第一步:自定义MyRealm授权类
//自定义Realm模块
public class Myrealm extends AuthorizingRealm {
@Autowired
private IEmployeeService employeeService;
@Autowired
private IPermissionService permissionService;
@Override//认证方法
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取前端传的用户信息
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
//获取前端用户名
String username = token.getUsername();
//获取用户数据库中的信息
Employee employee = employeeService.selectByName(username);
//判断数据库中用户是否存在,返回null的话shiro底层会自动的返回用户不存在
if (employee == null) {
return null;
}
//使用工具类,给密码加密,加盐值
ByteSource solt = ByteSource.Util.bytes(Md5Util.SALT);
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(employee, employee.getPassword(), solt, getName());
//返回用户信息
return info;
}
@Override//授权方法
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//方式二 ,从session中获取,从登陆后的用户中,获取用户
Employee employee = UserLogin.getSession();
//获取授权对象
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//根据登录用户,获取权限列表
List<Permission> permissionSnByEmployee = permissionService.findPermissionSnByEmployee(employee);
//建立权限列表,将权限条件添加进权限列表中
Set<String> permissions = new HashSet<>();
if (permissionSnByEmployee != null) {
for (Permission permission : permissionSnByEmployee) {
permissions.add(permission.getSn());
}
}
//授予权限
info.setStringPermissions(permissions);
//返回权限信息
return info;
}
}
第二步:配置shiro文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<!--spring创建shiro的核心对象-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--确定我所使用的realm-->
<property name="realm" ref="itsourceRealm"/>
</bean>
<bean id="itsourceRealm" class="cn.itsource.rpms.realm.Myrealm">
<!--凭证匹配器-->
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<!--加密方式-->
<property name="hashAlgorithmName" value="MD5"/>
<!--加密次数-->
<property name="hashIterations" value="10"/>
</bean>
</property>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!--开启shiro注解权限 三种方式-->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<!--真正做事情的配置的过滤器 注意该bean的id必须和web.xml中的bean中的配置的filter-name一致-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!--登陆的url的地址 如果没有认证通过 统一跳到value的对应的页面-->
<property name="loginUrl" value="/login.html"/>
<!--登陆成功的url的地址 如果我认证成功就跳到主界面-->
<property name="successUrl" value="/main.jsp"/>
<!--如果没权限跳到 对应的value地址-->
<property name="unauthorizedUrl" value="/employee/index"/>
<property name="filters">
<map>
<entry key="MyPerms">
<bean class="cn.itsource.rpms.realm.MyPermissionAuthorizationFilter"/>
</entry>
</map>
</property>
<!--过滤器链-->
<!--<property name="filterChainDefinitions">-->
<!--<value>-->
<!--<!–前面是路径后面才是过滤器-->
<!--anon 不需要认证 直接放行-->
<!--authc 必须认证之后才能放行-->
<!--–>-->
<!--/login/login.jsp = anon-->
<!--<!–logout 注销–>-->
<!--/logout = logout-->
<!--/js/**=anon-->
<!--/images/**=anon-->
<!--/css/**=anon-->
<!--/login = anon-->
<!--/** = authc-->
<!--</value>-->
<!--</property>-->
<!--动态获取权限-->
<property name="filterChainDefinitionMap" ref="filterChainDefinitionMap"/>
</bean>
<!--动态创建类-->
<bean id="permisission" class="cn.itsource.rpms.realm.Permisission" />
<!--调类里面的一个方法-->
<bean id="filterChainDefinitionMap" factory-bean="permisission" factory-method="creatMap"/>
</beans>
第三步:动态授权utl
public class Permisission {
@Autowired
private IPermissionService permissionService;
@Autowired
ISystemMenuService systemMenuService;
public Map<String,Object> creatMap(){
Map<String,Object> map=new LinkedHashMap<>();
map.put("/index.jsp","anon");
map.put("/login/index","anon");
map.put("/login/regist", "anon");
map.put("/static/login/*", "anon");
map.put("/register.jsp", "anon");
map.put("/login/getcode", "anon");
map.put("/login/save", "anon");
map.put("/login/getcode", "anon");
map.put("/static/images/*", "anon");
map.put("/static/css/*", "anon");
map.put("/login.html", "anon");
map.put("/wechat/*", "anon");
map.put("/js/**","anon");
map.put("*.js","anon");
map.put("*.css","anon");
map.put("/css/**","anon");
map.put("/static/js/plugins/**","anon");
map.put("/static/login/js/*","anon");
map.put("/static/login/css/*","anon");
map.put("static/login/webfonts/*","anon");
map.put("/images/**","anon");
map.put("/logout", "logout");
List<Permission> permissions = permissionService.selectAll();
for (Permission systemMenu : permissions) {
// System.out.println(systemMenu);
map.put(systemMenu.getResource(), "MyPerms["+systemMenu.getSn()+"]");
}
map.put("/**","authc");
return map;
}
}