SpringBoot 集成 Shiro：使用Shiro的角色管理

Posted 2021-01-04 Stark_Tan

　　Shiro的角色管理，可以根据　　

 

添加Role实体类，修改User类，修改数据源

@Getter
@Setter
@AllArgsConstructor
public class Role implements Serializable {
    private String name;
}

Role.java

@Getter
@Setter
public class User implements Serializable {
    private String id;
    private String username;
    private String password;
    private String salt;
    private Set<Role> roles;
    public User(String username, String password) {
        this.id = UUID.randomUUID().toString().replace("-", "");
        this.username = username;
        this.salt = getId().substring(0, 6);
        this.password = new Sha512Hash(password, getSalt()).toString();
        this.roles = new HashSet<>();
    }
}

User.java

static {
    userMap.put("user", new User("user", "123456"));
    userMap.put("admin", new User("admin", "123456"));
    Role userRole = new Role("user");
    Role adminRole = new Role("admin");
    userMap.get("user").getRoles().add(userRole);
    userMap.get("admin").getRoles().add(userRole);
    userMap.get("admin").getRoles().add(adminRole);
}

UserService.java

增加、修改页面用于测试功能

<!—403.html-->
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>403</title>
</head>
<body>
没有权限 <a href="/index">返回首页</a>
</body>
</html>

403.html

<!—admin.html-->
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.w3.org/1999/xhtml">
<head>
    <meta charset="UTF-8">
    <title>管理界面</title>
</head>
<body>
<p th:text="${user.username}+‘ 管理员您好‘"></p>
<a href="/index">返回首页</a>
</body>
</html>

admin.html

<!—index.html-->
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>welcome</title>
</head>
<body>
欢迎登录网页
<a href="/user">个人主页</a>
<a href="/admin">用户管理</a>
<a href="/logout">退出登录</a>
</body>
</html>

index.htm

<!—user.html-->
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.w3.org/1999/xhtml">
<head>
    <meta charset="UTF-8">
    <title>个人页面</title>
</head>
<body>
<p th:text="${user.username}+‘ 用户您好‘"></p>
<a href="/index">返回首页</a>
</body>
</html>

user.html

修改Controller

@RequestMapping(value = {"/user"}, method = RequestMethod.GET)
public String user(Model model) {
    User user = (User) ShiroUtils.getSubject().getPrincipal();
    model.addAttribute("user", user);
    return "user";
}
@RequestMapping(value = {"/admin"}, method = RequestMethod.GET)
public String admin(Model model) {
    User user = (User) ShiroUtils.getSubject().getPrincipal();
    model.addAttribute("user", user);
    return "admin";
}
@RequestMapping(value = {"/403"}, method = RequestMethod.GET)
public String noAuth(Model model) {
    return "403";
}

HomeController

在MyRealm的doGetAuthorizationInfo 中将用户的角色配置到AuthorizationInfo 中返回

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    User user = (User) principalCollection.getPrimaryPrincipal();
    for (Role role : user.getRoles()) {
        info.addRole(role.getName());
    }
    return info;
}

MyRealm.java

修改Shiro拦截器配置

//角色拦截
filterChainDefinitionMap.put("/user", "authc,roles[user]");
filterChainDefinitionMap.put("/admin", "authc,roles[user,admin]");
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/403");

分别登录使用user、admin用户访问/admin 和/user 可以发现user 没有权限访问/admin

 

源码地址：https://github.com/StarkTan/SpringBootShiro