我是靠谱客的博主 直率大船,这篇文章主要介绍shiro安全框架shiro中的第一个程序用户认证shiro中认证流程源码shiro自定义RealmMD5+Salt实现java练习shiro (不涉及数据库) demospringboot集成shiro,现在分享给大家,希望可以做个参考。
shiro学习
shiro中的第一个程序用户认证
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26//1.创建安全管理器对象 DefaultSecurityManager securityManager=new DefaultSecurityManager(); //2.给安全管理器设置realm securityManager.setRealm(new IniRealm("classpath:shiro.ini")); //3.SecurityUtils 给全局安全工具类设置安全管理器 SecurityUtils.setSecurityManager(securityManager); //4.关键对象subject主体 Subject subject=SecurityUtils.getSubject(); //5.创建令牌 UsernamePasswordToken token=new UsernamePasswordToken("xiaoou","1123"); try { subject.login(token); System.out.println("认证状态:"+subject.isAuthenticated()); }catch (UnknownAccountException w){ System.out.println("账号不存在!"); }catch (IncorrectCredentialsException e){ System.out.println("密码错误!"); }finally { System.out.println("认证结束 "); }
shiro中认证流程源码
认证:1.最终执行用户名比较 是在SimpleAccountRealm类中的doGetAuthenticationInfo 方法中完成用户名校验的
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; SimpleAccount account = getUser(upToken.getUsername()); if (account != null) { if (account.isLocked()) { throw new LockedAccountException("Account [" + account + "] is locked."); } if (account.isCredentialsExpired()) { String msg = "The credentials for account [" + account + "] are expired"; throw new ExpiredCredentialsException(msg); } } return account; }
2.最终密码校验是在AuthenticatingRealm类中的assertCredentialsMatch方法中完成密码校验的
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { CredentialsMatcher cm = getCredentialsMatcher(); if (cm != null) { if (!cm.doCredentialsMatch(token, info)) { //not successful - throw an exception to indicate this: String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials."; throw new IncorrectCredentialsException(msg); } } else { throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify " + "credentials during authentication. If you do not wish for credentials to be examined, you " + "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance."); } }
总结:
复制代码
1
2AuthenticatingRealm 认证realm doGetAuthenticationInfo
复制代码
1
2AuthorizingRealm 授权realm doGetAuthorizationInfo
shiro自定义Realm
测试类:
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21//创建SecuirityManager DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager(); //设置自定义realm defaultSecurityManager.setRealm(new CustomerRealm()); //将安全工具类设置安全工具类 SecurityUtils.setSecurityManager(defaultSecurityManager); //通过安全管理器获取Subject(主体) Subject subject = SecurityUtils.getSubject(); //创建token UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken("x","6"); try { subject.login(usernamePasswordToken); System.out.println("状态"+subject.isAuthenticated()); }catch (UnknownAccountException e){ System.out.println("账号错误"); }catch (IncorrectCredentialsException e){ System.out.println("密码错误"); }
自定义的realm
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36package org.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; public class CustomerRealm extends AuthorizingRealm { //授权realm @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { //因为暂时还没有涉及到授权 所有授权可以忽略 return null; } //认证realm @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //在token中获取用户名 Object principal = token.getPrincipal(); //模拟使用mybatis查询数据库 if (principal.toString().equals("x")){ //参数一 返回数据库中正确的用户名 参数二返回数据库中的正确密码 参数三 提供当前realm的名字 SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(principal.toString(),"6",this.getName()); return simpleAuthenticationInfo; } return null; } }
MD5+Salt实现
自定realm
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32package org.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; public class Md5realm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //获取身份信息 Object principal = token.getPrincipal(); //根据用户名查询数据库 if (principal.toString().equals("xiaoou")){ //参数一返回数据库中正确的用户名 参数二返回数据库中的正确密码 参数三注册时使用的随机盐 参数四提供当前realm的名字 return new SimpleAuthenticationInfo(principal.toString(),"66bd74861c4a331b7c6e55df3101fa63", ByteSource.Util.bytes("6*asdas55**-"),this.getName()); } return null; } }
测试类
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55package org.shiro; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.subject.Subject; import org.realm.CustomerRealm; import org.realm.Md5realm; public class TestShiro3 { public static void main(String[] args) { //创建安全管理器 DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager(); //自定义realm Md5realm md5realm = new Md5realm(); HashedCredentialsMatcher credentialsMatcher=new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName("md5"); credentialsMatcher.setHashIterations(1024); //设置realm使用hash凭证匹配器 md5realm.setCredentialsMatcher(credentialsMatcher); //注入自定义realm defaultSecurityManager.setRealm(md5realm); //将安全管理器注入到安全工具 SecurityUtils.setSecurityManager(defaultSecurityManager); //通过安全工具类获取subject Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("xiaoou","633633"); try { subject.login(token); System.out.println("登录成功!"); }catch (UnknownAccountException e){ System.out.println("用户名错误!"); }catch (IncorrectCredentialsException e){ System.out.println("密码错误"); } } }
java练习shiro (不涉及数据库) demo
自定义realm
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39package org.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; public class Md5realm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Object primaryPrincipal = principals.getPrimaryPrincipal(); //拿到用户 System.out.println(primaryPrincipal.toString()); SimpleAuthorizationInfo d=new SimpleAuthorizationInfo(); d.addRole("admin"); d.addRole("user"); d.addStringPermission("user:*:01 "); return d; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //获取身份信息 Object principal = token.getPrincipal(); //根据用户名查询数据库 if (principal.toString().equals("xiaoou")){ //参数一返回数据库中正确的用户名 参数二返回数据库中的正确密码 参数三注册时使用的随机盐 参数四提供当前realm的名字 return new SimpleAuthenticationInfo(principal.toString(),"66bd74861c4a331b7c6e55df3101fa63", ByteSource.Util.bytes("6*asdas55**-"),this.getName()); } return null; } }
main测试
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87package org.shiro; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.subject.Subject; import org.realm.CustomerRealm; import org.realm.Md5realm; import java.util.Arrays; public class TestShiro3 { public static void main(String[] args) { //创建安全管理器 DefaultSecurityManager defaultSecurityManager=new DefaultSecurityManager(); //自定义realm Md5realm md5realm = new Md5realm(); HashedCredentialsMatcher credentialsMatcher=new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName("md5"); credentialsMatcher.setHashIterations(1024); //设置realm使用hash凭证匹配器 md5realm.setCredentialsMatcher(credentialsMatcher); //注入自定义realm defaultSecurityManager.setRealm(md5realm); //将安全管理器注入到安全工具 SecurityUtils.setSecurityManager(defaultSecurityManager); //通过安全工具类获取subject Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken("xiaoou","633633"); try { subject.login(token); System.out.println("登录成功!"); }catch (UnknownAccountException e){ System.out.println("用户名错误!"); }catch (IncorrectCredentialsException e){ System.out.println("密码错误"); } if (subject.isAuthenticated()){ //认证成功进行授权 //基于单角色权限控制 System.out.println("***"+subject.hasRole("admin")); //基于多角色权限控制 System.out.println(subject.hasAllRoles(Arrays.asList("admin","user"))); //是否具有其中一个角色 System.out.println(subject.hasRoles(Arrays.asList("admin"))[0]); //基于权限字符串的访问控制 资源访问标识符:操作:资源类型 System.out.println("访问控制:"+subject.isPermitted("user:*:01")); System.out.println("访问控制:"+subject.isPermitted("user:update:02")); //分别具有哪些权限 boolean[] permitted = subject.isPermitted("user:*:01", "admin:*:10"); for (boolean b:permitted ) { System.out.println("id权限"+b); } //同时具有哪些权限 boolean permittedAll = subject.isPermittedAll("user:*:01", "admin:update:02"); System.out.println(permittedAll); } } }
springboot集成shiro
Shiro依赖
复制代码
1
2
3
4
5
6<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-starter</artifactId> <version>1.5.3</version> </dependency>
ShiroConfig (配置类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65package com.shiro.bootshiro; import com.shiro.shiro.CutomerRealm; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.realm.Realm; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; /** * 用来整合shiro相关的配置类 */ @Configuration public class ShiroConfig { //1.创建shiroFilter 负责拦截所有请求 @Bean public ShiroFilterFactoryBean getShirodFilterFactortBean(DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); //给filter设置安全管理器 shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); Map<String,String> map=new HashMap<String,String>(); //配置系统公共资源 map.put("/user/login","anon"); map.put("/zhu.html","anon"); map.put("/user/zhu","anon"); //配置系统受限资源 map.put("/**","authc"); //authc 请求这个资源需要认证和授权 shiroFilterFactoryBean.setLoginUrl("/login.html"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; } //2.创建安全管理器 @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){ DefaultWebSecurityManager defaultWebSecurityManager=new DefaultWebSecurityManager(); //给安全管理器设置realm defaultWebSecurityManager.setRealm(realm); return defaultWebSecurityManager; } //3.创建自定义的realm @Bean public Realm getRealm(){ CutomerRealm cutomerRealm=new CutomerRealm(); //修改凭证校验匹配器 HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); //设置加密算法为md5 hashedCredentialsMatcher.setHashAlgorithmName("md5"); //设置散列次数 hashedCredentialsMatcher.setHashIterations(1024); cutomerRealm.setCredentialsMatcher(hashedCredentialsMatcher); return cutomerRealm; } }
MvcExecption(异常处理类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18package com.shiro.controller; import org.apache.shiro.authz.AuthorizationException; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; @ControllerAdvice public class MvcExecption { @ExceptionHandler({AuthorizationException.class}) //负责处理AuthorizationException异常。 public String handlerExceptio() { System.out.println("你没有权限删除用户!"); return "redirect:/index.html"; } }
Shirocontroller(控制器类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80package com.shiro.controller; import com.shiro.pojo.Shiro; import com.shiro.service.ShiroService; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.authz.annotation.RequiresRoles; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @Controller @RequestMapping("/user") public class Shirocontroller { @Autowired private ShiroService shiroService; @RequestMapping("/login") //登录 public String login(String name,String password){ //获取主体对象 Subject subject= SecurityUtils.getSubject(); try { subject.login(new UsernamePasswordToken(name,password)); return "redirect:/index.html"; //登录成功去主页 }catch (UnknownAccountException e){ System.out.println("用户名错误!"); }catch (IncorrectCredentialsException e){ System.out.println("密码错误!"); } return "redirect:/login.html"; //登录页 } @RequestMapping("/exit") //退出登录 public String login1(){ Subject subject=SecurityUtils.getSubject(); subject.logout(); //登出 return "redirect:/login.html"; } @RequestMapping("/zhu") //注册用户 public String login2(Shiro shiro){ //逻辑处理层在service int i= shiroService.save(shiro); if (i>0){ System.out.println("注册成功"); return "redirect:/login.html"; //成功与否都去登录页面 } System.out.println("注册失败"); return "redirect:/login.html"; } //注解方式的鉴别身份 /*@RequiresRoles("admin1") //判断角色是否是admin*/ @RequiresRoles(value = {"admin","user"}) //判断主角色是否同时具有两个角色 /*@RequiresPermissions(value = {"admin:*:01","admin:*:02"}) 判断著角色是否同时具有当前权限*/ /*@RequiresPermissions("user:update:01") 判断当前角色是否具有当前权限*/ @RequestMapping("/jia") public String deleteuser(){ //根据权限执行本方法 System.out.println("删除一位普通用户!"); /* //代码方式的鉴别身份 Subject admin=SecurityUtils.getSubject(); if (admin.hasRole("admin1")){ //执行业务逻辑 System.out.println("删除了一位普通用户!"); }else{ System.out.println("无权删除"); } */ return "redirect:/index.html"; } }
ShiroMapper(Dao层)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16package com.shiro.dao; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import com.shiro.pojo.Pers; import com.shiro.pojo.Shiro; import java.util.List; public interface ShiroMapper extends BaseMapper<Shiro> { int save(Shiro shiro); Shiro selectshiro(String name); List<Pers> selectshiro1(Integer tid); }
ShiroMapper(Dao接口映射文件)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.shiro.dao.ShiroMapper"> <resultMap id="sedome" type="Shiro" > <id property="id" column="id"></id> <result property="username" column="username"></result> <collection property="roles" javaType="list" ofType="Role" > <id property="id" column="id1"></id> <result property="name" column="name" ></result> </collection> </resultMap> <select id="selectshiro" parameterType="String" resultMap="sedome" > SELECT so.id,so.username,re.id AS id1,re.name FROM shiro so INNER JOIN usrole us ON so.id=us.uid INNER JOIN role re ON re.id=us.rid WHERE so.username=#{nmae} </select> <select id="selectshiro1" parameterType="int" resultType="Pers" > SELECT ps.id,ps.name FROM pers ps INNER JOIN ropers rs ON rs.persid=ps.id INNER JOIN role re ON re.id=rs.roleid WHERE re.id=#{tid} </select> </mapper>
Pers(权限实体类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19package com.shiro.pojo; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; import lombok.experimental.Accessors; @Data @AllArgsConstructor @Accessors(chain =true) @NoArgsConstructor /** * 权限 */ public class Pers { private Integer id; private String name; }
Role(角色实体类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19package com.shiro.pojo; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; import lombok.experimental.Accessors; @Data @AllArgsConstructor @Accessors(chain =true) @NoArgsConstructor /** * 角色 */ public class Role { private int id; private String name; }
Shiro(用户实体类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30package com.shiro.pojo; import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.TableField; import com.baomidou.mybatisplus.annotation.TableId; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; import lombok.experimental.Accessors; import java.util.List; @Data @Accessors(chain =true) @AllArgsConstructor @NoArgsConstructor /** * 用户 */ public class Shiro { @TableId(value = "id", type = IdType.AUTO) private Integer id; private String username; private String userpassword; private String salt; @TableField(exist = false) private List<Role> roles; }
Saltutils(随机盐生成工具类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21package com.shiro.saltutils; import java.util.Random; /** * /随机盐工具类 */ public class Saltutils { public static String getSalt(int n){ //根据传入的用户密码长度随机生成盐 //定义随机盐 char [] chars="qwertyuiopasdfghjklzxcvbnm,963852741/*-+123457890--=".toCharArray(); StringBuffer stringBuffer=new StringBuffer(); for (int i=0;i<n;i++){ char aChar = chars[new Random().nextInt(chars.length - 1)]; stringBuffer.append(aChar); } return stringBuffer.toString(); } }
ShiroService(逻辑层)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18package com.shiro.service; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.shiro.pojo.Pers; import com.shiro.pojo.Shiro; import java.util.List; public interface ShiroService { int save(Shiro shiro); Shiro selectshiro(QueryWrapper<Shiro> queryWrapper); List<Pers> selectshiro1(Integer tid); Shiro list(String name); }
ShiroServiceImpl(逻辑层实现类)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43package com.shiro.service; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.shiro.dao.ShiroMapper; import com.shiro.pojo.Pers; import com.shiro.pojo.Shiro; import com.shiro.saltutils.Saltutils; import org.apache.shiro.crypto.hash.Md5Hash; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.List; @Service public class ShiroServiceImpl implements ShiroService { @Autowired private ShiroMapper shirodao; @Override public int save(Shiro shiro) { //处理注册逻辑 String salt= Saltutils.getSalt(shiro.getUserpassword().length()); //拿到随机生成的salt shiro.setSalt(salt); Md5Hash md5Hash = new Md5Hash(shiro.getUserpassword(),salt,1024); //设置md5+sqlt+hash shiro.setUserpassword(md5Hash.toHex()); return shirodao.insert(shiro); } @Override public Shiro selectshiro(QueryWrapper<Shiro> queryWrapper) { return shirodao.selectOne(queryWrapper); } @Override public Shiro list(String name) { return shirodao.selectshiro(name); } @Override public List<Pers> selectshiro1(Integer tid) { return shirodao.selectshiro1(tid); } }
CutomerRealm(自定义realm)
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77package com.shiro.shiro; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.shiro.pojo.Pers; import com.shiro.pojo.Shiro; import com.shiro.service.ShiroService; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.apache.shiro.util.CollectionUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.ObjectUtils; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.List; public class CutomerRealm extends AuthorizingRealm { @Autowired private ShiroService shiroService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String name=(String) principals.getPrimaryPrincipal(); //获取用户身份信息 Shiro usernamelist = shiroService.list(name); //根据用户信息(名字)查询用户角色 SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo(); if (!CollectionUtils.isEmpty(usernamelist.getRoles())){ //查询到该用户角色新消息 usernamelist.getRoles().forEach(r->{ //循环角色信息 simpleAuthorizationInfo.addRole(r.getName()); //赋予角色 List<Pers> persList=shiroService.selectshiro1(r.getId()); //拿到当前的角色具有的全部权限 if (!CollectionUtils.isEmpty(persList)){ //判断不为空 persList.forEach(t->{ //循环权限信息 simpleAuthorizationInfo.addStringPermission(t.getName()); //赋予权限 }); } }); } return simpleAuthorizationInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String prin=(String) token.getPrincipal(); //获取用户名 Shiro shiro=shiroService.selectshiro(new QueryWrapper<Shiro>().eq("username",prin)); //拿到当前用户信息 if (!ObjectUtils.isEmpty(shiro)){ //判断不为空 // 用户名+密码(MD5+盐+hash散列)+自定义盐值+当前域名 return new SimpleAuthenticationInfo(shiro.getUsername(),shiro.getUserpassword(), ByteSource.Util.bytes(shiro.getSalt()),this.getName()); } return null; } }
最后
以上就是直率大船最近收集整理的关于shiro安全框架shiro中的第一个程序用户认证shiro中认证流程源码shiro自定义RealmMD5+Salt实现java练习shiro (不涉及数据库) demospringboot集成shiro的全部内容,更多相关shiro安全框架shiro中的第一个程序用户认证shiro中认证流程源码shiro自定义RealmMD5+Salt实现java练习shiro内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复