Spring Boot -Shiro配置多Realm

简介: 核心类简介xxxToken:用户凭证xxxFilter:生产token,设置登录成功,登录失败处理方法,判断是否登录连接等xxxRealm:依据配置的支持Token来认证用户信息,授权用户权限核心配置Shrio整体配置:ShrioConfig.

核心类简介

xxxToken:用户凭证
xxxFilter:生产token,设置登录成功,登录失败处理方法,判断是否登录连接等
xxxRealm:依据配置的支持Token来认证用户信息,授权用户权限

核心配置

Shrio整体配置:ShrioConfig.java

 @Bean
 public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
  ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
  shiroFilterFactoryBean.setSecurityManager(securityManager);

  Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
  //将自定义 的FormAuthenticationFilter注入shiroFilter中
  filters.put("authc", new AuthenticationFilter());
  filters.put("wechat",new ExWechatAppFilter());
  shiroFilterFactoryBean.setFilters(filters);
  
  Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
  ...
  //建立url和filter之间的关系
  filterChainDefinitionMap.put("/wechat/**","wechat");
  filterChainDefinitionMap.put("/**", "authc");
  ...
  shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
  return shiroFilterFactoryBean;
 }


 @Bean
 public SecurityManager securityManager() {
  DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
  securityManager.setAuthenticator(exModularRealmAuthenticator());
  List<Realm> realms = new ArrayList<>();
  //设置多Realm
  realms.add(systemRealm());
  realms.add(wechatAppRealm());
  securityManager.setRealms(realms);
  securityManager.setCacheManager(ehCacheManager());
  securityManager.setRememberMeManager(cookieRememberMeManager());
  return securityManager;
 }
 //重要!!定义token与Realm关系,设置认证策略
 public MyModularRealmAuthenticator myModularRealmAuthenticator(){
  MyModularRealmAuthenticator authenticator = new MyModularRealmAuthenticator();
  FirstSuccessfulStrategy strategy = new FirstSuccessfulStrategy();
  authenticator.setAuthenticationStrategy(strategy);
  return authenticator;
 }
    
    
 @Bean
 public SystemRealm systemRealm() {
  SystemRealm systemRealm = new SystemRealm();
  systemRealm.setAuthorizationCachingEnabled(true);
  systemRealm.setAuthorizationCacheName("authorization");
  systemRealm.setCredentialsMatcher(hashedCredentialsMatcher());
  return systemRealm;
 }

 @Bean
 public WechatAppRealm WechatAppRealm(){
  WechatAppRealm wechatAppRealm = new WechatAppRealm();
  wechatAppRealm.setAuthorizationCachingEnabled(false);
  return WechatAppRealm;
 }

Realm,Token关联关系配置:MyModularRealmAuthenticator.java

public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
 @Override
 protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
  assertRealmsConfigured();
//依据Realm中配置的支持Token来进行过滤
  List<Realm> realms = this.getRealms()
   .stream()
   .filter(realm -> realm.supports(authenticationToken))
   .collect(Collectors.toList());
    if (realms.size() == 1) {
   return doSingleRealmAuthentication(realms.get(0), authenticationToken);
  } else {
   return doMultiRealmAuthentication(realms, authenticationToken);
  }
 }
    
}

认证授权配置:Realm.java

public class SystemRealm extends AuthorizingRealm {
 ... 

 @Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
  //重要!!多realm每个都会执行授权相关信息,此处进行过滤
  if(principals.fromRealm(getName()).isEmpty()){
   return null;
  }
  //授权代码...
  return authorizationInfo;
 }

 /**
  * 主要是用来进行身份认证的
  */
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
   throws AuthenticationException {
  //生产AuthenticationInfo代码...
 //校验的部分由配置的credentialsMatcher进行处理
  return authenticationInfo;
 }
 /**
  * 扩展认证token
  *
  * @param authenticationToken
  * @return boolean
  * @author mjm
  * @date 2018/7/3 12:32
  */
 @Override
 public boolean supports(AuthenticationToken authenticationToken) {
  //设置此Realm支持的Token
  return authenticationToken != null && (authenticationToken instanceof UsernamePasswordToken );
 }
}

过滤器配置:AuthenticationFilter.java

基础的过滤器类型:官网中默认有很多已实现的过滤器,可依据需求扩展

public class AuthenticationFilter extends FormAuthenticationFilter {
 ....
 /**
  * 创建令牌
  *
  * @param servletRequest ServletRequest
  * @param servletResponse ServletResponse
  * @return 令牌
  */
 @Override
 protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
  //依据request中不同的参数创建不同的token...
  return new xxxToken(...);
 }

 ....
}

参考资料

http://shiro.apache.org/realm.html#Realm-Supporting%7B%7BAuthenticationTokens%7D%7D

目录
相关文章
|
4天前
|
Java Spring
[Spring]aop的配置与使用
[Spring]aop的配置与使用
26 0
[Spring]aop的配置与使用
|
21天前
|
安全 Java Maven
后端进阶之路——深入理解Spring Security配置(二)
后端进阶之路——深入理解Spring Security配置(二)
|
17天前
|
安全 Java 数据库
【SpringSecurity】Spring Security 和Shiro对比
【SpringSecurity】Spring Security 和Shiro对比
33 0
|
1天前
|
缓存 Java Maven
Spring Boot自动配置原理
Spring Boot自动配置原理
11 0
|
3天前
|
XML 监控 druid
【Java专题_02】springboot+mybatis+pagehelper分页插件+druid数据源详细教程
【Java专题_02】springboot+mybatis+pagehelper分页插件+druid数据源详细教程
19 0
|
3天前
|
开发框架 安全 Java
【Java专题_01】springboot+Shiro+Jwt整合方案
【Java专题_01】springboot+Shiro+Jwt整合方案
23 0
|
3天前
|
Java 关系型数据库 MySQL
Shiro实战+springboot集成
Shiro实战+springboot集成
8 0
|
3天前
|
数据安全/隐私保护
spring-boot-starter-data-elasticsearch es带x-pack后台配置
spring-boot-starter-data-elasticsearch es带x-pack后台配置
11 0
|
17天前
|
前端开发 Java 关系型数据库
【Shiro】Springboot集成Shiro
【Shiro】Springboot集成Shiro
51 1
|
18天前
|
XML Java 数据格式
Spring Beans的魔法门:解密多种配置方式【beans 四】
Spring Beans的魔法门:解密多种配置方式【beans 四】
46 0

热门文章

最新文章