shiro三連斬之第三斬,整合 springboot
shiro愛springboot中使用 ,還有thymeleaf前端框架。主要是如何配置css
pom.xml配置依賴html
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.3.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com</groupId> <artifactId>bpms</artifactId> <version>0.0.1-SNAPSHOT</version> <name>bpms</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.0.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <!--json格式轉換--> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.9.8</version> </dependency> <!--分頁插件--> <dependency> <groupId>com.github.pagehelper</groupId> <artifactId>pagehelper-spring-boot-starter</artifactId> <version>1.2.3</version> </dependency> <!--認證,受權,加密相關--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> <!--Druid提供強大的監控和擴展功能--> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid-spring-boot-starter</artifactId> <version>1.1.14</version> </dependency> <!--thyemleaf中支持shiro--> <dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <plugin> <groupId>org.mybatis.generator</groupId> <artifactId>mybatis-generator-maven-plugin</artifactId> <version>1.3.7</version> <configuration> <overwrite>true</overwrite> <configurationFile>${basedir}/src/main/resources/generatorConfig.xml</configurationFile> </configuration> <dependencies> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.47</version> </dependency> </dependencies> </plugin> </plugins> </build> </project>
Shiro配置文件的設置前端
package com.bpms.config; import at.pollux.thymeleaf.shiro.dialect.ShiroDialect; import com.bpms.shiro.CustomRealm; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.cache.MemoryConstrainedCacheManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; /*shiro的註冊,springboot沒有配置文件,只有經過java類的形式進行註冊, 關於shiro一共用 普通java類,SSM框架,springboot分別寫了三遍,原理大體是同樣的。區別在於怎麼配置 1.shiro過濾器, 對登陸的用戶進行 認證,受權。對url路徑進行的攔截,須要shiro過濾器 2.shiro管理器,管理認證 受權 緩存 等等。可是都須要建立配置。首先建立安全管理器,去管理各類組件。 3.shiro自定義域。shiro安全管理器中認證須要的組件 4.密碼匹配器。 5.緩存 6.使shiro權限註解生效 7.對類進行aop代理 8.對thymeleaf進行支持 */ @Configuration//說明這個被爲配置信息類,spring 把這個類做爲配置文件處理,把裏面被@Bean修飾的方法返回的對象交給IOC容器管理。注入須要的地方 //這個注入,好像時方法中的參數。會被自動調用 public class ShiroConfig { //Shiro過濾器配置,並注入安全管理器 @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("sm") DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); bean.setLoginUrl("/login.html"); bean.setUnauthorizedUrl("/403.html"); Map map = new LinkedHashMap(); map.put("/login.html", "anon"); map.put("/doLogin", "anon"); map.put("/css/**", "anon"); map.put("/static/**", "anon"); map.put("/js/**", "anon"); map.put("/images/**", "anon"); map.put("/*", "authc"); bean.setFilterChainDefinitionMap(map); bean.setSecurityManager(securityManager); return bean; } //Shiro安全管理器,把域放入安全管理器 @Bean("sm") public DefaultWebSecurityManager securityManager(CustomRealm customRealm) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(customRealm); return securityManager; } //配置自定義域,能夠注入密碼匹配器 @Bean public CustomRealm customRealm(HashedCredentialsMatcher matcher, MemoryConstrainedCacheManager manager) { CustomRealm realm = new CustomRealm(); realm.setCredentialsMatcher(matcher);//注入 realm.setCacheManager(manager); return realm; } //密碼匹配器 @Bean public HashedCredentialsMatcher matcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashAlgorithmName("md5"); matcher.setHashIterations(2); return matcher; } //緩存 @Bean public MemoryConstrainedCacheManager cacheManager() { MemoryConstrainedCacheManager manager = new MemoryConstrainedCacheManager(); return manager; } //使Shiro權限註解生效。讓controller中添加的 對權限,或者角色 後臺攔截的標籤生效 @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } //對類進行aop代理。shiro的認證功能 屬於在請求到達方法前進行的,切面編程。執行aop代理 @Bean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator(); creator.setProxyTargetClass(true); return creator; } //支持thyemleaf @Bean public ShiroDialect shiroDialect() { ShiroDialect dialect = new ShiroDialect(); return dialect; } }
Shiro配置文件中須要的自定義域的編寫,和Shiro第二斬的中一致java
package com.bpms.shiro; import com.bpms.pojo.User; import com.bpms.service.AuthService; import com.bpms.service.UserService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.springframework.beans.factory.annotation.Autowired; import java.util.HashSet; import java.util.List; import java.util.Set; public class CustomRealm extends AuthorizingRealm { @Autowired private UserService userService; @Autowired private AuthService authService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { User user = (User)principalCollection.getPrimaryPrincipal(); List<String> list = authService.findPerms(user.getUserId()); for(String str : list){ System.out.println("受權:"+str); } Set<String> perms= new HashSet<>(list); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setStringPermissions(perms); return info; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String userName = (String) authenticationToken.getPrincipal(); User user = userService.findUserByName(userName); if(user == null){ throw new UnknownAccountException("unkown account"); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),this.getClass().getName()); info.setCredentialsSalt(ByteSource.Util.bytes(user.getSalt())); return info; } }
前端使用thymeleaf框架,使用shiro的標籤mysql
//在thymeleaf框架中,shiro:hasPermission="sys:user:save" 修飾的標籤,若是當前用戶的權限中沒有 匹配 sys:user:save 字段的。就不會顯示。後臺的攔截,參考shiro第二斬 //就是配置的方式不一樣,在使用方面是同樣的。 //在html標籤中作一下聲明,這個HTML頁面爲thymeleaf ,而且能夠使用 shiro標籤 <html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
<a shiro:hasPermission="sys:user:save" class="easyui-linkbutton" data-options="iconCls:'icon-add'" onclick="oepnAddDialog()">添加</a> <a shiro:hasPermission="sys:user:update" class="easyui-linkbutton" data-options="iconCls:'icon-edit'" onclick="openModifyDialog()">修改</a> <a shiro:hasPermission="sys:user:delete" class="easyui-linkbutton" data-options="iconCls:'icon-remove'" onclick="deleteUser()">刪除</a>
相關文章
- 1. SpringBoot整合Shiro 三:整合Mybatis
- 2. springboot整合shiro-Whitelabel Error Page解決(三)
- 3. SpringBoot安全管理--(三)整合shiro
- 4. Shiro--第4天--springboot整合shiro
- 5. springboot整合shiro
- 6. Springboot 整合 shiro
- 7. Springboot整合Shiro
- 8. SpringBoot 整合shiro
- 9. springboot+shiro整合
- 10. SpringBoot整合Shiro
- 更多相關文章...
- • TCP三次握手建立連接的過程 - TCP/IP教程
- • Spring實例化Bean的三種方法 - Spring教程
- • RxJava操作符(三)Filtering
- • 三篇文章瞭解 TiDB 技術內幕——說存儲
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
