springboot + shiro + cas login + authorization + sso single sign-on (1)
In this article, we will use springboot + redis + shiro to develop roles + permissions.
1. Create a new maven + springboot project, my project structure is:
sso_login is a maven project. There are two modules in it, which are the springboot project of member and order. The member is mainly related to login. The order is mainly for testing from the single point of the member system to the order system in the future.
2. member engineering structure
3. Pom file of sso_login:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.gane.maple</groupId>
<artifactId>sso_login</artifactId>
<packaging>pom</packaging>
<version>1.0</version>
<modules>
<module>member</module>
<module>order</module>
</modules>
<properties>
<spring.boot.version>2.2.6.RELEASE</spring.boot.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring.boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
</project>4. The pom file of the member project:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.gane.maple</groupId>
<artifactId>sso_login</artifactId>
<version>1.0</version>
</parent>
<groupId>com.gane.maple.member</groupId>
<artifactId>member</artifactId>
<version>1.0.0</version>
<name>member</name>
<description>member system</description>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<!-- redis -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<version>2.9.0</version>
</dependency>
<dependency>
<groupId>org.crazycake</groupId>
<artifactId>shiro-redis</artifactId>
<version>3.1.0</version>
<exclusions>
<exclusion>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- apache -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.3.2</version>
</dependency>
<!-- thymeleaf -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!-- 热启动 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<fork>true</fork> <!-- 如果没有该配置,devtools不会生效 -->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
5. Application.properties file
# redis setting
jedis.pool.host=xxxxx
jedis.pool.port=6379
jedis.pool.timeout=300000
jedis.pool.password=xxxxx
jedis.pool.database=0
jedis.pool.config.maxTotal=100
jedis.pool.config.maxIdle=10
jedis.pool.config.maxWaitMillis=1000
#thymeleaf
spring.thymeleaf.prefix=classpath:/templates/
spring.thymeleaf.suffix=.html
spring.thymeleaf.mode=LEGACYHTML5
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=false6. The pages under templates are the same except login.html, but the description is different.
index.html
<!DOCTYPE html>
<!--解决th报错 -->
<html lang="en" xmlns:th="http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8">
<title>thymeleaf</title>
</head>
<body>
<h1> This is index page!</h1>
<h1 th:text="${userName}"></h1>
</body>
</html>user.html
<!DOCTYPE html>
<!--解决th报错 -->
<html lang="en" xmlns:th="http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8">
<title>thymeleaf</title>
</head>
<body>
<h1> This is user page!</h1>
<h1 th:text="${userName}"></h1>
</body>
</html>login.html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<title>登录</title>
<link rel="stylesheet" type="text/css" href="/css/common.css" />
</head>
<body>
<form th:action="@{/login}" method="post">
<div>
<!--/*@thymesVar id="error" type=""*/-->
<span id="basic-addon0"> </span>
<span style="font-size: 12px;color: red" th:text="${error}" aria-describedby="basic-addon0"></span>
<br />
</div>
<div>
<span id="basic-addon1">@</span>
<input id="user_name" name="username" type="text" placeholder="用户名" aria-describedby="basic-addon1" />
</div>
<br />
<div>
<span id="basic-addon2">@</span>
<input id="password" name="password" type="password" placeholder="密码" aria-describedby="basic-addon2" />
</div>
<br />
<button type="submit" style="width:190px;">登 录</button>
</form>
</body>
</html>
7. User class
package com.gane.maple.member.model;
import lombok.Data;
import java.io.Serializable;
/**
* @Description TODO
* @Date 2020/4/9 20:09
* @Created by 王弘博
*/
@Data
public class User implements Serializable {
private String username;
private String password;
}
8 、 ShiroController
package com.gane.maple.member.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
/**
* @Description TODO
* @Date 2020/4/9 18:49
* @Created by 王弘博
*/
@Controller
public class ShiroController {
private static final Logger logger = LoggerFactory.getLogger(ShiroController.class);
@GetMapping("/index")
public String index(Model model) {
model.addAttribute("userName", "maple");
return "/index";
}
@GetMapping("/user")
public String user(Model model) {
model.addAttribute("userName", "maple");
return "/user";
}
@RequiresPermissions("admin:manage")
@GetMapping("/manage")
public String manage(Model model) {
model.addAttribute("userName", "maple");
return "/user_manage";
}
@RequiresPermissions("admin:query")
@GetMapping("/query")
public String query(Model model) {
model.addAttribute("userName", "maple");
return "/user_query";
}
@GetMapping("/login")
public String login(Model model) {
model.addAttribute("userName", "maple");
return "/login";
}
@PostMapping("/login")
public String login(String username, String password) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password, true);
try {
logger.info("对用户[" + username + "]进行登录验证..验证开始");
subject.login(token);
logger.info("对用户[" + username + "]进行登录验证..验证通过");
} catch (UnknownAccountException uae) {
logger.info("对用户[" + username + "]进行登录验证..验证未通过,未知账户");
} catch (IncorrectCredentialsException ice) {
logger.info("对用户[" + username + "]进行登录验证..验证未通过,错误的凭证");
} catch (LockedAccountException lae) {
logger.info("对用户[" + username + "]进行登录验证..验证未通过,账户已锁定");
} catch (ExcessiveAttemptsException eae) {
logger.info("对用户[" + username + "]进行登录验证..验证未通过,错误次数过多");
} catch (AuthenticationException ae) {
logger.info("对用户[" + username + "]进行登录验证..验证未通过,堆栈轨迹如下");
ae.printStackTrace();
}
if (subject.isAuthenticated()) {
logger.info("用户[" + username + "]登录认证通过(这里可以进行一些认证通过后的一些系统参数初始化操作)");
return "redirect:/user";
}
token.clear();
return "redirect:/login";
}
@GetMapping("/logout")
public String logout() {
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()) {
subject.logout();
}
return "redirect:/login";
}
@GetMapping("/403")
public String unauthorizedRole() {
logger.info("------没有权限-------");
return "403";
}
}
9、RedisConfiguration
package com.gane.maple.member.config.redis;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import redis.clients.jedis.JedisPool;
import redis.clients.jedis.JedisPoolConfig;
import javax.annotation.Resource;
/**
* @Description redis配置
* @Date 2019/7/11 13:09
* @Created by 王弘博
*/
@Configuration
public class RedisConfiguration {
@Bean(name = "jedis.pool")
@Resource
public JedisPool jedisPool(@Qualifier("jedis.pool.config") JedisPoolConfig config,
@Value("${jedis.pool.host}") String host,
@Value("${jedis.pool.port}") int port,
@Value("${jedis.pool.timeout}") int timeout,
@Value("${jedis.pool.password}") String password,
@Value("${jedis.pool.database}") int database) {
return new JedisPool(config, host, port, timeout, password, database);
}
@Bean(name = "jedis.pool.config")
public JedisPoolConfig jedisPoolConfig(@Value("${jedis.pool.config.maxTotal}") int maxTotal,
@Value("${jedis.pool.config.maxIdle}") int maxIdle,
@Value("${jedis.pool.config.maxWaitMillis}") int maxWaitMillis) {
JedisPoolConfig config = new JedisPoolConfig();
config.setMaxTotal(maxTotal);
config.setMaxIdle(maxIdle);
config.setMaxWaitMillis(maxWaitMillis);
return config;
}
}
10. RedisClient (not used)
package com.gane.maple.member.config.redis;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import redis.clients.jedis.Jedis;
import redis.clients.jedis.JedisPool;
import javax.annotation.Resource;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
/**
* @Description redis常用方法
* @Date 2019/7/11 13:09
* @Created by 王弘博
*/
@Component
public class RedisClient {
private Logger logger = LoggerFactory.getLogger(RedisClient.class);
@Resource
private JedisPool jedisPool;
public Long del(String key) {
Long value = null;
Jedis jedis = null;
try {
jedis = this.getResource();
if (jedis.exists(key)) {
value = jedis.del(key);
this.logger.debug("del {} = {}", key, value);
}
} catch (Exception e) {
this.logger.error("del {} = {}", new Object[]{key, value, e});
} finally {
this.release(jedis);
}
return value;
}
public String get(String key) {
String value = null;
Jedis jedis = null;
try {
jedis = this.getResource();
if (jedis.exists(key)) {
value = jedis.get(key);
value = StringUtils.isNotBlank(value) && !"nil".equalsIgnoreCase(value) ? value : null;
this.logger.debug("get {} = {}", key, value);
}
} catch (Exception e) {
this.logger.error("get {} = {}", new Object[]{key, value, e});
} finally {
this.release(jedis);
}
return value;
}
public String set(String key, String value) {
return this.set(key, value, 0);
}
public String set(String key, String value, int expire) {
Jedis jedis = null;
String result = null;
try {
jedis = this.getResource();
result = jedis.set(key, value);
if (expire != 0) {
jedis.expire(key, expire);
}
logger.debug("set {} = {}", key, value);
} catch (Exception e) {
logger.error("set {} = {}", new Object[]{key, value, e});
} finally {
this.release(jedis);
}
return result;
}
public boolean exists(String key) {
boolean result = false;
Jedis jedis = null;
try {
jedis = this.getResource();
result = jedis.exists(key);
} catch (Exception e) {
logger.error("exists {}", key, e);
} finally {
this.release(jedis);
}
return result;
}
/**
* ttl
*
* @param key
* @return
*/
public Long ttl(String key) {
Long result = 0L;
Jedis jedis = null;
try {
jedis = this.getResource();
result = jedis.ttl(key);
} catch (Exception e) {
logger.error("exists {}", key, e);
} finally {
this.release(jedis);
}
return result;
}
public Long incr(String key) {
return incrWithExpire(key, 0);
}
public Long incrWithExpire(String key, int seconds) {
Jedis jedis = null;
Long incr;
try {
if (StringUtils.isBlank(key)) {
incr = null;
return incr;
}
jedis = this.getResource();
incr = jedis.incr(key);
if (seconds > 0) {
jedis.expire(key, seconds);
}
} catch (Exception e) {
logger.error("incr {} ", key, e);
return null;
} finally {
this.release(jedis);
}
return incr;
}
public Long incrBy(String key, Long integer) {
Jedis jedis = null;
Long incrBy;
try {
if (StringUtils.isBlank(key)) {
incrBy = null;
return incrBy;
}
if (integer == null) {
integer = 0L;
}
jedis = this.getResource();
incrBy = jedis.incrBy(key, integer);
} catch (Exception e) {
logger.error("incr {} ", key, e);
return null;
} finally {
this.release(jedis);
}
return incrBy;
}
public Long incrByWithExpire(String key, Long integer, int seconds) {
Jedis jedis = null;
Long incrBy;
try {
if (StringUtils.isBlank(key)) {
incrBy = null;
return incrBy;
}
if (integer == null) {
integer = 0L;
}
jedis = this.getResource();
incrBy = jedis.incrBy(key, integer);
if (seconds > 0) {
jedis.expire(key, seconds);
}
} catch (Exception e) {
logger.error("incr {} ", key, e);
return null;
} finally {
this.release(jedis);
}
return incrBy;
}
public Long decrBy(String key, Long integer) {
Jedis jedis = null;
Long decrBy;
try {
if (StringUtils.isBlank(key)) {
decrBy = null;
return decrBy;
}
if (integer == null) {
integer = 0L;
}
jedis = this.getResource();
decrBy = jedis.decrBy(key, integer);
} catch (Exception e) {
logger.error("incr {} ", key, e);
return null;
} finally {
this.release(jedis);
}
return decrBy;
}
public Long decr(String key) {
Jedis jedis = null;
Long decr;
try {
if (StringUtils.isBlank(key)) {
decr = null;
return decr;
}
jedis = this.getResource();
decr = jedis.decr(key);
return decr;
} catch (Exception e) {
logger.error("decr {} ", key, e);
return null;
} finally {
this.release(jedis);
}
}
/**
* hgetAll
*
* @param key
* @return
*/
public Map<String, String> hgetAll(String key) {
Map<String, String> map = new HashMap<>();
Jedis jedis = null;
try {
if (StringUtils.isBlank(key)) {
return map;
}
jedis = this.getResource();
map = jedis.hgetAll(key);
return map;
} catch (Exception e) {
logger.error("hgetAll {} ", key, e);
return null;
} finally {
this.release(jedis);
}
}
/**
* hmset
*
* @param key
* @return
*/
public String hmset(String key, Map<String, String> map) {
Jedis jedis = null;
try {
if (StringUtils.isBlank(key)) {
return null;
}
jedis = this.getResource();
return jedis.hmset(key, map);
} catch (Exception e) {
logger.error("hmset {} ", key, e);
return null;
} finally {
this.release(jedis);
}
}
/**
* hdel
*
* @param key
* @param fields
* @return
*/
public Long hdel(String key, String... fields) {
Jedis jedis = null;
try {
jedis = this.getResource();
return jedis.hdel(key, fields);
} catch (Exception e) {
logger.error("hdel {} ", key, e);
return null;
} finally {
this.release(jedis);
}
}
/**
* llen(获取列表长度)
*
* @param key
* @return
*/
public Long llen(String key) {
Jedis jedis = null;
try {
jedis = this.getResource();
return jedis.llen(key);
} catch (Exception e) {
logger.error("llen {} ", key, e);
return null;
} finally {
this.release(jedis);
}
}
/**
* lpushx(将一个值插入到已存在的列表头部)
*
* @param key
* @param value
* @return
*/
public Long lpushx(String key, String value) {
return lpush(key, value);
}
/**
* lpush(将一个或多个值插入到列表头部)
*
* @param key
* @param fields
* @return
*/
public Long lpush(String key, String... fields) {
Jedis jedis = null;
try {
jedis = this.getResource();
return jedis.lpush(key, fields);
} catch (Exception e) {
logger.error("lpush {} ", key, e);
return null;
} finally {
this.release(jedis);
}
}
/**
* rpop(移除列表的最后一个元素,返回值为移除的元素)
*
* @param key
* @return
*/
public String rpop(String key) {
Jedis jedis = null;
try {
jedis = this.getResource();
return jedis.rpop(key);
} catch (Exception e) {
logger.error("rpop {} ", key, e);
return null;
} finally {
this.release(jedis);
}
}
/**
* 获取分布式锁
*
* @param lockKey
* @return
*/
public boolean getLock(String lockKey) {
return this.getLock(lockKey, "1", 5);
}
/**
* 获取分布式锁
*
* @param lockKey
* @param requestId
* @param expireTime
* @return
*/
public boolean getLock(String lockKey, String requestId, int expireTime) {
Jedis jedis = null;
try {
jedis = this.getResource();
String result = jedis.set(lockKey, requestId, "NX", "EX", expireTime);
if ("OK".equals(result)) {
return true;
}
return false;
} catch (Exception e) {
logger.error("getLock {} ", lockKey, e);
return false;
} finally {
this.release(jedis);
}
}
/**
* 释放分布式锁
*
* @param lockKey
* @return
*/
public boolean unLock(String lockKey) {
return this.unLock(lockKey, "1");
}
/**
* 释放分布式锁
*
* @param lockKey
* @param requestId
* @return
*/
public boolean unLock(String lockKey, String requestId) {
Jedis jedis = null;
try {
String script = "if redis.call(\"get\",KEYS[1]) == ARGV[1] then\n" +
" return redis.call(\"del\",KEYS[1])\n" +
"else\n" +
" return 0\n" +
"end";
jedis = this.getResource();
Object result = jedis.eval(script, Collections.singletonList(lockKey),
Collections.singletonList(requestId));
if ("OK".equals(result)) {
return true;
}
return false;
} catch (Exception e) {
logger.error("unLock {} ", lockKey, e);
return false;
} finally {
this.release(jedis);
}
}
private Jedis getResource() throws Exception {
try {
return jedisPool.getResource();
} catch (Exception e) {
logger.error("getResource.", e);
throw e;
}
}
private void release(Jedis jedis) {
if (jedis != null) {
jedis.close();
}
}
}
11. The following are the two key classes
ShiroConfiguration
package com.gane.maple.member.config.shiro;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.crazycake.shiro.RedisCacheManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @Description TODO
* @Date 2020/4/9 19:58
* @Created by 王弘博
*/
@Configuration
public class ShiroConfiguration {
@Value("${jedis.pool.host}")
private String host;
@Value("${jedis.pool.port}")
private int port;
@Value("${jedis.pool.password}")
private String password;
@Value("${jedis.pool.database}")
private int database;
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
defaultSecurityManager.setRealm(userRealm());
defaultSecurityManager.setCacheManager(cacheManager());
defaultSecurityManager.setSessionManager(sessionManager());
defaultSecurityManager.setRememberMeManager(rememberMeManager());
return defaultSecurityManager;
}
@Bean
public UserShiroRealm userRealm() {
UserShiroRealm userShiroRealm = new UserShiroRealm();
userShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
userShiroRealm.setCachingEnabled(false);
return userShiroRealm;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/user");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
//anon为不用登陆就可以访问的,authc 是必须登陆才可以访问,
//filterChainDefinitionMap.put("/**", "authc") 这个一定要放在最后
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/logout", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/index", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* 给static,不然Redis注入不进来
*
* @return
*/
@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions)
* 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
* 配置以下两个bean(DefaultAdvisorAutoProxyCreator(可选)和
* AuthorizationAttributeSourceAdvisor)即可实现此功能
*/
@Bean
@DependsOn({"lifecycleBeanPostProcessor"})
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
/**
* 用户注册的时候,程序将明文通过加密方式加密,存到数据库的是密文,
* 登录时将密文取出来,再通过shiro将用户输入的密码进行加密对比,一样则成功,不一样则失败。
*
* @return
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用md5算法;
hashedCredentialsMatcher.setHashIterations(1024);//散列的次数,比如散列两次,相当于 md5( md5(""));
return hashedCredentialsMatcher;
}
/**
* cacheManager 缓存 redis实现
* 使用的是shiro-redis开源插件
*
* @return
*/
@Bean
public RedisCacheManager cacheManager() {
RedisCacheManager redisCacheManager = new RedisCacheManager();
redisCacheManager.setRedisManager(redisManager());
return redisCacheManager;
}
/**
* 配置shiro redisManager
* 使用的是shiro-redis开源插件
*
* @return
*/
@Bean
public RedisManager redisManager() {
RedisManager redisManager = new RedisManager();
redisManager.setHost(host);
redisManager.setPort(port);
redisManager.setPassword(password);
redisManager.setDatabase(database);
return redisManager;
}
/**
* Session Manager
* 使用的是shiro-redis开源插件
*/
@Bean
public DefaultWebSessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setSessionDAO(redisSessionDAO());
return sessionManager;
}
/**
* RedisSessionDAO shiro sessionDao层的实现 通过redis
* 使用的是shiro-redis开源插件
*/
@Bean
public RedisSessionDAO redisSessionDAO() {
RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
redisSessionDAO.setRedisManager(redisManager());
return redisSessionDAO;
}
/**
* 记住我
*
* @return
*/
@Bean
public CookieRememberMeManager rememberMeManager() {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
//rememberme cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位),通过以下代码可以获取
//KeyGenerator keygen = KeyGenerator.getInstance("AES");
//SecretKey deskey = keygen.generateKey();
//System.out.println(Base64.encodeToString(deskey.getEncoded()));
byte[] cipherKey = Base64.decode("wGiHplamyXlVB11UXWol8g==");
cookieRememberMeManager.setCipherKey(cipherKey);
cookieRememberMeManager.setCookie(rememberMeCookie());
return cookieRememberMeManager;
}
@Bean
public SimpleCookie rememberMeCookie() {
//这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
//如果httyOnly设置为true,则客户端不会暴露给客户端脚本代码,使用HttpOnly cookie有助于减少某些类型的跨站点脚本攻击;
simpleCookie.setHttpOnly(true);
//记住我cookie生效时间,默认30天 ,单位秒:60 * 60 * 24 * 30
simpleCookie.setMaxAge(60 * 60 * 7);
return simpleCookie;
}
}
UserShiroReaml
package com.gane.maple.member.config.shiro;
import com.gane.maple.member.model.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
/**
* @Description UserShiroRealm
* @Date 2020/4/9 19:59
* @Created by 王弘博
*/
public class UserShiroRealm extends AuthorizingRealm {
/**
* 权限授权
*
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//表明当前登录者的角色(真实项目中这里会去查询DB,拿到用户的角色,存到redis里)
info.addRole("admin");
//表明当前登录者的角色(真实项目中这里会去查询DB,拿到该角色的资源权限,存到redis里)
info.addStringPermission("admin:manage");
return info;
}
/**
* 登录认证
*
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
//通过token去查询DB,获取用户的密码,这里密码直接写死
User user = new User();
user.setUsername(token.getUsername());
return new SimpleAuthenticationInfo(user, "26bfdfe8689183e9235b1f0beb7a6f46",
ByteSource.Util.bytes(user.getUsername()), getName());
}
/**
* 密码(123456) + salt(maple),得出存进数据库里的密码:26bfdfe8689183e9235b1f0beb7a6f46
*
* @param args
*/
public static void main(String[] args) {
String hashAlgorithName = "MD5";
String password = "123456";
int hashIterations = 1024;//加密次数
ByteSource credentialsSalt = ByteSource.Util.bytes("maple");
SimpleHash simpleHash = new SimpleHash(hashAlgorithName, password, credentialsSalt, hashIterations);
String s = simpleHash.toHex();
System.out.println(s);
}
}
test:
index.html: can be accessed without logging in
user.html: requires user login to access, if the user is not logged in, jump to the login page login.html
user_manage.html: Only users with admin: manage permission can access the page
user_query.html: Only users with admin: query permission can access the page
(1) Start the project and directly access http: // localhost: 8080 / index , which should be directly accessible
(2) Direct access to http: // localhost: 8080 / user , it should jump to the login page
(3) We input maple / 111111, the password is wrong, we should stay on the login page
(4), we enter maple / 123456, the login is successful, it should jump to the user.html page
(5), we visit http: // localhost: 8080 / query , because the maple user does not have this permission, so it should report an error (because I did not do exception handling here)
(6), we visit http: // localhost: 8080 / manage , because the maple user has this permission, so we should jump to the user_manage.html page
Test completed, symbol expected
