</h1>
        <h2>欢迎:<shiro:principal/></h2>
</body>
</html>

4、 【microboot-shiro-web】修改 dept_show.html 页面进行认证与授权的处理操作。

<!DOCTYPE HTML>
<html xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
<head>
    <title>SpringBoot模版渲染</title>
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
</head>
<body>
    <h1>显示部门信息的内容</h1>
    <h2>欢迎:<shiro:principal/></h2>
    <p><a shiro:hasRole="emp">雇员管理</a></p>
    <p><a shiro:hasRole="dept">部门管理</a></p>
    <p><a shiro:hasPermission="emp:add">雇员增加</a></p>
    <p><a shiro:hasPermission="dept:edit">部门修改</a></p>
    <p shiro:notAuthenticated="">您还未登录,请先登录!</p>
    <p shiro:authenticated="">欢迎光临!</p>
</body>
</html>

如果在以后进行 Shiro 与 SpringBoot 整合的时候一定要考虑使用如上的标签进行整体处理。

3、总结

SpringBoot 总结:

· 优点:

|- Rest 支持度高,整体的开发难度相对于 SSM、SSH 整合还是挺简单的;

|- 与各个服务的单一集成很方便,但是如果要进行多集成就非常麻烦了,需要编写各种配置类;

|- thymeleaf 作为一款优秀的页面模版工具,所带来的功能的确强悍,页面开发更简单;

|- 与它想整合的开发框架整合方便;

|- 方便使用 jar 包进行项目部署与发布;

· 缺点:

|- thymeleaf 页面开发要求较高,因为语法严格;

|- 太简单了,让人不适应。

SpringBoot 中的 Rest 就是迈向 SpringCloud 的第一步。

原文地址:https://www.cnblogs.com/leeSmall/p/8735436.html

时间: 2024-11-06 20:44:16

SpringBoot系列十二:SpringBoot整合 Shiro的相关文章

springboot系列十、springboot整合redis

一.简介 Redis 的数据库的整合在 java 里面提供的官方工具包:jedis,所以即便你现在使用的是 SpringBoot,那么也继续使用此开发包. 二.redidTemplate操作 在 Spring 支持的 Redis 操作之中提供有一个 RedisTemplate 处理程序类,利用这个类可以非常方便的实现 Redis 的各种基本数 据操作. 1.引入依赖 <dependency> <groupId>org.springframework.boot</groupId

struts2官方 中文教程 系列十二:控制标签

介绍 struts2有一些控制语句的标签,本教程中我们将讨论如何使用 if 和iterator 标签.更多的控制标签可以参见 tags reference. 到此我们新建一个struts2 web 项目:struts_basic2 本帖地址:struts2官方 中文教程 系列十二:控制标签 即 http://www.cnblogs.com/linghaoxinpian/p/6941683.html 下载本章节代码 struts2 if标签 我们在thankyou.jsp中添加如下代码: <s:i

SQL Server 2008空间数据应用系列十二:Bing Maps中呈现GeoRSS订阅的空间数据

原文:SQL Server 2008空间数据应用系列十二:Bing Maps中呈现GeoRSS订阅的空间数据 友情提示,您阅读本篇博文的先决条件如下: 1.本文示例基于Microsoft SQL Server 2008 R2调测. 2.具备 Transact-SQL 编程经验和使用 SQL Server Management Studio 的经验. 3.熟悉或了解Microsoft SQL Server 2008中的空间数据类型. 4.具备相应(比如OGC规范.KML规范)的GIS专业理论知识.

Exchange Server 2013系列十二:邮箱的基本管理

杜飞 邮箱是 Exchange 组织中信息工作人员最常用的收件人类型.每个邮箱都与一个 Active Directory 用户帐户关联.用户可以使用邮箱发送和接收邮件,并可以存储邮件.约会.任务.便笺和文档.邮箱是 Exchange 组织中用户的主要邮件传递和协作工具.每个邮箱由 Active Directory 用户以及存储在 Exchange 邮箱数据库中的邮箱数据组成(如下图所示).邮箱的所有配置数据都存储在 Exchange 用户对象的 Active Directory 属性中.邮箱数据

Silverlight &amp; Blend动画设计系列十二:三角函数(Trigonometry)动画之自由旋转(Free-form rotation)

原文:Silverlight & Blend动画设计系列十二:三角函数(Trigonometry)动画之自由旋转(Free-form rotation) 说到对象的旋转,或许就会联想到对象角度的概念.对象的旋转实现实际上就是利用对象的角度改变来实现的位置变换,在<Silverlight & Blend动画设计系列二:旋转动画(RotateTransform)>一文中有对对象的不同角度变换的实现介绍,本篇要介绍的自由旋转(Free-form rotation)将借助<Fun

springboot使用之二:整合mybatis(xml方式)并添加PageHelper插件

整合mybatis实在前面项目的基础上进行的,前面项目具体整合请参照springboot使用之一. 一.整合mybatis 整合mybatis的时候可以从mybatis官网下载mybatis官网整合的项目mybatis-spring-boot-start.对原理感兴趣可以研究2一下,这里只叙述步骤. 引入依赖: <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybati

SpringBoot | 第十二章:RabbitMQ的集成和使用

前言 上节讲了缓存数据库redis的使用,在实际工作中,一般上在系统或者应用间通信或者进行异步通知(登录后发送短信或者邮件等)时,都会使用消息队列进行解决此业务场景的解耦问题.这章节讲解下消息队列RabbitMQ的集成和简单使用示例. RabbitMQ介绍 SpringBoot集成RabbitMQ 总结 最后 老生常谈 RabbitMQ介绍 RabbitMQ是一个开源的AMQP实现,服务器端用Erlang语言编写,支持多种客户端,如:Python.Ruby..NET.Java.JMS.C.PHP

SpringBoot入门 (十二) 定时任务

本文记录在SpringBoot中使用定时任务. 在我们的项目中,经常需要用到定时任务去帮我们做一些事情,比如服务状态监控,业务数据状态的更改等,SpringBoot中实现定时任务有2中方案,一种是自带的,我们只需要加上注解即可:另一种是集成Quartz来实现定时任务. 一 SpringBoot 提供的定时任务 在SpringBoot的starter包中已经提供了对定时任务的支持,我们很容易实现定时任务.修改pom.xml文件,加入如下内容,引入依赖: <dependency> <grou

SpringBoot安全管理--(三)整合shiro

简介: Apache Shiro 是一一个开源的轻量级的Java安全框架,它提供身份验证.授权.密码管理以及会话管理等功能. 相对于Spring Security, Shiro框架更加直观.易用,同时也能提供健壮的安全性.在传统的SSM框架中,手动整合Shiro的配置步骤还是比较多的,针对Spring Boot, Shiro 官方提供了shiro-spring-boot-web-starter 用来简化Shiro 在Spring Boot 中的配置. pom.xml <dependency>