## springboot + shiro +redis ## 引入外部資源(maven) ``` <!-- shiro-spring --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.1</version> </dependency> <!-- shiro-core --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.1</version> </dependency> <!-- shiro-redis --> <dependency> <groupId>org.crazycake</groupId> <artifactId>shiro-redis</artifactId> <version>3.2.3</version> </dependency> ``` ## 創建ShiroConfiguration.java （Shiro配置的主體） ``` import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.crazycake.shiro.RedisCacheManager; import org.crazycake.shiro.RedisManager; import org.crazycake.shiro.RedisSessionDAO; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfiguration { private final static Logger logger = LoggerFactory.getLogger(ShiroConfiguration.class); // 下面兩個方法對 注解權限起作用有很大的關系，請把這兩個方法，放在配置的最上面 @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator autoProxyCreator = new DefaultAdvisorAutoProxyCreator(); autoProxyCreator.setProxyTargetClass(true); return autoProxyCreator; } //將自己的驗證方式加入容器 @Bean public UserRealm myRealm() { UserRealm myRealm = new UserRealm(); return myRealm; } // 配置sessionDAO @Bean(name = "redisSessionDAO") public RedisSessionDAO getRedisSessionDAO(){ RedisSessionDAO redisSessionDAO = new RedisSessionDAO(); redisSessionDAO.setRedisManager(redisManager()); return redisSessionDAO; } //配置shiro session 的一個管理器 @Bean(name = "sessionManager") public DefaultWebSessionManager getDefaultWebSessionManager(){ DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setSessionDAO(getRedisSessionDAO()); // 設置session過期時間 sessionManager.setGlobalSessionTimeout(3600000L); //刪除過期的session sessionManager.setDeleteInvalidSessions(true); //定期檢查失效的session sessionManager.setSessionValidationSchedulerEnabled(true); //設置檢查的間隔時間 sessionManager.setSessionValidationInterval(10000); //所有的sessionid存入到cookie中 sessionManager.setSessionIdCookie(simpleCookie()); //定義sessionid 的cookie模板可以進行操作 sessionManager.setSessionIdCookieEnabled(true); return sessionManager; } //cacheManaganer @Bean("cacheManager") public RedisCacheManager redisCacheManager(){ RedisCacheManager redisCacheManager = new RedisCacheManager(); redisCacheManager.setRedisManager(redisManager()); return redisCacheManager; } /** * cookie模板 * @return */ @Bean(name = "simpleCookie") public SimpleCookie simpleCookie(){ SimpleCookie simpleCookie = new SimpleCookie("daf.session.session.id");☆1 simpleCookie.setPath("/"); simpleCookie.setHttpOnly(true); simpleCookie.setMaxAge(-1); return simpleCookie; } @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager() { DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager(); defaultWebSecurityManager.setRealm( myRealm() ); // 將sessionDAO放進來 defaultWebSecurityManager.setSessionManager( getDefaultWebSessionManager() ); return defaultWebSecurityManager; } @Bean public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor( DefaultWebSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } //Filter工廠，設置對應的過濾條件和跳轉條件 @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager ) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); //攔截器. Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>(); // 配置不會被攔截的鏈接 順序判斷 filterChainDefinitionMap.put("/static/**", "anon"); filterChainDefinitionMap.put("/assets/**", "anon"); filterChainDefinitionMap.put("/page/**", "anon"); filterChainDefinitionMap.put("/register.html", "anon"); filterChainDefinitionMap.put("/register", "anon"); filterChainDefinitionMap.put("/login.html", "anon"); filterChainDefinitionMap.put("/checkPhone", "anon"); filterChainDefinitionMap.put("/sendCode", "anon"); filterChainDefinitionMap.put("/login", "anon"); //配置退出 過濾器,其中的具體的退出代碼Shiro已經替我們實現了 filterChainDefinitionMap.put("/logout", "logout"); //<!-- 過濾鏈定義，從上向下順序執行，一般將/**放在最為下邊 -->:這是一個坑呢，一不小心代碼就不好使了; //<!-- authc:所有url都必須認證通過才可以訪問; anon:所有url都都可以匿名訪問--> filterChainDefinitionMap.put("/**", "authc"); // 如果不設置默認會自動尋找Web工程根目錄下的"/login.jsp"頁面 shiroFilterFactoryBean.setLoginUrl("/login.html"); // 登錄成功后要跳轉的鏈接 shiroFilterFactoryBean.setSuccessUrl("http://127.0.0.1:8082"); //未授權界面; shiroFilterFactoryBean.setUnauthorizedUrl("/403.html"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } /** * redis session 管理器 * @return */ @Bean(name = "redisManager") public RedisManager redisManager(){ RedisManager redisManager= new RedisManager(); redisManager.setHost("127.0.0.1:6379"); redisManager.setDatabase(0); return redisManager; } } ``` 如果是有子域名的項目可以在simpleCookie方法中添加： ``` simpleCookie.setDomain(".xxxx.com"); ``` **☆1：構造內可以自定義cookie名稱** ## 創建Realm進行登陸驗證和權限認證（主體配置中的myRealm方法） ``` import com.vshu.entity.pojo.auth.User; import com.google.common.collect.Maps; import com.vshu.service.auth.user.UserService; import org.apache.dubbo.config.annotation.Reference; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import java.util.Map; public class UserRealm extends AuthorizingRealm { @Autowired private UserService userService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { User user = (User) SecurityUtils.getSubject().getPrincipal(); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); return authorizationInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String username = (String) authenticationToken.getPrincipal(); Map<String,String> map = Maps.newConcurrentMap(); map.put("phone",username); User user = userService.findByUserPhone(map); if (user == null) { throw new UnknownAccountException(); // 賬號不存在 } if (user.getEnable() == 0) { throw new LockedAccountException(); // 賬號被鎖定 } SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getPhone()), getName()); return authenticationInfo; } } ``` ##配置完成