【Apache Shiro】學習筆記三

如何給Java環境配置最簡單的Shiro環境css

@Bean
public SecurityManager securityManager(){
    DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
    //設置realm.
    securityManager.setRealm(userRealm());
    // 自定義緩存實現 使用redis
    if(Constant.CACHE_TYPE_REDIS.equals(cacheType)){
        securityManager.setCacheManager(cacheManager());
    }else {
        securityManager.setCacheManager(ehCacheManager());
    }
    securityManager.setSessionManager(sessionManager());
    return securityManager;
}

    核心代碼是前兩行,講Realm內置到SecurityManaager就能夠了。由於Realm像前文講的同樣,是與系統交互的主要橋樑。redis

給Shiro設置Filterapache

@Bean
   ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
   ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
   shiroFilterFactoryBean.setSecurityManager(securityManager);
   shiroFilterFactoryBean.setLoginUrl("/login");
   shiroFilterFactoryBean.setSuccessUrl("/index");
   shiroFilterFactoryBean.setUnauthorizedUrl("/403");
   LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
   filterChainDefinitionMap.put("/login", "anon");
   filterChainDefinitionMap.put("/css/**", "anon");
   filterChainDefinitionMap.put("/js/**", "anon");
   filterChainDefinitionMap.put("/fonts/**", "anon");
   filterChainDefinitionMap.put("/img/**", "anon");
   filterChainDefinitionMap.put("/docs/**", "anon");
   filterChainDefinitionMap.put("/druid/**", "anon");
   filterChainDefinitionMap.put("/upload/**", "perms[act:model:edit]");
   filterChainDefinitionMap.put("/student/**","roles["admin,normal,assistant"]");
   filterChainDefinitionMap.put("/logout", "logout");
   filterChainDefinitionMap.put("/", "anon");
   filterChainDefinitionMap.put("/**", "authc");
   shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
   return shiroFilterFactoryBean;
}

Filter主要是給Shiro設置一切基礎策略,也能夠用配置文件進行配置,不過依然是須要重啓應用才能生效的。緩存

anno表明不須要受權便可訪問,對於靜態資源,訪問權限都設置爲annosession

authc表示須要登陸纔可訪問ui

perms[act:model:edit] 權限配置orm

roles["admin,normal,assistant"] 角色配置繼承

注:非鑑權接口須要在這裏面配置接口

Realm的一個實現資源

1.建立類繼承  AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)

    使用此類做爲父類的緣由咱們能夠看到,其已經繼承了身份認證的Realm父類

public abstract class AuthorizingRealm extends AuthenticatingRealm implements Authorizer, Initializable, PermissionResolverAware, RolePermissionResolverAware

    實現doGetAuthorizationInfo方法

    該方法主要是返回受權的信息,通常的作法是,用戶經過認證以後,須要知道用戶都有哪些頁面或者哪些操做的受權。

SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.setStringPermissions(perms);

    實現doGetAuthenticationInfo方法

    該方法主要是作身份認證的時候的判斷邏輯

// 帳號不存在
if (user == null) {
   throw new UnknownAccountException("帳號或密碼不正確");
}

// 密碼錯誤
if (!password.equals(user.getPassword())) {
   throw new IncorrectCredentialsException("帳號或密碼不正確");
}

// 帳號鎖定
if (user.getStatus() == 0) {
   throw new LockedAccountException("帳號已被鎖定,請聯繫管理員");
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());

其餘的方法邏輯還有不少,根據須要實現的業務邏輯添加劇寫便可,後面使用到了再增長文檔

相關文章
相關標籤/搜索