Shiro是一個非常不錯的權限框架,它提供了登錄和權限驗證功能
1.創建數據庫腳本
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for module
-- ----------------------------
DROP TABLE IF EXISTS `module`;
CREATE TABLE `module` (`mid` int(11) NOT NULL AUTO_INCREMENT,`mname` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,PRIMARY KEY (`mid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;-- ----------------------------
-- Records of module
-- ----------------------------
INSERT INTO `module` VALUES (1, 'add');
INSERT INTO `module` VALUES (2, 'delete');
INSERT INTO `module` VALUES (3, 'query');
INSERT INTO `module` VALUES (4, 'update');-- ----------------------------
-- Table structure for module_role
-- ----------------------------
DROP TABLE IF EXISTS `module_role`;
CREATE TABLE `module_role` (`rid` int(11) NULL DEFAULT NULL,`mid` int(11) NULL DEFAULT NULL,INDEX `rid`(`rid`) USING BTREE,INDEX `mid`(`mid`) USING BTREE,CONSTRAINT `mid` FOREIGN KEY (`mid`) REFERENCES `module` (`mid`) ON DELETE RESTRICT ON UPDATE RESTRICT,CONSTRAINT `rid` FOREIGN KEY (`rid`) REFERENCES `role` (`rid`) ON DELETE RESTRICT ON UPDATE RESTRICT
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;-- ----------------------------
-- Records of module_role
-- ----------------------------
INSERT INTO `module_role` VALUES (1, 1);
INSERT INTO `module_role` VALUES (1, 2);
INSERT INTO `module_role` VALUES (1, 3);
INSERT INTO `module_role` VALUES (1, 4);
INSERT INTO `module_role` VALUES (2, 1);
INSERT INTO `module_role` VALUES (2, 3);-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (`rid` int(11) NOT NULL AUTO_INCREMENT,`rname` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,PRIMARY KEY (`rid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES (1, 'admin');
INSERT INTO `role` VALUES (2, 'customer');
INSERT INTO `role` VALUES (3, NULL);-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (`uid` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,`password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,PRIMARY KEY (`uid`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES (1, 'hlhdidi', '123');
INSERT INTO `user` VALUES (2, 'xyycici', '1992');
INSERT INTO `user` VALUES (3, 'sujin', '123');-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (`uid` int(11) NULL DEFAULT NULL,`rid` int(11) NULL DEFAULT NULL,INDEX `u_fk`(`uid`) USING BTREE,INDEX `r_fk`(`rid`) USING BTREE,CONSTRAINT `r_fk` FOREIGN KEY (`rid`) REFERENCES `role` (`rid`) ON DELETE RESTRICT ON UPDATE RESTRICT,CONSTRAINT `u_fk` FOREIGN KEY (`uid`) REFERENCES `user` (`uid`) ON DELETE RESTRICT ON UPDATE RESTRICT
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES (1, 1);
INSERT INTO `user_role` VALUES (2, 2);
INSERT INTO `user_role` VALUES (3, 3);SET FOREIGN_KEY_CHECKS = 1;
當新添加一個用戶時,只需要配置權限即可,module_role表中已經配置了什么權限擁有什么樣的功能
SELECT u.*,r.*,m.* FROM user u inner join user_role ur on ur.uid=u.uidinner join role r on r.rid=ur.ridinner join module_role mr on mr.rid=r.ridinner join module m on mr.mid=m.midWHERE username='hlhdidi'; -- xyycici用戶已分配只要兩個權限 add和query
2.pom.xml中添加Springboot集成shiro的相關依賴
<!-- shiro整合springboot所需相關依賴--><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.2.5</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-ehcache</artifactId><version>1.2.5</version></dependency><dependency><groupId>com.github.theborakompanioni</groupId><artifactId>thymeleaf-extras-shiro</artifactId><version>1.2.1</version></dependency>
<!--end.......-->
3.創建實體類
僅列出關鍵實體類,其他實體類無需改動
用戶
package com.king.s5.model;import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
//用戶
public class User implements Serializable{private Integer uid;private String username;private String password;private Set<Role> roles = new HashSet<>();public User(Integer uid, String username, String password) {this.uid = uid;this.username = username;this.password = password;}public User() {super();}public Integer getUid() {return uid;}public void setUid(Integer uid) {this.uid = uid;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public Set<Role> getRoles() {return roles;}public void setRoles(Set<Role> roles) {this.roles = roles;}
}
功能
package com.king.s5.model;import java.util.HashSet;
import java.util.Set;
//功能
public class Module {private Integer mid;private String mname;private Set<Role> roles;public Module(Integer mid, String mname) {this.mid = mid;this.mname = mname;}public Module() {super();}public Integer getMid() {return mid;}public void setMid(Integer mid) {this.mid = mid;}public String getMname() {return mname;}public void setMname(String mname) {this.mname = mname;}public Set<Role> getRoles() {return roles;}public void setRoles(Set<Role> roles) {this.roles = roles;}
}
權限
public class Role {private Integer rid;private String rname;private Set<User> users = new HashSet<>();private Set<Module> Modules = new HashSet<>();public Role(Integer rid, String rname) {this.rid = rid;this.rname = rname;}public Role() {super();}public Integer getRid() {return rid;}public void setRid(Integer rid) {this.rid = rid;}public String getRname() {return rname;}public void setRname(String rname) {this.rname = rname;}public Set<User> getUsers() {return users;}public void setUsers(Set<User> users) {this.users = users;}public Set<Module> getModules() {return Modules;}public void setModules(Set<Module> modules) {Modules = modules;}
}
4.編寫持久層mapper.xml
userMapper.xml,本次只寫到mapper層,不做service層(僅列出關鍵mapper.xml),其他xml無需改變
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.king.s5.mapper.UserMapper" ><resultMap id="BaseResultMap" type="com.king.s5.model.User" ><constructor ><idArg column="uid" jdbcType="INTEGER" javaType="java.lang.Integer" /><arg column="username" jdbcType="VARCHAR" javaType="java.lang.String" /><arg column="password" jdbcType="VARCHAR" javaType="java.lang.String" /></constructor></resultMap><resultMap type="com.king.s5.model.User" id="userMap"><id property="uid" column="uid"/><result property="username" column="username"/><result property="password" column="password"/><collection property="roles" ofType="com.king.s5.model.Role"><id property="rid" column="rid"/><result property="rname" column="rname"/><collection property="modules" ofType="com.king.s5.model.Module"><id property="mid" column="mid"/><result property="mname" column="mname"/></collection></collection></resultMap><sql id="Base_Column_List" >uid, username, password</sql><select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >select <include refid="Base_Column_List" />from userwhere uid = #{uid,jdbcType=INTEGER}</select><select id="queryUserName" parameterType="string" resultMap="userMap">SELECT u.*,r.*,m.* FROM user u inner join user_role ur on ur.uid=u.uidinner join role r on r.rid=ur.ridinner join module_role mr on mr.rid=r.ridinner join module m on mr.mid=m.midWHERE username=#{username};</select><delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >delete from userwhere uid = #{uid,jdbcType=INTEGER}</delete><insert id="insert" parameterType="com.king.s5.model.User" >insert into user (uid, username, password)values (#{uid,jdbcType=INTEGER}, #{username,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR})</insert><insert id="insertSelective" parameterType="com.king.s5.model.User" >insert into user<trim prefix="(" suffix=")" suffixOverrides="," ><if test="uid != null" >uid,</if><if test="username != null" >username,</if><if test="password != null" >password,</if></trim><trim prefix="values (" suffix=")" suffixOverrides="," ><if test="uid != null" >#{uid,jdbcType=INTEGER},</if><if test="username != null" >#{username,jdbcType=VARCHAR},</if><if test="password != null" >#{password,jdbcType=VARCHAR},</if></trim></insert><update id="updateByPrimaryKeySelective" parameterType="com.king.s5.model.User" >update user<set ><if test="username != null" >username = #{username,jdbcType=VARCHAR},</if><if test="password != null" >password = #{password,jdbcType=VARCHAR},</if></set>where uid = #{uid,jdbcType=INTEGER}</update><update id="updateByPrimaryKey" parameterType="com.king.s5.model.User" >update userset username = #{username,jdbcType=VARCHAR},password = #{password,jdbcType=VARCHAR}where uid = #{uid,jdbcType=INTEGER}</update>
</mapper>
moduleMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.king.s5.mapper.ModuleMapper" ><resultMap id="BaseResultMap" type="com.king.s5.model.Module" ><constructor ><idArg column="mid" jdbcType="INTEGER" javaType="java.lang.Integer" /><arg column="mname" jdbcType="VARCHAR" javaType="java.lang.String" /></constructor></resultMap><sql id="Base_Column_List" >mid, mname</sql><select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >select <include refid="Base_Column_List" />from modulewhere mid = #{mid,jdbcType=INTEGER}</select><delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >delete from modulewhere mid = #{mid,jdbcType=INTEGER}</delete><insert id="insert" parameterType="com.king.s5.model.Module" >insert into module (mid, mname)values (#{mid,jdbcType=INTEGER}, #{mname,jdbcType=VARCHAR})</insert><insert id="insertSelective" parameterType="com.king.s5.model.Module" >insert into module<trim prefix="(" suffix=")" suffixOverrides="," ><if test="mid != null" >mid,</if><if test="mname != null" >mname,</if></trim><trim prefix="values (" suffix=")" suffixOverrides="," ><if test="mid != null" >#{mid,jdbcType=INTEGER},</if><if test="mname != null" >#{mname,jdbcType=VARCHAR},</if></trim></insert><update id="updateByPrimaryKeySelective" parameterType="com.king.s5.model.Module" >update module<set ><if test="mname != null" >mname = #{mname,jdbcType=VARCHAR},</if></set>where mid = #{mid,jdbcType=INTEGER}</update><update id="updateByPrimaryKey" parameterType="com.king.s5.model.Module" >update moduleset mname = #{mname,jdbcType=VARCHAR}where mid = #{mid,jdbcType=INTEGER}</update>
</mapper>
5.添加shiro的工具類
認證授權工具類
package com.king.s5.shiro;import com.king.s5.biz.IUserBiz;
import com.king.s5.mapper.UserMapper;
import com.king.s5.model.Module;
import com.king.s5.model.Role;
import com.king.s5.model.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;import java.util.ArrayList;
import java.util.List;
import java.util.Set;public class AuthRealm extends AuthorizingRealm {@Autowiredprivate UserMapper userMapper;//認證.登錄@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {UsernamePasswordToken utoken=(UsernamePasswordToken) token;//獲取用戶輸入的tokenString username = utoken.getUsername();User user = userMapper.queryUserName(username);//放入shiro.調用CredentialsMatcher檢驗密碼return new SimpleAuthenticationInfo(user, user.getPassword(),this.getClass().getName());}//授權@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {//獲取session中的用戶User user=(User) principal.fromRealm(this.getClass().getName()).iterator().next();List<String> permissions=new ArrayList<>();Set<Role> roles = user.getRoles();if(roles.size()>0) {for(Role role : roles) {Set<Module> modules = role.getModules();if(modules.size()>0) {for(Module module : modules) {permissions.add(module.getMname());}}}}SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();//將權限放入shiro中.info.addStringPermissions(permissions);return info;}
}
權限用戶密碼校驗類
package com.king.s5.shiro;import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;public class CredentialsMatcher extends SimpleCredentialsMatcher {//校驗@Overridepublic boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {UsernamePasswordToken utoken=(UsernamePasswordToken) token;//獲得用戶輸入的密碼:(可以采用加鹽(salt)的方式去檢驗)String inPassword = new String(utoken.getPassword());//獲得數據庫中的密碼String dbPassword=(String) info.getCredentials();//進行密碼的比對return this.equals(inPassword, dbPassword);}
}
shiro配置類
package com.king.s5.shiro;import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import java.util.LinkedHashMap;/*** shiro的配置類* @author sujin**/
@Configuration
public class ShiroConfiguration {@Bean(name="shiroFilter")public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();bean.setSecurityManager(manager);//配置登錄的url和登錄成功的urlbean.setLoginUrl("/login");bean.setSuccessUrl("/home");//配置訪問權限LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<>();filterChainDefinitionMap.put("/login*", "anon"); //表示可以匿名訪問filterChainDefinitionMap.put("/loginUser", "anon");filterChainDefinitionMap.put("/client/test", "anon");filterChainDefinitionMap.put("/assert/test", "anon");//添加白名單filterChainDefinitionMap.put("/assert/get", "anon");//添加白名單filterChainDefinitionMap.put("/assert/assertQuery", "anon");//添加白名單filterChainDefinitionMap.put("/a", "anon");filterChainDefinitionMap.put("/book/list", "anon");filterChainDefinitionMap.put("/logout*","anon");filterChainDefinitionMap.put("/jsp/error.jsp*","anon");filterChainDefinitionMap.put("/jsp/login.jsp*","authc");filterChainDefinitionMap.put("/*", "authc");//表示需要認證才可以訪問filterChainDefinitionMap.put("/**", "authc");//表示需要認證才可以訪問filterChainDefinitionMap.put("/*.*", "authc");bean.setFilterChainDefinitionMap(filterChainDefinitionMap);return bean;}//配置核心安全事務管理器@Bean(name="securityManager")public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm) {System.err.println("--------------shiro已經加載----------------");DefaultWebSecurityManager manager=new DefaultWebSecurityManager();manager.setRealm(authRealm);return manager;}//配置自定義的權限登錄器@Bean(name="authRealm")public AuthRealm authRealm(@Qualifier("credentialsMatcher") CredentialsMatcher matcher) {AuthRealm authRealm=new AuthRealm();authRealm.setCredentialsMatcher(matcher);return authRealm;}//配置自定義的密碼比較器@Bean(name="credentialsMatcher")public CredentialsMatcher credentialsMatcher() {return new CredentialsMatcher();}@Beanpublic LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){return new LifecycleBeanPostProcessor();}@Beanpublic DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator();creator.setProxyTargetClass(true);return creator;}@Beanpublic AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager manager) {AuthorizationAttributeSourceAdvisor advisor=new AuthorizationAttributeSourceAdvisor();advisor.setSecurityManager(manager);return advisor;}
}
6.控制層controller
package com.king.s5.controller;import com.king.s5.model.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpSession;@Controller
public class LoginController {@RequestMapping("/login")public String login() {return "login";}@RequestMapping("/a")public String a() {return "a";}@RequestMapping("/loginUser")public String loginUser(String username,String password,HttpSession session) {//授權認證UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken(username,password);Subject subject = SecurityUtils.getSubject();try {//完成登錄subject.login(usernamePasswordToken);//獲得用戶對象User user=(User) subject.getPrincipal();//存入sessionsession.setAttribute("user", user);return "index";} catch(Exception e) {return "login";//返回登錄頁面}}@RequestMapping("/logOut")public String logOut(HttpSession session) {Subject subject = SecurityUtils.getSubject();subject.logout();
// session.removeAttribute("user");return "login";}
}
7.視圖層jsp
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" pageEncoding="UTF-8" %>
<!DOCTYPE html>
<html lang="en">
<head><title>登錄</title>
</head><h1>歡迎登錄!${user.username }</h1>
<form action="${pageContext.request.contextPath }/loginUser" method="post"><input type="text" name="username"><br><input type="password" name="password"><br><input type="submit" value="提交">
</form>
</body>
</html>
index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" pageEncoding="UTF-8" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!DOCTYPE html>
<html lang="en">
<head><title>登錄</title>
</head><h1>歡迎${user.username }光臨!請選擇你的操作:</h1><br>
<ul><shiro:hasPermission name="add"><li>增加</li></shiro:hasPermission><shiro:hasPermission name="delete"><li>刪除</li></shiro:hasPermission><shiro:hasPermission name="update"><li>修改</li></shiro:hasPermission><shiro:hasPermission name="query"><li>查詢</li></shiro:hasPermission></ul>
<a href="${pageContext.request.contextPath }/logOut">點我注銷</a>
</body>
</html>
8.shiro標簽的使用
| guest標簽 | 驗證當前用戶是否為“訪客”,即未認證(包含未記住)的用戶 |
|---|---|
| user標簽 | 認證通過或已記住的用戶 |
| authenticated標簽 | 已認證通過的用戶。不包含已記住的用戶,這是與user標簽的區別所在未認證通過用戶,與authenticated標簽相對應。與guest標簽的區別是,該標簽包含已記住用戶 |
| notAuthenticated標簽 | |
| principal 標簽 | 輸出當前用戶信息,通常為登錄帳號信息 |
| hasRole標簽 | 驗證當前用戶是否屬于該角色 |
| lacksRole標簽 | 與hasRole標簽邏輯相反,當用戶不屬于該角色時驗證通過 |
| hasAnyRole標簽 | 驗證當前用戶是否屬于以下任意一個角色 |
| hasPermission標簽 | 驗證當前用戶是否擁有指定權限 |
| lacksPermission標簽 | 與hasPermission標簽邏輯相反,當前用戶沒有制定權限時,驗證通過 |
![[Head First Java] - 線程共享數據問題](http://pic.xiahunao.cn/[Head First Java] - 線程共享數據問題)
中檢測到有潛在危險的 Request.Form 值...)
![[Java核心技術(卷I)] - 簡易的日歷](http://pic.xiahunao.cn/[Java核心技術(卷I)] - 簡易的日歷)
![[Java核心技術(卷I)] - Java中的參數能做什么和不能做什么](http://pic.xiahunao.cn/[Java核心技術(卷I)] - Java中的參數能做什么和不能做什么)
![[web性能優化] - 使用在線工具對html、js、css進行壓縮](http://pic.xiahunao.cn/[web性能優化] - 使用在線工具對html、js、css進行壓縮)
![[Java核心技術(卷I)] - vscode手動編譯運行繼承類](http://pic.xiahunao.cn/[Java核心技術(卷I)] - vscode手動編譯運行繼承類)
