[TOC] ## 1. pom 在認證、授權內部實現機制中都有提到，最終處理都將交給Real進行處理。因為在Shiro中，最終是通過Realm來獲取應用程序中的用戶、角色及權限信息的。通常情況下，在Realm中會直接從我們的數據源中獲取Shiro需要的驗證信息。可以說，Realm是專用于安全框架的DAO. ~~~ <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.us</groupId> <artifactId>shiro</artifactId> <version>1.0-SNAPSHOT</version> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.9.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <!--shiro相關--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.5</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.2.5</version> </dependency> <!--log4j12--> <dependency> <groupId>org.apache.kafka</groupId> <artifactId>kafka_2.11</artifactId> <version>0.10.1.0</version> <exclusions> <exclusion> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> </exclusion> </exclusions> </dependency> <!--db--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>6.0.5</version> </dependency> <!--mybatis--> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>1.3.1</version> </dependency> <!-- beetl --> <dependency> <groupId>com.ibeetl</groupId> <artifactId>beetl</artifactId> <version>2.7.0</version> </dependency> <!-- druid --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid-spring-boot-starter</artifactId> <version>1.1.2</version> </dependency> </dependencies> </project> ~~~ ## 2. application.yml ~~~ server: port: 8080 address: 0.0.0.0 session: timeout: 28800 ################################################# 數據庫訪問配置 # 主數據源，默認的 spring: datasource: type: com.alibaba.druid.pool.DruidDataSource driver-class-name: com.mysql.jdbc.Driver url: jdbc:mysql://192.168.56.130:3306/test?useUnicode=true&characterEncoding=utf8&autoReconnect=true username: root password: tuna druid: initialSize: 2 minIdle: 2 maxActive: 30 WebStatFilter: exclusions: '*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*' ################################################## mybatis # 駝峰標志屬性與數據庫字段自動屬性映射 mybatis-plus: configuration: mapUnderscoreToCamelCase: true ~~~ ~~~ @ComponentScan(basePackages ={"com.us"}) @SpringBootApplication public class Application { public static void main(String[] args) { ConfigurableApplicationContext run = run(Application.class, args); } } ~~~ ## 3. Application ~~~ @ComponentScan(basePackages ={"com.us"}) @SpringBootApplication public class Application { public static void main(String[] args) { ConfigurableApplicationContext run = run(Application.class, args); } } ~~~ ## 4. mybatis 配置 ~~~ @Configuration @MapperScan("com.us") public class MyBatisConfig { } ~~~ ## 5. shiro ~~~ @Configuration public class ShiroConfiguration { /** * LifecycleBeanPostProcessor，這是個DestructionAwareBeanPostProcessor的子類， * 負責org.apache.shiro.util.Initializable類型bean的生命周期的，初始化和銷毀。 * 主要是AuthorizingRealm類的子類，以及EhCacheManager類。 */ @Bean(name = "lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } /** * HashedCredentialsMatcher，這個類是為了對密碼進行編碼的， * 防止密碼在數據庫里明碼保存，當然在登陸認證的時候， * 這個類也負責對form里輸入的密碼進行編碼。 */ @Bean(name = "hashedCredentialsMatcher") public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName("MD5"); credentialsMatcher.setHashIterations(2); credentialsMatcher.setStoredCredentialsHexEncoded(true); return credentialsMatcher; } /** * ShiroRealm，這是個自定義的認證類，繼承自AuthorizingRealm， * 負責用戶的認證和權限的處理，可以參考JdbcRealm的實現。 */ @Bean(name = "shiroRealm") @DependsOn("lifecycleBeanPostProcessor") public ShiroRealm shiroRealm() { ShiroRealm realm = new ShiroRealm(); // realm.setCredentialsMatcher(hashedCredentialsMatcher()); return realm; } // /** // * EhCacheManager，緩存管理，用戶登陸成功后，把用戶信息和權限信息緩存起來， // * 然后每次用戶請求時，放入用戶的session中，如果不設置這個bean，每個請求都會查詢一次數據庫。 // */ // @Bean(name = "ehCacheManager") // @DependsOn("lifecycleBeanPostProcessor") // public EhCacheManager ehCacheManager() { // return new EhCacheManager(); // } /** * SecurityManager，權限管理，這個類組合了登陸，登出，權限，session的處理，是個比較重要的類。 * // */ @Bean(name = "securityManager") public DefaultWebSecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroRealm()); // securityManager.setCacheManager(ehCacheManager()); return securityManager; } /** * ShiroFilterFactoryBean，是個factorybean，為了生成ShiroFilter。 * 它主要保持了三項數據，securityManager，filters，filterChainDefinitionManager。 */ @Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilterFactoryBean() { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager()); Map<String, Filter> filters = new LinkedHashMap<String, Filter>(); LogoutFilter logoutFilter = new LogoutFilter(); logoutFilter.setRedirectUrl("/login"); // filters.put("logout",null); shiroFilterFactoryBean.setFilters(filters); Map<String, String> filterChainDefinitionManager = new LinkedHashMap<String, String>(); filterChainDefinitionManager.put("/logout", "logout"); filterChainDefinitionManager.put("/user/**", "authc,roles[ROLE_USER]"); filterChainDefinitionManager.put("/events/**", "authc,roles[ROLE_ADMIN]"); // filterChainDefinitionManager.put("/user/edit/**", "authc,perms[user:edit]");// 這里為了測試，固定寫死的值，也可以從數據庫或其他配置中讀取 filterChainDefinitionManager.put("/**", "anon"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionManager); shiroFilterFactoryBean.setSuccessUrl("/"); shiroFilterFactoryBean.setUnauthorizedUrl("/403"); return shiroFilterFactoryBean; } /** * DefaultAdvisorAutoProxyCreator，Spring的一個bean，由Advisor決定對哪些類的方法進行AOP代理。 */ @Bean @ConditionalOnMissingBean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator(); defaultAAP.setProxyTargetClass(true); return defaultAAP; } /** * AuthorizationAttributeSourceAdvisor，shiro里實現的Advisor類， * 內部使用AopAllianceAnnotationsAuthorizingMethodInterceptor來攔截用以下注解的方法。 */ @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor aASA = new AuthorizationAttributeSourceAdvisor(); aASA.setSecurityManager(securityManager()); return aASA; } } ~~~ ## 6. beetl ~~~ package com.us.config; import org.beetl.core.resource.ClasspathResourceLoader; import org.beetl.ext.spring.BeetlGroupUtilConfiguration; import org.beetl.ext.spring.BeetlSpringViewResolver; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; import java.util.Properties; @Configuration public class BeetlTplConfig { @Bean(initMethod = "init", name = "beetlConfig") public BeetlGroupUtilConfiguration getBeetlGroupUtilConfiguration() { BeetlGroupUtilConfiguration beetlGroupUtilConfiguration = new BeetlGroupUtilConfiguration(); ClasspathResourceLoader classpathResourceLoader = new ClasspathResourceLoader(); beetlGroupUtilConfiguration.setResourceLoader(classpathResourceLoader); Properties beetlConfigProperties = new Properties(); //是否檢測文件變化,開發用true合適，但線上要改為false beetlConfigProperties.setProperty("RESOURCE.autoCheck","true"); //自定義標簽文件Root目錄和后綴 beetlConfigProperties.setProperty("RESOURCE.tagRoot","templates/tags"); beetlConfigProperties.setProperty("RESOURCE.tagSuffix","tag"); beetlGroupUtilConfiguration.setConfigProperties(beetlConfigProperties); return beetlGroupUtilConfiguration; } @Bean(name = "beetlViewResolver") public BeetlSpringViewResolver getBeetlSpringViewResolver(@Qualifier("beetlConfig") BeetlGroupUtilConfiguration beetlGroupUtilConfiguration) { BeetlSpringViewResolver beetlSpringViewResolver = new BeetlSpringViewResolver(); beetlSpringViewResolver.setPrefix("/template/"); beetlSpringViewResolver.setSuffix(".html"); beetlSpringViewResolver.setContentType("text/html;charset=UTF-8"); beetlSpringViewResolver.setOrder(0); beetlSpringViewResolver.setConfig(beetlGroupUtilConfiguration); return beetlSpringViewResolver; } } ~~~