服务器之家:专注于服务器技术及软件下载分享
分类导航

PHP教程|ASP.NET教程|JAVA教程|ASP教程|编程技术|正则表达式|

服务器之家 - 编程语言 - JAVA教程 - 解决springboot+shiro 权限拦截失效的问题

解决springboot+shiro 权限拦截失效的问题

2020-09-26 21:24风云雷动 JAVA教程

这篇文章主要介绍了解决springboot+shiro 权限拦截失效的问题,具有很好的参考价值,希望对大家有所帮助。一起跟随小编过来看看吧

最近因为项目需要,接触了shiro。新手入门

发现权限拦截失效,

一直以为是以为授权和DB的问题

研究了一个下午,终于发现了问题所在

解决springboot+shiro 权限拦截失效的问题

我的访问路径没有写前面的斜杠!!,而DB中的资源路径是可以省略的,崩溃了吧

但是问题来了,为什么在其他地方可以忽略掉前面的小斜杠呢?

经过几分钟的捣鼓发现,在springboot中,不论是thymeleaf的模板也好(我用的thymeleaf),还是后端代码也好,底层会自动补全这个斜杠

问题解决!!

补充知识:SpringBoot整合shiro的一个完整的小案例

SpringBoot整合配置版的shiro很简单,逻辑清

首先在pom.xml的配置如下,shiro使用缓存ehcache

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<dependency>
  <groupId>net.sf.ehcache</groupId>
  <artifactId>ehcache</artifactId>
  <version>2.10.4</version>
</dependency>
<!-- shiro spring. -->
<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-core</artifactId>
  <version>1.2.2</version>
</dependency>
<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-spring</artifactId>
  <version>1.2.2</version>
</dependency>
<!-- shiro ehcache -->
<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-ehcache</artifactId>
  <version>1.2.2</version>
</dependency>

接着配置shiro

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
@Configuration
public class ShiroConfig {
 
  @Bean
  public ShiroFilterFactoryBean shirFilter(DefaultWebSecurityManager securityManager) {
 
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    // 必须设置 SecurityManager
    shiroFilter.setSecurityManager(securityManager);
    // 拦截器
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
    // 设置login URL
    shiroFilter.setLoginUrl("/login");
    // 登录成功后要跳转的链接
    shiroFilter.setSuccessUrl("/main");
    filterChainDefinitionMap.put("/webjars/**", "anon");
    filterChainDefinitionMap.put("/druid/**", "anon");
    //静态资源的处理
    filterChainDefinitionMap.put("/js/**", "anon");
    filterChainDefinitionMap.put("/css/**", "anon");
    filterChainDefinitionMap.put("/asserts/**", "anon");
    filterChainDefinitionMap.put("/fonts/**", "anon");
    filterChainDefinitionMap.put("/images/**", "anon");
 
    // 退出系统的过滤器
    filterChainDefinitionMap.put("/logout", "logout");
    filterChainDefinitionMap.put("/login", "anon");
 
    filterChainDefinitionMap.put("/kaptcha", "anon");
 
    filterChainDefinitionMap.put("/**", "authc");
    shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilter;
  }
 
  @Bean
  public HashedCredentialsMatcher hashedCredentialsMatcher() {
    HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
    hashedCredentialsMatcher.setHashAlgorithmName("MD5");
    hashedCredentialsMatcher.setHashIterations(1024);
    return hashedCredentialsMatcher;
  }
 
  @Bean
  public ShiroRealm shiroRealm(HashedCredentialsMatcher hashedCredentialsMatcher) {
    ShiroRealm shiroRealm = new ShiroRealm();
    shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher);
    return shiroRealm;
  }
  //shiro使用缓存ehcachae
  @Bean
  public EhCacheManager ehCacheManager() {
    EhCacheManager ehCacheManager = new EhCacheManager();
    ehCacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
    return ehCacheManager;
 
  }
 
  @Bean("sessionManager")
  public SessionManager sessionManager(){
    DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
    sessionManager.setSessionValidationSchedulerEnabled(true);
    sessionManager.setSessionIdCookieEnabled(true);
    return sessionManager;
  }
 
  @Bean("securityManager")
  public DefaultWebSecurityManager securityManager(ShiroRealm shiroRealm, SessionManager sessionManager) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(shiroRealm);
    securityManager.setSessionManager(sessionManager);
 
    return securityManager;
  }
 
  @Bean("lifecycleBeanPostProcessor")
  public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
  }
 
  @Bean
  public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
    DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();
    proxyCreator.setProxyTargetClass(true);
    return proxyCreator;
  }
 
  @Bean
  public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
    AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
    advisor.setSecurityManager(securityManager);
    return advisor;
  }
}

在配置中提到的realm如下配置

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
public class ShiroRealm extends AuthorizingRealm {
  @Autowired
  private UserService userService;
 
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    // 取出表单用户名
    String username = upToken.getUsername();
    // 查询是否有该用户
    if (userService.getByName(username) == null) {
      throw new UnknownAccountException("用户不存在!");
    }
    // 靠用户名从数据库查询该用户的全部信息
    User user = userService.getByName(username);
    // 传入:用户名,加密后的密码,盐值,该realm的名字,加密算法和加密次数在已经在配置文件中指定
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, user.getPassword(),
        ByteSource.Util.bytes(username), getName());
    return info;
  }
 
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    // 1. 从 PrincipalCollection 中来获取登录用户的信息
    Object principal = principals.getPrimaryPrincipal();
    // 2. 利用登录的用户的信息来..当前用户的角色或权限(可能需要查询数据库)
    Set<String> roles = new HashSet<String>();
    roles.add("user");
    if ("admin".equals(principal)) {
      roles.add("admin");
    }
    // 3. 创建 SimpleAuthorizationInfo, 并设置其 reles 属性
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
    // 4. 返回 SimpleAuthorizationInfo 对象.
    return info;
  }
}

由于我做的平台只有一个管理员就不写注册了,这时手动算出一个admin用户的密码

?
1
2
3
4
5
public static void main(String[] args) {
 
  Object result = new SimpleHash("MD5","123456",ByteSource.Util.bytes("admin"),1024);
  System.out.println(result);
}

最后写登录的Controller

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
@Controller
public class LoginController {
  // 处理登录逻辑
  @PostMapping("/login")
  public String login(String username, String password, String kaptcha, HttpSession session,
      Map<String, Object> map) {
    Subject currentUser = SecurityUtils.getSubject();
    if (!currentUser.isAuthenticated()) {
      // 把用户名和密码封装为 UsernamePasswordToken 对象
      UsernamePasswordToken token = new UsernamePasswordToken(username, password);
      // 设置为rememberme
      token.setRememberMe(true);
      try {
        // 执行登录.
        currentUser.login(token);
      }
      // 所有认证时异常的父类
      catch (AuthenticationException ae) {
        map.put("password", "输入的用户名或密码错误");
        log.info("登录失败: " + ae.getMessage());
        return "login";
      }
    }
    if (!session.getAttribute("code").equals(kaptcha)) {
      map.put("kaptcha", "输入的验证码错误");
      return "login";
    }
 
    session.setAttribute("loginUser", "user");
    return "main";
  }
}

以上这篇解决springboot+shiro 权限拦截失效的问题就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持服务器之家。

原文链接:https://blog.csdn.net/qq_41247335/article/details/105319266

延伸 · 阅读

精彩推荐