package com.youxiong.filter;import com.youxiong.shiro.urnamepasswordkaptchatoken;import org.apache.shiro.authc.authenticationtoken;import org.apache.shiro.subject.subject;import org.apache.shiro.web.filter.authc.formauthenticationfilter;import javax.rvlet.rvletrequest;import javax.rvlet.rvletrespon;import javax.rvlet.http.httprvletrequest;import javax.rvlet.http.httpssion;public class formvalid extends formauthenticationfilter { private string kaptcha = "kaptcha_ssion_key"; public formvalid() { super(); } //用户未登录 /* @override protected boolean onaccessdenied(rvletrequest request, rvletrespon respon) throws exception { httprvletrequest httprvletrequest = (httprvletrequest) request; httpssion ssion = httprvletrequest.getssion(); string kaptchacode = (string) ssion.getattribute(kaptcha); string code = httprvletrequest.getparameter("code"); if(code!=null&&kaptchacode!=null&&!kaptchacode.equals(code)){ httprvletrequest.tattribute("shirologinfailure","codeerror"); return true; } return super.onaccessdenied(request, respon); }*/ //用户提交表单时候 创建的token @override protected authenticationtoken createtoken( rvletrequest request, rvletrespon respon) { httprvletrequest httprvletrequest = (httprvletrequest) request; string code = (string) httprvletrequest.getparameter("kaptcha"); string host = gethost(request); string urname = geturname(request); string password = getpassword(request); boolean rememberme = isrememberme(request); system.out.println("create token--------------code------>one "+code); return new urnamepasswordkaptchatoken(urname,password.tochararray(),rememberme,host,code); }}
自定义urnamepassword是为了接收前台发送过来的数据
package com.youxiong.shiro;import org.apache.shiro.authc.authenticationtoken;import org.apache.shiro.authc.urnamepasswordtoken;import java.io.rializable;public class urnamepasswordkaptchatoken extends urnamepasswordtoken { private static final long rialversionuid = 1l; private string kaptcha; public urnam泥人张pptepasswordkaptchatoken(){ super(); } public urnamepasswordkaptchatoken(string urname, char[] password, boolean rememberme, string host, string kaptcha) { super(urname, password, rememberme, host); this.kaptcha = kaptcha; } public string getkaptcha() { return kaptcha; } public void tkaptcha(string kaptcha) { this.kaptcha = kaptcha; }}
shiro配置
package com.youxiong.config;import com.google.code.kaptcha.rvlet.kaptcharvlet;import com.youxiong.dao.urreposisty;import com.youxiong.domain.permission;import com.youxiong.domain.role;import com.youxiong.domain.古朗月行urinfo;import com.youxiong.filter.formvalid;import com.youxiong.redis.jediscachemanager;import com.youxiong.redis.redisssiondao;import com.youxiong.redis.redisssionlistener;import com.youxiong.redis.redissionfactory;import com.youxiong.shiro.myshirorealm;import org.apache.shiro.authc.credential.hashedcredentialsmatcher;import org.apache.shiro.mgt.curitymanager;import org.apache.shiro.ssion.ssionlistener;import org.apache.shiro.ssion.mgt.ssionfactory;import org.apache.shiro.ssion.mgt.ssionmanager;import org.apache.shiro.ssion.mgt.eis.enterpricachessiondao;import org.apache.shiro.ssion.mgt.eis.ssiondao;import org.apache.shiro.spring.curity.interceptor.authorizationattributesourceadvisor;import org.apache.shiro.spring.web.shirofilterfactorybean;imp美丽的西双版纳ort org.apache.shiro.web.mgt.defaultwebcuritymanager;import org.apache.shiro.web.rvlet.simplecookie;import org.apache.shiro.web.ssion.mgt.defaultwebssionmanager;import org.springframework.beans.factory.annotation.autowired;import org.springframework.boot.web.rvlet.rvletregistrationbean;import org.springframework.context.annotation.bean;import org.springframework.context.annotation.configuration;import org.springframework.web.rvlet.handler.simplemappingexceptionresolver;import javax.rvlet.filter;import java.util.*;@configurationpublic class shiroconfig { @autowired private urreposisty urreposisty; @bean public shirofilterfactorybean createshirofilter(curitymanager curitymanager) { system.out.println("--------shirofilterfactorybean-------"); shirofilterfactorybean shirofilterfactorybean = new shirofilterfactorybean(); shirofilterfactorybean.tcuritymanager(curitymanager); map<string, filter> filtermap = new hashmap<>(); //map里面key值要为authc才能使用自定义的过滤器 filtermap.put("authc", formvalid()); // can go to login shirofilterfactorybean.tloginurl("/login.html"); //dologin success go to page shirofilterfactorybean.tsuccessurl("/success.html"); //do not unauthorized page shirofilterfactorybean.tunauthorizedurl("/403.html"); map<string, string> map = new linkedhashmap<string, string>(); //验证码的路径 不要跟下面需要认证的写在一个路径里 会被拦截的 map.put("/rvlet/**", "anon"); //需要把要授权的url 全部装到filterchain中去过滤 urinfo urinfo = urreposisty.findbyuid(1); for (role role : urinfo.getroles()) { for (permission permission : role.getpermissions()) { if (permission.geturl() != "") { string permissions = "perms[" + permission.getpermission() + "]"; map.put(permission.geturl(), permissions); } } } map.put("/ur*/*", "authc"); shirofilterfactorybean.tfilterchaindefinitionmap(map); shirofilterfactorybean.tfilters(filtermap); return shirofilterfactorybean; } //自己定义realm @bean public myshirorealm myshirorealm() { myshirorealm myshirorealm = new myshirorealm(); return myshirorealm; } @bean public curitymanager curitymanager() { defaultwebcuritymanager curitymanager = new defaultwebcuritymanager(); curitymanager.trealm(myshirorealm()); //缓存管理 curitymanager.tcachemanager(jediscachemanager()); //会话管理 curitymanager.tssionmanager(ssionmanager()); return curitymanager; } //密码盐 可以不必实现 因为一般密码可以自己定义自己的密码加密规则/* @bean public hashedcredentialsmatcher hashedcredentialsmatcher(){ hashedcredentialsmatcher hashedcredentialsmatcher = new hashedcredentialsmatcher(); hashedcredentialsmatcher.thashalgorithmname("md5"); hashedcredentialsmatcher.thashiterations(2); return hashedcredentialsmatcher; }*/ //开启aop注解 @bean public authorizationattributesourceadvisor authorizationattributesourceadvisor(curitymanager curitymanager) { authorizationattributesourceadvisor authorizationattributesourceadvisor = new authorizationattributesourceadvisor(); authorizationattributesourceadvisor.tcuritymanager(curitymanager); return authorizationattributesourceadvisor; } @bean(name = "simplemappingexceptionresolver") public simplemappingexceptionresolver createsimplemappingexceptionresolver() { simplemappingexceptionresolver r = new simplemappingexceptionresolver(); properties mappings = new properties(); mappings.tproperty("databaexception", "databaerror");//数据库异常处理 mappings.tproperty("unauthorizedexception", "403"); r.texceptionmappings(mappings); // none by default r.tdefaulterrorview("error"); // no default r.texceptionattribute("ex"); // default is "exception" //r.twarnlogcategory("example.mvclogger"); // no default return r; } //rvlet注册器 -----》验证码的路径 @bean public rvletregistrationbean rvletregistrationbean() { system.out.println("----验证码---"); return new rvletregistrationbean(new kaptcharvlet(), "/rvlet/kaptcha.jpg"); } //自定义过滤器 ---》里面实现了对验证码校验 @bean("myfilter") public formvalid formvalid() { return new formvalid(); } //jedis缓存 @bean public jediscachemanager jediscachemanager() { return new jediscachemanager(); } @bean public ssionmanager ssionmanager() { defaultwebssionmanager defaultwebssionmanager = new defaultwebssionmanager(); defaultwebssionmanager.tssionidcookie(simplecookie()); defaultwebssionmanager.tssiondao(ssiondao()); //可以设置shiro提供的会话管理机制 //defaultwebssionmanager.tssiondao(new enterpricachessiondao()); return defaultwebssionmanager; } //这里就是会话管理的操作类 @bean public ssiondao ssiondao() { return new redisssiondao(); } //这里需要设置一个cookie的名称 原因就是会跟原来的ssion的id值重复的 @bean public simplecookie simplecookie() { simplecookie simplecookie = new simplecookie("redisssion江苏高考排名"); return simplecookie; }}
#需要同时拥有order:add和order:query权限才可以访问/order-add = perms["order:add","order:query"]#只需要order:del权限就可以访问/order-del = perms["order:del"]
perms表示的就是权限控制,中括号中就是需要访问等号之前路径,需要的权限名称。如果在使用shiro过滤器的时候,不配置过滤器,就会使用默认的过滤器。
以下是默认权限过滤器的源码。
public class permissionsauthorizationfilter extends authorizationfilter { public permissionsauthorizationfilter() { } public boolean isaccessallowed(rvletrequest request, rvletrespon respon, object mappedvalue) throws ioexception { subject subject = this.getsubject(request, respon); string[] perms = (string[])mappedvalue; boolean ispermitted = true; if (perms != null && perms.length > 0) { if (perms.length == 1) { if (!subject.ispermitted(perms[0])) { ispermitted = fal; } } el if (!subject.ispermittedall(perms)) { ispermitted = fal; } } return ispermitted; }}
从上面的代码可以看出,我们的配置会默认被强转为string类型的字符串数组。当只有一个权限时,会直接判断有没有该权限; 当配置多个权限时,从下面的代码可以看出只用在请求url的用户拥有所有的权限时,才会返回true,否则就会被拒绝访问。
到此这篇关于springboot整合shiro与自定义过滤器的文章就介绍到这了,更多相关springboot整合shiro与自定义过滤器内容请搜索www.887551.com以前的文章或继续浏览下面的相关文章希望大家以后多多支持www.887551.com!
本文发布于:2023-04-04 10:33:06,感谢您对本站的认可!
本文链接:https://www.wtabcd.cn/fanwen/zuowen/9e76a6aebdbe863814fd552396fbb443.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文word下载地址:springboot整合shiro与自定义过滤器的全过程.doc
本文 PDF 下载地址:springboot整合shiro与自定义过滤器的全过程.pdf
留言与评论(共有 0 条评论) |