springboot整合shiro与自定义过滤器的全过程

目录

filter自定义过滤器 增加了 对验证码的校验

package com.youxiong.filter;import com.youxiong.shiro.urnamepasswordkaptchatoken;import org.apache.shiro.authc.authenticationtoken;import org.apache.shiro.subject.subject;import org.apache.shiro.web.filter.authc.formauthenticationfilter;import javax.rvlet.rvletrequest;import javax.rvlet.rvletrespon;import javax.rvlet.http.httprvletrequest;import javax.rvlet.http.httpssion;public class formvalid extends formauthenticationfilter {    private string kaptcha = "kaptcha_ssion_key";    public formvalid() {        super();    }    //用户未登录 /*   @override    protected boolean onaccessdenied(rvletrequest request, rvletrespon respon) throws exception {        httprvletrequest httprvletrequest = (httprvletrequest) request;        httpssion ssion = httprvletrequest.getssion();        string kaptchacode = (string) ssion.getattribute(kaptcha);        string code = httprvletrequest.getparameter("code");        if(code!=null&&kaptchacode!=null&&!kaptchacode.equals(code)){            httprvletrequest.tattribute("shirologinfailure","codeerror");            return true;        }        return super.onaccessdenied(request, respon);    }*/    //用户提交表单时候  创建的token    @override    protected authenticationtoken createtoken( rvletrequest request, rvletrespon respon) {        httprvletrequest httprvletrequest = (httprvletrequest) request;        string code = (string) httprvletrequest.getparameter("kaptcha");        string host = gethost(request);        string urname = geturname(request);        string password = getpassword(request);        boolean rememberme = isrememberme(request);        system.out.println("create token--------------code------>one "+code);        return new urnamepasswordkaptchatoken(urname,password.tochararray(),rememberme,host,code);    }}

自定义urnamepassword是为了接收前台发送过来的数据

package com.youxiong.shiro;import org.apache.shiro.authc.authenticationtoken;import org.apache.shiro.authc.urnamepasswordtoken;import java.io.rializable;public class urnamepasswordkaptchatoken extends urnamepasswordtoken {    private static final long rialversionuid = 1l;    private string kaptcha;    public urnam泥人张pptepasswordkaptchatoken(){        super();    }    public urnamepasswordkaptchatoken(string urname, char[] password, boolean rememberme, string host, string kaptcha) {        super(urname, password, rememberme, host);        this.kaptcha = kaptcha;    }    public string getkaptcha() {        return kaptcha;    }    public void tkaptcha(string kaptcha) {        this.kaptcha = kaptcha;    }}

shiro配置

package com.youxiong.config;import com.google.code.kaptcha.rvlet.kaptcharvlet;import com.youxiong.dao.urreposisty;import com.youxiong.domain.permission;import com.youxiong.domain.role;import com.youxiong.domain.古朗月行urinfo;import com.youxiong.filter.formvalid;import com.youxiong.redis.jediscachemanager;import com.youxiong.redis.redisssiondao;import com.youxiong.redis.redisssionlistener;import com.youxiong.redis.redissionfactory;import com.youxiong.shiro.myshirorealm;import org.apache.shiro.authc.credential.hashedcredentialsmatcher;import org.apache.shiro.mgt.curitymanager;import org.apache.shiro.ssion.ssionlistener;import org.apache.shiro.ssion.mgt.ssionfactory;import org.apache.shiro.ssion.mgt.ssionmanager;import org.apache.shiro.ssion.mgt.eis.enterpricachessiondao;import org.apache.shiro.ssion.mgt.eis.ssiondao;import org.apache.shiro.spring.curity.interceptor.authorizationattributesourceadvisor;import org.apache.shiro.spring.web.shirofilterfactorybean;imp美丽的西双版纳ort org.apache.shiro.web.mgt.defaultwebcuritymanager;import org.apache.shiro.web.rvlet.simplecookie;import org.apache.shiro.web.ssion.mgt.defaultwebssionmanager;import org.springframework.beans.factory.annotation.autowired;import org.springframework.boot.web.rvlet.rvletregistrationbean;import org.springframework.context.annotation.bean;import org.springframework.context.annotation.configuration;import org.springframework.web.rvlet.handler.simplemappingexceptionresolver;import javax.rvlet.filter;import java.util.*;@configurationpublic class shiroconfig {    @autowired    private urreposisty urreposisty;    @bean    public shirofilterfactorybean createshirofilter(curitymanager curitymanager) {        system.out.println("--------shirofilterfactorybean-------");        shirofilterfactorybean shirofilterfactorybean = new shirofilterfactorybean();        shirofilterfactorybean.tcuritymanager(curitymanager);        map<string, filter> filtermap = new hashmap<>();        //map里面key值要为authc才能使用自定义的过滤器        filtermap.put("authc", formvalid());        // can go to login        shirofilterfactorybean.tloginurl("/login.html");        //dologin success go to page        shirofilterfactorybean.tsuccessurl("/success.html");        //do not unauthorized page        shirofilterfactorybean.tunauthorizedurl("/403.html");        map<string, string> map = new linkedhashmap<string, string>();        //验证码的路径   不要跟下面需要认证的写在一个路径里  会被拦截的        map.put("/rvlet/**", "anon");        //需要把要授权的url  全部装到filterchain中去过滤        urinfo urinfo = urreposisty.findbyuid(1);        for (role role : urinfo.getroles()) {            for (permission permission : role.getpermissions()) {                if (permission.geturl() != "") {                    string permissions = "perms[" + permission.getpermission() + "]";                    map.put(permission.geturl(), permissions);                }            }        }        map.put("/ur*/*", "authc");        shirofilterfactorybean.tfilterchaindefinitionmap(map);        shirofilterfactorybean.tfilters(filtermap);        return shirofilterfactorybean;    }    //自己定义realm    @bean    public myshirorealm myshirorealm() {        myshirorealm myshirorealm = new myshirorealm();        return myshirorealm;    }    @bean    public curitymanager curitymanager() {        defaultwebcuritymanager curitymanager = new defaultwebcuritymanager();        curitymanager.trealm(myshirorealm());        //缓存管理        curitymanager.tcachemanager(jediscachemanager());        //会话管理        curitymanager.tssionmanager(ssionmanager());        return curitymanager;    }    //密码盐   可以不必实现    因为一般密码可以自己定义自己的密码加密规则/*    @bean    public hashedcredentialsmatcher hashedcredentialsmatcher(){        hashedcredentialsmatcher hashedcredentialsmatcher = new hashedcredentialsmatcher();        hashedcredentialsmatcher.thashalgorithmname("md5");        hashedcredentialsmatcher.thashiterations(2);        return hashedcredentialsmatcher;    }*/   //开启aop注解    @bean    public authorizationattributesourceadvisor authorizationattributesourceadvisor(curitymanager curitymanager) {        authorizationattributesourceadvisor authorizationattributesourceadvisor = new authorizationattributesourceadvisor();        authorizationattributesourceadvisor.tcuritymanager(curitymanager);        return authorizationattributesourceadvisor;    }    @bean(name = "simplemappingexceptionresolver")    public simplemappingexceptionresolver    createsimplemappingexceptionresolver() {        simplemappingexceptionresolver r = new simplemappingexceptionresolver();        properties mappings = new properties();        mappings.tproperty("databaexception", "databaerror");//数据库异常处理        mappings.tproperty("unauthorizedexception", "403");        r.texceptionmappings(mappings);  // none by default        r.tdefaulterrorview("error");    // no default        r.texceptionattribute("ex");     // default is "exception"        //r.twarnlogcategory("example.mvclogger");     // no default        return r;    }    //rvlet注册器   -----》验证码的路径    @bean    public rvletregistrationbean rvletregistrationbean() {        system.out.println("----验证码---");        return new rvletregistrationbean(new kaptcharvlet(), "/rvlet/kaptcha.jpg");    }    //自定义过滤器 ---》里面实现了对验证码校验    @bean("myfilter")    public formvalid formvalid() {        return new formvalid();    }    //jedis缓存    @bean    public jediscachemanager jediscachemanager() {        return new jediscachemanager();    }    @bean    public ssionmanager ssionmanager() {        defaultwebssionmanager defaultwebssionmanager = new defaultwebssionmanager();        defaultwebssionmanager.tssionidcookie(simplecookie());        defaultwebssionmanager.tssiondao(ssiondao());        //可以设置shiro提供的会话管理机制        //defaultwebssionmanager.tssiondao(new enterpricachessiondao());        return defaultwebssionmanager;    }    //这里就是会话管理的操作类    @bean    public ssiondao ssiondao() {        return new redisssiondao();    }    //这里需要设置一个cookie的名称  原因就是会跟原来的ssion的id值重复的    @bean    public simplecookie simplecookie() {        simplecookie simplecookie = new simplecookie("redisssion江苏高考排名");        return simplecookie;    }}

shiro中的权限控制

#需要同时拥有order:add和order:query权限才可以访问/order-add = perms["order:add","order:query"]#只需要order:del权限就可以访问/order-del = perms["order:del"]

perms表示的就是权限控制，中括号中就是需要访问等号之前路径，需要的权限名称。如果在使用shiro过滤器的时候，不配置过滤器，就会使用默认的过滤器。

以下是默认权限过滤器的源码。

public class permissionsauthorizationfilter extends authorizationfilter {  public permissionsauthorizationfilter() {  }  public boolean isaccessallowed(rvletrequest request, rvletrespon respon, object mappedvalue) throws ioexception {    subject subject = this.getsubject(request, respon);    string[] perms = (string[])mappedvalue;    boolean ispermitted = true;    if (perms != null && perms.length > 0) {      if (perms.length == 1) {        if (!subject.ispermitted(perms[0])) {          ispermitted = fal;        }      } el if (!subject.ispermittedall(perms)) {        ispermitted = fal;      }    }    return ispermitted;  }}

从上面的代码可以看出，我们的配置会默认被强转为string类型的字符串数组。当只有一个权限时，会直接判断有没有该权限； 当配置多个权限时，从下面的代码可以看出只用在请求url的用户拥有所有的权限时，才会返回true，否则就会被拒绝访问。

总结

到此这篇关于springboot整合shiro与自定义过滤器的文章就介绍到这了,更多相关springboot整合shiro与自定义过滤器内容请搜索www.887551.com以前的文章或继续浏览下面的相关文章希望大家以后多多支持www.887551.com！