Spring Boot easiest way to integrate Shiro + JWT

Brief introduction

Currently RESTfulmost are used JWTto make authorization check in Spring Bootcan be used in Shiroand JWTdo a simple permissions and authentication verification, in and Spring Bootmet a lot of pit integration process. We will of its own and the common use scenarios developed the easiest way to integrate fastdep-shiro-jwt.

Source Address

I hope you can support what star, follow-up will join Easy integration with other dependent.
https://github.com/louislivi/fastdep

The introduction of dependence

• Maven

<dependency>
    <groupId>com.louislivi.fastdep</groupId>
    <artifactId>fastdep-shiro-jwt</artifactId>
    <version>1.0.2</version>
</dependency>

• Gradle

compile group: 'com.louislivi.fastdep', name: 'fastdep-redis', version: '1.0.2'

Profiles

• application.yml

  fastdep:
  shiro-jwt:
    filter: #shiro过滤规则
      admin:
        path: /admin/**
        role: jwt # jwt为需要进行token校验
      front:
        path: /front/**/**
        role: anon # anon为无需校验
    secret: "6Dx8SIuaHXJYnpsG18SSpjPs50lZcT52" # jwt秘钥
  #    expireTime: 7200000 # token有效期
  #    prefix: "Bearer "  # token校验时的前缀
  #    signPrefix: "Bearer " # token生成签名的前缀
  #    header: "Authorization" # token校验时的header头
  #    以下对应为shiro配置参数，无特殊需求无需配置
  #    loginUrl: 
  #    successUrl: 
  #    unauthorizedUrl: 
  #    filterChainDefinitions: 

• User Permissions configuration class

  @Component
  public class FastDepShiroJwtConfig extends FastDepShiroJwtAuthorization {
  
    @Autowired
    private UserRequestDataMapper userRequestDataMapper;
  
    @Override
    public SimpleAuthorizationInfo getAuthorizationInfo(String userId) {
        // 查询该用户下的所有权限（当前为示例仅查询用户ID真实环境替换为用户的权限值）
        Set<String> collect = userRequestDataMapper.selectOptions().stream().map(u -> u.getUserId().toString()).collect(Collectors.toSet());
          SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
          System.out.println(collect);
          // 当前值为 [1]
          // 添加用户权限到SimpleAuthorizationInfo中
          simpleAuthorizationInfo.addStringPermissions(collect);
          return simpleAuthorizationInfo;
      }
  }

use

@RestController
public class TestController {
    @Autowired
    private JwtUtil jwtUtil;

    /**
     * 当前为示例所以直接返回了token，真实环境为校验登录信息后再返回token即可
     * @author : louislivi
     */
    @GetMapping("front/login")
    public String login() {
        // ...校验登录信息是否正确
        // 传入用户唯一标示
        return jwtUtil.sign("1"); 
    }

    /**
     * 当前为示例所以权限写的是用户ID 真实环境替换为权限key
     * @author : louislivi
     */
    @GetMapping("admin")
    @RequiresPermissions("1")
    public String jwt() {
        return "ok!";
    }
}

test

1. Obtaintoken

2. Test permissions check

• 带 token
  

• Without token

{
    "msg": "Access denied !",
    "code": 401
}

• Bring token, however, SimpleAuthorizationInfono designated authority

{
    "msg": "Subject does not have permission [1]",
    "code": 403
}

Spread

Sometimes you need to customize permissions error checking and return information structure, this time on the need to rewrite FastDepShiroJwtAuthorizationmethods in the class. For more details see here

principle

Use ImportBeanDefinitionRegistrar BeanDefinitionBuilder.genericBeanDefinitiondynamic injection Beanis actually very simple are interested can go look at the source, such integration is not simply rely on a lot of it?

I hope you can support open source, to a small star, follow-up will continue to develop other dependent integration, and even compatible with other framework. fastdepLet javaintegrate rely easier. Here also recruit like-minded codertogether to improve the project.