使用EhCache同时缓存数据库数据及其它需要缓存的数据和shrio共享(shiro主要用于会话的存储和持久化),集成整合步骤如下:
一:集成EhCache
<1>、在pom.xml文件中添加以下依赖。
<!-- 开启 cache 缓存 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-cache</artifactId>
</dependency>
<!-- ehcache 缓存 -->
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
</dependency>
<2>、添加配置文件 ehcache.xml,放在resources下,内容如下。
<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd"
updateCheck="false">
<defaultCache
eternal="false"
maxElementsInMemory="1000"
overflowToDisk="false"
diskPersistent="false"
timeToIdleSeconds="0"
timeToLiveSeconds="600"
memoryStoreEvictionPolicy="LRU" />
<cache
name="permissionCache"
eternal="false"
maxElementsInMemory="100"
overflowToDisk="false"
diskPersistent="false"
timeToIdleSeconds="0"
timeToLiveSeconds="300"
memoryStoreEvictionPolicy="LRU" />
</ehcache>
<3>、在启动类加上启用缓存注解@EnableCaching。
<4>、经过上述步骤后,就可以使用缓存注解@Cacheable,@CachePut等。
二:集成Shiro并使用EhCache缓存
<1> 、在pom.xml文件中添加以下依赖。
<!-- shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro-spring.version}</version>
</dependency>
<!-- shiro ehcache -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro-ehcache.version}</version>
</dependency>
<2>、编写Shiro的Realm验证,参考代码如下。
public class ShiroRealm extends AuthorizingRealm {
private Logger logger = LoggerFactory.getLogger(this.getClass());
@Resource
private IUserService iUserService;
@Resource
private ILoginLogService iloginLogService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
logger.info("权限配置----->ShiroRealm.doGetAuthorizationInfo()" );
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
UserInfo userInfo = (UserInfo) principals.getPrimaryPrincipal();
authorizationInfo.addRole(userInfo.getRoleInfo().getRoleCode());
for (Permission p : userInfo.getRoleInfo().getPermissions()) {
authorizationInfo.addStringPermission(p.getPermissionCode());
}
//授权成功添加登录日志
addLoginLog(userInfo);
return authorizationInfo;
}
/*主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
logger.info("ShiroRealm.doGetAuthenticationInfo()" );
//获取用户的输入的账号.
String username = (String) token.getPrincipal();
//通过username从数据库中查找 User对象,如果找到,没找到.
//实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法
UserInfo userInfo = iUserService.findUserInfo(username);
logger.info("----->userInfo=" + userInfo);
if (userInfo == null) {
throw new AccountException();
} else if (userInfo.getState() == 0) {
throw new DisabledAccountException();
} else if (userInfo.getState() == 2) {
throw new LockedAccountException();
}
//保存登录用户ID
Session session = SecurityUtils.getSubject().getSession();
session.setAttribute(Constant.LOGIN_USER_ID, userInfo.getId());
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
userInfo, //用户信息
userInfo.getPassWord(), //密码
ByteSource.Util.bytes(userInfo.getCredentialsSalt()),//salt=username+salt
getName() //realm name
);
return authenticationInfo;
}
private void addLoginLog(UserInfo userInfo) {
LoginLog loginLog = new LoginLog();
loginLog.setUserId(userInfo.getId());
loginLog.setUserName(userInfo.getUserName());
loginLog.setIpAddress(SecurityUtils.getSubject().getSession().getAttribute(Constant.LOGIN_IP_ADDRESS).toString());
loginLog.setGeographyLocation(AddressUtils.getAddressByIp(loginLog.getIpAddress()));
iloginLogService.insert(loginLog);
}
}
<3>、添加Shiro的配置类,参考代码如下。
@Configuration
public class ShiroConfig {
private Logger logger = LoggerFactory.getLogger(this.getClass());
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
logger.info("ShiroConfiguration.shirFilter()" );
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//获取filters
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
//将自定义的FormAuthenticationFilter注入shiroFilter中(验证码校验)
filters.put("authc" , new CustomFormAuthenticationFilter());
//拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
// 配置不会被拦截的链接 顺序判断
filterChainDefinitionMap.put("/static/**" , "anon" );
filterChainDefinitionMap.put("/kaptcha/**" , "anon" );
//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout" , "logout" );
//<!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/**" , "authc" );
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login" );
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index" );
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/error/403" );
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* 凭证匹配器
* (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了)
*
* @return
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5" );//散列算法:这里使用MD5算法;
hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5(""));
return hashedCredentialsMatcher;
}
/**
* 自定义身份认证realm
*
* @return
*/
@Bean
public ShiroRealm shiroRealm() {
ShiroRealm shiroRealm = new ShiroRealm();
shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return shiroRealm;
}
@Bean
public EhCacheManager ehCacheManager(CacheManager cacheManager) {
EhCacheManager em = new EhCacheManager();
//将ehcacheManager转换成shiro包装后的ehcacheManager对象
em.setCacheManager(cacheManager);
//em.setCacheManagerConfigFile("classpath:ehcache.xml");
return em;
}
@Bean
public SessionDAO sessionDAO(){
return new MemorySessionDAO();
}
/**
* shiro session管理
*/
@Bean
public DefaultWebSessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setSessionDAO(sessionDAO());
return sessionManager;
}
@Bean
public SecurityManager securityManager(EhCacheManager ehCacheManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置realm
securityManager.setRealm(shiroRealm());
// 自定义缓存实现
securityManager.setCacheManager(ehCacheManager);
// 自定义session管理
securityManager.setSessionManager(sessionManager());
return securityManager;
}
/**
* 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
* 配置以下两个bean(DefaultAdvisorAutoProxyCreator和AuthorizationAttributeSourceAdvisor)即可实现此功能
*
* @return
*/
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
/**
* 开启shiro aop注解支持.
* 使用代理方式;所以需要开启代码支持;
*
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
注意:
@Bean
public EhCacheManager ehCacheManager(CacheManager cacheManager) {
EhCacheManager em = new EhCacheManager();
//将ehcacheManager转换成shiro包装后的ehcacheManager对象
em.setCacheManager(cacheManager);
//em.setCacheManagerConfigFile("classpath:ehcache.xml");
return em;
}
如上是配置Shiro的缓存管理器org.apache.shiro.cache.ehcach.EhCacheManager,上面方法的参数是把Spring容器中的cacheManager对象注入到EhCacheManager中,这样就实现了Shiro和缓存注解使用同一种缓存方式。
三:代码示例
Gitee:https://gitee.com/xieke90/common-admin/tree/SpringBoot2.X_EhCache