package com.example.hellospringboot.service;import com.example.hellospringboot.model.Permission;import java.util.List;public interface PermissionService {List<Permission> findPermissionsByRoleId(int roleId);}package com.example.hellospringboot.service.impl;import com.baomidou.mybatisplus.core.conditions.Wrapper;import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;import com.example.hellospringboot.mapper.PermissionMapper;import com.example.hellospringboot.model.Permission;import com.example.hellospringboot.service.PermissionService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Service;import java.util.List;@Servicepublic class PermissionServiceImpl implements PermissionService {@AutowiredPermissionMapper mapper;public List<Permission> findPermissionsByRoleId(int roleId){QueryWrapper<Permission> wrapper = new QueryWrapper<>();wrapper = wrapper.eq("role_id", roleId);List<Permission> list = mapper.selectList(wrapper);return list;}}ok,我们已经准备好了所有的安全数据,及对应的读取方法
到这里,我们就算是做好了所有的准备工作
接下来看我们如何通过Shiro框架来运用这些已经装配好的枪炮子弹
4. 引入Shiro框架相关依赖(pom.xml)<!-- 引入shiro框架依赖 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.10.0</version></dependency>这次pom.xml终于不是第一步了,哈哈哈 。。。
5. 创建Realm嫁接Shiro框架及安全数据(realm/MyAuthorizingRealm)package com.example.hellospringboot.realm;import com.example.hellospringboot.model.Permission;import com.example.hellospringboot.model.Role;import com.example.hellospringboot.model.User;import com.example.hellospringboot.service.PermissionService;import com.example.hellospringboot.service.RoleService;import com.example.hellospringboot.service.UserService;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import java.util.HashSet;import java.util.List;import java.util.Set;public class MyAuthorizingRealm extends AuthorizingRealm {@AutowiredUserService userService;@AutowiredRoleService roleService;@AutowiredPermissionService permissionService;@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;String userName = token.getUsername();String passWord = String.valueOf(token.getPassword());if (!userService.checkUserByUsernameAndPassword(userName, passWord)) {//判断用户账号是否正确throw new UnknownAccountException("用户名或密码错误!");}return new SimpleAuthenticationInfo(userName, passWord, getName());}@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();String userName = principalCollection.getPrimaryPrincipal().toString();User user = userService.findUserByUserName(userName);if (user == null) {throw new UnknownAccountException("用户名或密码错误!");}List<Integer> rolesList = user.rolesList();Set<String> roles = new HashSet<>();Set<String> permissions = new HashSet<>();for (Integer roleId : rolesList) {Role role = roleService.findRoleById(roleId);roles.add(role.getName());List<Permission> permissionList = permissionService.findPermissionsByRoleId(roleId);for (Permission permission : permissionList) {permissions.add(permission.getName());}}info.setRoles(roles);info.setStringPermissions(permissions);return info;}}Realm的创建对于整个Shiro安全验证体系搭建而言是至关重要的一步!
其中两个抽象方法
doGetAuthenticationInfo —— 用于校验用户名及密码的合法性6. 测试用Controller创建package com.example.hellospringboot.controller;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.PostMapping;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;@RequestMapping("/user")@RestControllerpublic class UserController {@PostMapping("/login")public String login(String user, String pass) {UsernamePasswordToken token = new UsernamePasswordToken(user, pass);Subject subject = SecurityUtils.getSubject();if(!subject.isAuthenticated()) {try {subject.login(token);} catch (AuthenticationException e) {return e.getMessage();}}return "ok";}@PostMapping("/logout")public String logout(){Subject subject = SecurityUtils.getSubject();if(subject.isAuthenticated()) {try {subject.logout();} catch (AuthenticationException e) {return e.getMessage();}}return "ok";}@GetMapping("/admin")public String admin() {return "admin";}@GetMapping("/user")public String user() {return "user";}}
doGetAuthorizationInfo —— 用于赋予实体对应的角色及交互权限
推荐阅读
- 手机卡反应迟钝怎么处理(让安卓手机流畅100倍)
- 浅尝 ECDHE 协议流程
- 装配 SpringBoot自动配置流程
- Arctic 基于 Hive 的流批一体实践
- 流氓迈克菲软件如何卸载(如何关闭迈克菲自动删除软件)
- 深空之眼流萤岚雾休刻印如何搭配比较合适
- Java 8 Stream API 引入和使用
- 45.限流Throttling及源码解析
- 弹壳特攻队平民秒杀流怎么玩
- 流浪方舟核心怎么选择