学习笔记 : 一个基础的SpringBoot整合Shiro案例
前些日子写了一个整合Shiro的基本Web案例,然后又进阶地学习了SpringBoot整合Shiro的基本知识,继而今天总结一下 : 写一个基础的SpringBoot整合Shiro案例~ 该案例的代码仓库 : https://github.com/YUbuntu0109/Shiro-learning/tree/master/spring%20boot%20project%20with%20shiro
数据库设计
数据库ER图如下所示 :
数据表中用户及其分配的权限信息如下所示 :
账户 |
密码(MD5加密前) |
角色 |
权限 |
admin |
demo |
admin |
* |
tea |
demo |
teacher |
teaListView:view , stuListView:view , stuListView:add , stuListView:edit |
stu |
demo |
student |
stuListView:view |
资源权限设计
springboot-shiro/src/main/java/pers/huangyuhui/ss/shiro/ShiroConfig.java : 资源过滤及其权限的配置信息如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
|
@Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap()); shiroFilterFactoryBean.setLoginUrl("/loginView"); shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorizedView"); return shiroFilterFactoryBean; }
private Map<String, String> filterChainDefinitionMap() { Map<String, String> filterMap = new LinkedHashMap<>(); filterMap.put("/stuListView", "authc"); filterMap.put("/teaListView", "authc"); filterMap.put("/login", "anon"); filterMap.put("/logout", "logout"); filterMap.put("/teaListView", "roles[admin]"); filterMap.put("/stuListView", "perms[stuListView:view]"); filterMap.put("/teaListView", "perms[teaListView:view]"); filterMap.put("/**", "authc"); return filterMap; }
|
凭证加密设计
springboot-shiro/src/main/java/pers/huangyuhui/ss/shiro/ShiroConfig.java : 用户凭证加密的配置信息如下(盐值:用户名)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
|
@Bean public UserRealm userRealm(HashedCredentialsMatcher hashedCredentialsMatcher) { UserRealm userRealm = new UserRealm(); userRealm.setCredentialsMatcher(hashedCredentialsMatcher); return userRealm; }
@Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5"); hashedCredentialsMatcher.setHashIterations(3); hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true); return hashedCredentialsMatcher; }
|
springboot-shiro/src/main/java/pers/huangyuhui/ss/utils/SecurityUtils.java : 密码加密逻辑如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
|
public class SecurityUtils {
public static void main(String[] args) { String md5Pwd = new SimpleHash("md5", "demo", ByteSource.Util.bytes("stu"), 3).toHex(); System.out.println(md5Pwd); } }
|
Thymeleaf整合Shiro标签
springboot-shiro/src/main/java/pers/huangyuhui/ss/shiro/ShiroConfig.java : Thymeleaf整合Shiro标签的配置如下
1 2 3 4 5 6 7 8 9
|
@Bean public ShiroDialect shiroDialect() { return new ShiroDialect(); }
|
Shiro集成EhCache缓存
springboot-shiro/src/main/java/pers/huangyuhui/ss/shiro/ShiroConfig.java : Shiro集成EhCache的配置信息如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
|
@Bean public SecurityManager securityManager(UserRealm userRealm, EhCacheManager ehCacheManager) { DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager(); defaultWebSecurityManager.setRealm(userRealm); defaultWebSecurityManager.setCacheManager(ehCacheManager); return defaultWebSecurityManager; }
@Bean public EhCacheManager ehCacheManager() { CacheManager cacheManager = CacheManager.getCacheManager("myEhcache"); if (cacheManager == null) { cacheManager = CacheManager.create(); } EhCacheManager ehCacheManager = new EhCacheManager(); ehCacheManager.setCacheManager(cacheManager); return ehCacheManager;
}
|
案例截屏解析
用户登录页,访问资源前必须先进行用户身份认证,详情参考资源拦截器中的配置信息哟
若要访问教师 / 学生信息管理页,需要用户拥有teaListView:view / stuListView:view
权限
管理员( admin )拥有访问资源的所有权限( * ),所以可以操控学生信息页面中的任何操作
管理员( admin )拥有访问资源的所有权限( * ),所以可以操控教师信息页面中的任何操作
教师( tea )拥有学生页面的stuListView:view , stuListView:add , stuListView:edit
权限,所以删除信息操作为不可见
教师( tea )仅拥有教师信息管理页面的teaListView:view
权限,所以增,删,改,操作为不可见状态
学生( stu )仅拥有学生信息管理页面的stuListView:view
权限,所以增,删,改,操作为不可见状态
学生( stu )没有访问教师信息管理页面的权限,所以被资源拦截器所拦截继而进入指定的’unauthorized.html’页面
数据库设计参考了(非常感谢) : https://www.jianshu.com/p/7716951f4d7f