...

HowieYuan · HowieYuan · commit 5b89a647e90b · 2018-03-28T23:02:13.000+08:00
diff --git a/pom.xml b/pom.xml
@@ -48,8 +48,8 @@
 
 		<dependency>
 			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-all</artifactId>
-			<version>1.2.3</version>
+			<artifactId>shiro-spring</artifactId>
+			<version>1.3.2</version>
 		</dependency>
 	</dependencies>
 
diff --git a/src/main/java/com/howie/shiro/config/ShiroConfig.java b/src/main/java/com/howie/shiro/config/ShiroConfig.java
@@ -0,0 +1,67 @@
+package com.howie.shiro.config;
+
+import com.howie.shiro.shiro.CustomRealm;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.web.filter.authc.LogoutFilter;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.apache.shiro.mgt.SecurityManager;
+
+import javax.servlet.Filter;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Created with IntelliJ IDEA
+ *
+ * @Author yuanhaoyue swithaoy@gmail.com
+ * @Description shiro 配置
+ * @Date 2018-03-28
+ * @Time 17:21
+ */
+@Configuration
+public class ShiroConfig {
+    /**
+     * ShiroFilterFactoryBean 处理拦截资源文件问题。
+     * 注意：单独一个 ShiroFilterFactoryBean 配置是或报错的，
+     * 因为在初始化 ShiroFilterFactoryBean 的时候需要注入 SecurityManager
+     * <p>
+     * Filter Chain 定义说明
+     * 1、一个 URL 可以配置多个 Filter ，使用逗号分隔
+     * 2、当设置多个过滤器时，全部验证通过，才视为通过
+     * 3、部分过滤器可指定参数，如 perms，roles
+     */
+    @Bean
+    public ShiroFilterFactoryBean shirFilter() {
+        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
+        shiroFilterFactoryBean.setSecurityManager(securityManager());
+
+        Map<String, Filter> filters = new LinkedHashMap<>();
+        LogoutFilter logoutFilter = new LogoutFilter();
+        logoutFilter.setRedirectUrl("/login");
+//        filters.put("logout",null);
+        shiroFilterFactoryBean.setFilters(filters);
+
+        Map<String, String> filterChainDefinitionManager = new LinkedHashMap<>();
+        filterChainDefinitionManager.put("/logout", "logout");
+        filterChainDefinitionManager.put("/user/**", "authc,roles[ROLE_USER]");
+        filterChainDefinitionManager.put("/events/**", "authc,roles[ROLE_ADMIN]");
+//        filterChainDefinitionManager.put("/user/edit/**", "authc,perms[user:edit]");// 这里为了测试，固定写死的值，也可以从数据库或其他配置中读取
+        filterChainDefinitionManager.put("/**", "anon");
+        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager);
+
+
+        shiroFilterFactoryBean.setSuccessUrl("/");
+        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
+        return shiroFilterFactoryBean;
+    }
+
+    @Bean
+    public SecurityManager securityManager() {
+        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
+        // 设置realm.
+        securityManager.setRealm(new CustomRealm());
+        return securityManager;
+    }
+}
diff --git a/src/main/java/com/howie/shiro/controller/TestController.java b/src/main/java/com/howie/shiro/controller/TestController.java
@@ -1,9 +1,18 @@
 package com.howie.shiro.controller;
 
 import com.howie.shiro.mapper.UserMapper;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.UsernamePasswordToken;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 /**
  * Created with IntelliJ IDEA
  *
@@ -20,4 +29,17 @@ public class TestController {
     public TestController(UserMapper userMapper) {
         this.userMapper = userMapper;
     }
+
+    @RequestMapping(value="/login",method= RequestMethod.GET)
+    public String submitLogin() {
+        try {
+
+            UsernamePasswordToken token = new UsernamePasswordToken("howie",
+                    "123456");
+            SecurityUtils.getSubject().login(token);
+            return "成功";
+        } catch (Exception ignored) {
+            return "失败";
+        }
+    }
 }
diff --git a/src/main/java/com/howie/shiro/mapper/UserMapper.java b/src/main/java/com/howie/shiro/mapper/UserMapper.java
@@ -10,7 +10,6 @@
  * @Date 2018-03-25
  * @Time 22:04
  */
-@Repository
 public interface UserMapper {
     String getPassword(String username);
 }
diff --git a/src/main/java/com/howie/shiro/shiro/CustomRealm.java b/src/main/java/com/howie/shiro/shiro/CustomRealm.java
@@ -1,17 +1,23 @@
 package com.howie.shiro.shiro;
 
 import com.howie.shiro.mapper.UserMapper;
+import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.SimpleAuthenticationInfo;
 import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.stereotype.Component;
 
+import javax.annotation.Resource;
+import java.util.HashSet;
+import java.util.Set;
+
 /**
  * Created with IntelliJ IDEA
  *
@@ -20,29 +26,23 @@
  * @Date 2018-03-25
  * @Time 21:46
  */
-@Configuration
 public class CustomRealm extends AuthorizingRealm {
-    private final UserMapper userMapper;
-
     @Autowired
-    public CustomRealm(UserMapper userMapper) {
-        this.userMapper = userMapper;
-    }
+    private UserMapper userMapper;
 
     /**
      * 获取身份验证信息
+     * Shiro中，最终是通过 Realm 来获取应用程序中的用户、角色及权限信息的。
+     *
      * @param authenticationToken 用户身份信息 token
-     * @return
+     * @return 返回封装了用户信息的 AuthenticationInfo 实例
      */
     @Override
     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
         // 第一步从 token 中取出身份信息
         String username = (String) authenticationToken.getPrincipal();
         // 第二步：根据用户输入的userCode从数据库查询,如果查询不到返回null
         String password = userMapper.getPassword(username);
-        if (password == null) {
-            return null;
-        }
         // 如果查询到返回认证信息AuthenticationInfo
         SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
                 username, password, this.getName());
@@ -51,11 +51,38 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
 
     /**
      * 获取授权信息
+     *
      * @param principalCollection
      * @return
      */
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
+//        System.out.println("权限认证方法：MyShiroRealm.doGetAuthenticationInfo()");
+//        SysUser token = (SysUser) SecurityUtils.getSubject().getPrincipal();
+//        String userId = token.getId();
+//        SimpleAuthorizationInfo info =  new SimpleAuthorizationInfo();
+//        //根据用户ID查询角色（role），放入到Authorization里。
+//        /*Map<String, Object> map = new HashMap<String, Object>();
+//        map.put("user_id", userId);
+//        List<SysRole> roleList = sysRoleService.selectByMap(map);
+//        Set<String> roleSet = new HashSet<String>();
+//        for(SysRole role : roleList){
+//            roleSet.add(role.getType());
+//        }*/
+//        //实际开发，当前登录用户的角色和权限信息是从数据库来获取的，我这里写死是为了方便测试
+//        Set<String> roleSet = new HashSet<>();
+//        roleSet.add("100002");
+//        info.setRoles(roleSet);
+//        //根据用户ID查询权限（permission），放入到Authorization里。
+//        /*List<SysPermission> permissionList = sysPermissionService.selectByMap(map);
+//        Set<String> permissionSet = new HashSet<String>();
+//        for(SysPermission Permission : permissionList){
+//            permissionSet.add(Permission.getName());
+//        }*/
+//        Set<String> permissionSet = new HashSet<String>();
+//        permissionSet.add("权限添加");
+//        info.setStringPermissions(permissionSet);
+//        return info;
         return null;
     }
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -3,4 +3,15 @@ spring.datasource.username = root
 spring.datasource.password = 980509
 spring.datasource.driver-class-name = com.mysql.jdbc.Driver
 
-mybatis.mapperLocations = classpath:mapper/**/*.xml
+mybatis.mapperLocations = classpath:mapper/**/*.xml
+
+#log
+logging.file=log/log.log
+#logging.level.root=debug
+logging.level.com.howie.shiro.mapper=DEBUG
+# ����̨��־�������
+logging.level.org.springframework.web=DEBUG
+
+spring.webservices.servlet.load-on-startup=1
+spring.jersey.servlet.load-on-startup=1
+spring.mvc.servlet.load-on-startup=1
diff --git a/src/test/java/com/howie/shiro/LoginTest.java b/src/test/java/com/howie/shiro/LoginTest.java
@@ -1,7 +1,7 @@
 package com.howie.shiro;
 
+import com.howie.shiro.mapper.UserMapper;
 import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.config.IniSecurityManagerFactory;
 import org.apache.shiro.mgt.SecurityManager;
@@ -23,35 +23,34 @@
 @RunWith(SpringRunner.class)
 @SpringBootTest
 public class LoginTest {
-    /**
-     * 用户登陆和退出
-     */
-    @Test
-    public void testLoginAndLogout() {
-        // 创建 securityManager 工厂，通过ini配置文件创建 securityManager 工厂
-        Factory<SecurityManager> factory = new IniSecurityManagerFactory(
-                "classpath:shiro.ini");
-        // 创建 SecurityManager
-        SecurityManager securityManager = factory.getInstance();
-        // 将 securityManager 设置当前的运行环境中
-        SecurityUtils.setSecurityManager(securityManager);
-        // 从SecurityUtils里边创建一个 subject
-        Subject subject = SecurityUtils.getSubject();
-
-        // 在认证提交前准备 token（令牌）
-        // 这里的账号和密码 将来是由用户输入进去
-        UsernamePasswordToken token = new UsernamePasswordToken("howie",
-                "123456");
-        // 执行认证提交
-        subject.login(token);
-        // 是否认证通过
-        boolean isAuthenticated = subject.isAuthenticated();
-        System.out.println("是否认证通过：" + isAuthenticated);
-        // 退出操作
-        subject.logout();
-        System.out.println("登陆已经注销");
-        // 是否认证通过
-        isAuthenticated = subject.isAuthenticated();
-        System.out.println("是否认证通过：" + isAuthenticated);
-    }
+//    /**
+//     * 用户登陆和退出
+//     */
+//    @Test
+//    public void testLoginAndLogout() {
+//        // 创建 securityManager 工厂，通过ini配置文件创建 securityManager 工厂
+//        Factory<SecurityManager> factory = new IniSecurityManagerFactory(
+//                "classpath:shiro.ini");
+//        // 创建 SecurityManager
+//        SecurityManager securityManager = factory.getInstance();
+//        // 将 securityManager 设置当前的运行环境中
+//        SecurityUtils.setSecurityManager(securityManager);
+//        // 从SecurityUtils里边创建一个 subject
+//        Subject subject = SecurityUtils.getSubject();
+//        // 在认证提交前准备 token（令牌）
+//        // 这里的账号和密码 将来是由用户输入进去
+//        UsernamePasswordToken token = new UsernamePasswordToken("howie",
+//                "123456");
+//        // 执行认证提交
+//        subject.login(token);
+//        // 是否认证通过
+//        boolean isAuthenticated = subject.isAuthenticated();
+//        System.out.println("是否认证通过：" + isAuthenticated);
+//        // 退出操作
+//        subject.logout();
+//        System.out.println("登陆已经注销");
+//        // 是否认证通过
+//        isAuthenticated = subject.isAuthenticated();
+//        System.out.println("是否认证通过：" + isAuthenticated);
+//    }
 }

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,6 @@`
`10`	`10`	`* @Date 2018-03-25`
`11`	`11`	`* @Time 22:04`
`12`	`12`	`*/`
`13`		`-@Repository`
`14`	`13`	`public interface UserMapper {`
`15`	`14`	`String getPassword(String username);`
`16`	`15`	`}`