2019独角兽企业重金招聘Python工程师标准>>> 
核心类简介
xxxToken:用户凭证 xxxFilter:生产token,设置登录成功,登录失败处理方法,判断是否登录连接等 xxxRealm:依据配置的支持Token来认证用户信息,授权用户权限
核心配置
Shrio整体配置:ShrioConfig.java
@Beanpublic ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();shiroFilterFactoryBean.setSecurityManager(securityManager);Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();//将自定义 的FormAuthenticationFilter注入shiroFilter中filters.put("authc", new AuthenticationFilter());filters.put("wechat",new ExWechatAppFilter());shiroFilterFactoryBean.setFilters(filters);Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();...//建立url和filter之间的关系filterChainDefinitionMap.put("/wechat/**","wechat");filterChainDefinitionMap.put("/**", "authc");...shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);return shiroFilterFactoryBean;}@Beanpublic SecurityManager securityManager() {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();securityManager.setAuthenticator(exModularRealmAuthenticator());List<Realm> realms = new ArrayList<>();//设置多Realmrealms.add(systemRealm());realms.add(wechatAppRealm());securityManager.setRealms(realms);securityManager.setCacheManager(ehCacheManager());securityManager.setRememberMeManager(cookieRememberMeManager());return securityManager;}//重要!!定义token与Realm关系,设置认证策略public MyModularRealmAuthenticator myModularRealmAuthenticator(){MyModularRealmAuthenticator authenticator = new MyModularRealmAuthenticator();FirstSuccessfulStrategy strategy = new FirstSuccessfulStrategy();authenticator.setAuthenticationStrategy(strategy);return authenticator;}@Beanpublic SystemRealm systemRealm() {SystemRealm systemRealm = new SystemRealm();systemRealm.setAuthorizationCachingEnabled(true);systemRealm.setAuthorizationCacheName("authorization");systemRealm.setCredentialsMatcher(hashedCredentialsMatcher());return systemRealm;}@Beanpublic WechatAppRealm WechatAppRealm(){WechatAppRealm wechatAppRealm = new WechatAppRealm();wechatAppRealm.setAuthorizationCachingEnabled(false);return WechatAppRealm;}
Realm,Token关联关系配置:MyModularRealmAuthenticator.java
public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {@Overrideprotected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {assertRealmsConfigured();
//依据Realm中配置的支持Token来进行过滤List<Realm> realms = this.getRealms().stream().filter(realm -> realm.supports(authenticationToken)).collect(Collectors.toList());if (realms.size() == 1) {return doSingleRealmAuthentication(realms.get(0), authenticationToken);} else {return doMultiRealmAuthentication(realms, authenticationToken);}}}
认证授权配置:Realm.java
public class SystemRealm extends AuthorizingRealm {... @Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {//重要!!多realm每个都会执行授权相关信息,此处进行过滤if(principals.fromRealm(getName()).isEmpty()){return null;}//授权代码...return authorizationInfo;}/*** 主要是用来进行身份认证的*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)throws AuthenticationException {//生产AuthenticationInfo代码...//校验的部分由配置的credentialsMatcher进行处理return authenticationInfo;}/*** 扩展认证token** @param authenticationToken* @return boolean* @author mjm* @date 2018/7/3 12:32*/@Overridepublic boolean supports(AuthenticationToken authenticationToken) {//设置此Realm支持的Tokenreturn authenticationToken != null && (authenticationToken instanceof UsernamePasswordToken );}
}
过滤器配置:AuthenticationFilter.java
基础的过滤器类型:官网中默认有很多已实现的过滤器,可依据需求扩展
public class AuthenticationFilter extends FormAuthenticationFilter {..../*** 创建令牌** @param servletRequest ServletRequest* @param servletResponse ServletResponse* @return 令牌*/@Overrideprotected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {//依据request中不同的参数创建不同的token...return new xxxToken(...);}....
}
参考资料
http://shiro.apache.org/realm.html#Realm-Supporting{{AuthenticationTokens}}
