阅读导航
文章目录
01、整合shrio前后分离的写法
1.1、加入全局异常监控
@RestControllerAdvice //以json串的形式返回出去
public class AppExceptionAdivse {
@ExceptionHandler(value= {UnauthorizedException.class})
public Map<String, Object> unauthorized() {
Map<String, Object> map=new HashMap<>();
map.put("code", 302);
map.put("msg", "未授权");
System.out.println("未授权");
return map;
}
}
1.2、修改LoginController
@RestController
@RequestMapping("login")
public class LoginController {
/**
* 登陆
*/
@RequestMapping("login")
public Map<String,Object> login(String username,String password,HttpSession session) {
Map<String,Object> map=new HashMap<>();
//封装token
UsernamePasswordToken token=new UsernamePasswordToken(username, password);
//得到主体
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
ActiverUser activerUser = (ActiverUser) subject.getPrincipal();
session.setAttribute("user", activerUser.getUser());
map.put("code", 200);
map.put("msg", "登陆成功");
return map;
} catch (AuthenticationException e) {
e.printStackTrace();
map.put("code", -1);
map.put("msg", "登陆失败 用户名或密码不正确");
return map;
}
}
}
1.3、修改UserController
@RestController
@RequestMapping("user")
public class UserController {
@RequiresPermissions(value= {"user:query"})
@RequestMapping("query")
public Map<String,Object> query() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "query");
return map;
}
@RequiresPermissions(value= {"user:add"})
@RequestMapping("add")
public Map<String,Object> add() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "add");
return map;
}
@RequiresPermissions(value= {"user:update"})
@RequestMapping("update")
public Map<String,Object> update() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "update");
return map;
}
@RequiresPermissions(value= {"user:delete"})
@RequestMapping("delete")
public Map<String,Object> delete() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "delete");
return map;
}
@RequiresPermissions(value= {"user:export"})
@RequestMapping("export")
public Map<String,Object> export() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "export");
return map;
}
}
1.4、创建ShiroLoginFilter
public class ShiroLoginFilter extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
//if (isAjax(request)) {
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
Map<String,Object> resultData = new HashMap<>();
resultData.put("code", -1);
resultData.put("msg", "未登录!");
httpServletResponse.getWriter().write(JSONObject.toJSON(resultData).toString());
/* } else {
// saveRequestAndRedirectToLogin(request, response);
*//**
* @Mark 非ajax请求重定向为登录页面
*//*
httpServletResponse.sendRedirect("/login.jsp");
}*/
return false;
}
private boolean isAjax(ServletRequest request) {
String header = ((HttpServletRequest) request).getHeader("X-Requested-With");
if ("XMLHttpRequest".equalsIgnoreCase(header)) {
return Boolean.TRUE;
}
return Boolean.FALSE;
}
}
1.5、修改pom.xml引入fastjson
<fastjson.version>1.2.60</fastjson.version>
<!-- https://mvnrepository.com/artifact/com.alibaba/fastjson -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
1.6、修改ShiroAutoConfiguration
@Configuration
@EnableConfigurationProperties(ShiroProperties.class)
public class ShiroAutoConfiguration {
@Autowired
private ShiroProperties shiroProperties;
/**
* 创建凭证匹配器
*/
@Bean
public HashedCredentialsMatcher credentialsMatcher(){
HashedCredentialsMatcher credentialsMatcher=new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName(shiroProperties.getHashAlgorithmName());
credentialsMatcher.setHashIterations(shiroProperties.getHashIterations());
return credentialsMatcher;
}
/**
* 创建realm
*/
@Bean
public UserRealm userRealm(CredentialsMatcher credentialsMatcher){
UserRealm userRealm=new UserRealm();
//注入凭证匹配器
userRealm.setCredentialsMatcher(credentialsMatcher);
return userRealm;
}
/**
* 声明安全管理器
*/
@Bean("securityManager")
public SecurityManager securityManager(UserRealm userRealm){
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
/**
* 配置过滤器 Shiro 的Web过滤器 id必须和web.xml里面的shiroFilter的 targetBeanName的值一样
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
//注入安全管理器
bean.setSecurityManager(securityManager);
//注入登陆页面
bean.setLoginUrl(shiroProperties.getLoginUrl());
//注入未授权的页面地址
bean.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());
//注入过滤器
Map<String, String> filterChainDefinition=new HashMap<>();
//注入放行地址
if(shiroProperties.getAnonUrls()!=null&&shiroProperties.getAnonUrls().length>0){
String[] anonUrls = shiroProperties.getAnonUrls();
for (String anonUrl : anonUrls) {
filterChainDefinition.put(anonUrl,"anon");
}
}
//注入登出的地址
if(shiroProperties.getLogoutUrl()!=null){
filterChainDefinition.put(shiroProperties.getLogoutUrl(),"logout");
}
//注拦截的地址
String[] authcUrls = shiroProperties.getAuthcUrls();
if(authcUrls!=null&&authcUrls.length>0){
for (String authcUrl : authcUrls) {
filterChainDefinition.put(authcUrl,"authc");
}
}
bean.setFilterChainDefinitionMap(filterChainDefinition);
//创建自定义filter
ShiroLoginFilter filter=new ShiroLoginFilter();
Map<String,Filter> map=new HashMap<>();
map.put("authc",filter);
bean.setFilters(map);
return bean;
}
/**
* 注册过滤器
*/
@Bean
public FilterRegistrationBean<DelegatingFilterProxy> filterRegistrationBeanDelegatingFilterProxy(){
FilterRegistrationBean<DelegatingFilterProxy> bean=new FilterRegistrationBean<>();
//创建过滤器
DelegatingFilterProxy proxy=new DelegatingFilterProxy();
bean.setFilter(proxy);
bean.addInitParameter("targetFilterLifecycle","true");
bean.addInitParameter("targetBeanName","shiroFilter");
// bean.addUrlPatterns();
List<String> servletNames=new ArrayList<>();
servletNames.add(DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_BEAN_NAME);
bean.setServletNames(servletNames);
return bean;
}
/**
* 这里是为了能在html页面引用shiro标签,上面两个函数必须添加,不然会报错
*/
@Bean(name = "shiroDialect")
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
/*加入注解的使用,不加入这个注解不生效--开始*/
/**
*
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
@Bean
public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
/*加入注解的使用,不加入这个注解不生效--结束*/
}
其他
我的副业:觉得我的文章写得不错就支持一下我的副业吧
- 地址一:https://lsqstudy.github.io/post/d76a15aa112345.html
- 地址二:https://lsqstudy.gitee.io/post/d76a15aa112345.html
我的其他平台
作者做笔记不容易,请评个分吧!
- 如果觉得文章写行不错就点个 赞。✌
- 如果觉得写得好就 一键三连!✌✌✌
- 如果文章对你很有帮助,请 打赏。 💃💃💃💃💃
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
