Brief introduction
Currently RESTful
most are used JWT
to make authorization check in Spring Boot
can be used in Shiro
and JWT
do a simple permissions and authentication verification, in and Spring Boot
met a lot of pit integration process. We will of its own and the common use scenarios developed the easiest way to integrate fastdep-shiro-jwt
.
Source Address
I hope you can support what star, follow-up will join Easy integration with other dependent.
https://github.com/louislivi/fastdep
The introduction of dependence
Maven
<dependency>
<groupId>com.louislivi.fastdep</groupId>
<artifactId>fastdep-shiro-jwt</artifactId>
<version>1.0.2</version>
</dependency>
Gradle
compile group: 'com.louislivi.fastdep', name: 'fastdep-redis', version: '1.0.2'
Profiles
application.yml
fastdep: shiro-jwt: filter: #shiro过滤规则 admin: path: /admin/** role: jwt # jwt为需要进行token校验 front: path: /front/**/** role: anon # anon为无需校验 secret: "6Dx8SIuaHXJYnpsG18SSpjPs50lZcT52" # jwt秘钥 # expireTime: 7200000 # token有效期 # prefix: "Bearer " # token校验时的前缀 # signPrefix: "Bearer " # token生成签名的前缀 # header: "Authorization" # token校验时的header头 # 以下对应为shiro配置参数,无特殊需求无需配置 # loginUrl: # successUrl: # unauthorizedUrl: # filterChainDefinitions:
User Permissions configuration class
@Component public class FastDepShiroJwtConfig extends FastDepShiroJwtAuthorization { @Autowired private UserRequestDataMapper userRequestDataMapper; @Override public SimpleAuthorizationInfo getAuthorizationInfo(String userId) { // 查询该用户下的所有权限(当前为示例仅查询用户ID真实环境替换为用户的权限值) Set<String> collect = userRequestDataMapper.selectOptions().stream().map(u -> u.getUserId().toString()).collect(Collectors.toSet()); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); System.out.println(collect); // 当前值为 [1] // 添加用户权限到SimpleAuthorizationInfo中 simpleAuthorizationInfo.addStringPermissions(collect); return simpleAuthorizationInfo; } }
use
@RestController
public class TestController {
@Autowired
private JwtUtil jwtUtil;
/**
* 当前为示例所以直接返回了token,真实环境为校验登录信息后再返回token即可
* @author : louislivi
*/
@GetMapping("front/login")
public String login() {
// ...校验登录信息是否正确
// 传入用户唯一标示
return jwtUtil.sign("1");
}
/**
* 当前为示例所以权限写的是用户ID 真实环境替换为权限key
* @author : louislivi
*/
@GetMapping("admin")
@RequiresPermissions("1")
public String jwt() {
return "ok!";
}
}
test
1. Obtaintoken
2. Test permissions check
带 token
- Without token
{
"msg": "Access denied !",
"code": 401
}
- Bring token, however,
SimpleAuthorizationInfo
no designated authority
{
"msg": "Subject does not have permission [1]",
"code": 403
}
Spread
Sometimes you need to customize permissions error checking and return information structure, this time on the need to rewrite FastDepShiroJwtAuthorization
methods in the class. For more details see here
principle
Use ImportBeanDefinitionRegistrar
BeanDefinitionBuilder.genericBeanDefinition
dynamic injection Bean
is actually very simple are interested can go look at the source, such integration is not simply rely on a lot of it?
I hope you can support open source, to a small star, follow-up will continue to develop other dependent integration, and even compatible with other framework. fastdep
Let java
integrate rely easier. Here also recruit like-minded coder
together to improve the project.