spring boot+mybatis+shiro对url动态受权,同一帐号登陆,踢出最先登陆(一)
老规矩开始以前的两问:干什么,为何这么干css
场景:html
根本问题:任何多用户的系统都存在身份鉴权。简单来讲,不一样用户在同一个系统有不一样的操做,那么系统必然要识别用户。前端
产生问题:身份识别以后,对于一个系统来讲,就能够进行正常使用,可是这个时候任何人均可以得到系统的信息,这就产生了受权。git
为何使用shiro?web
shiro是一款专门用来身份识别与受权的框架spring
shiro能干什么?sql
进行身份识别和受权数据库
开始:apache
1:pom.xml 引入相关包session
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.2</version>
</dependency>
2:首先是身份识别的问题,通常的咱们都是经过输入的用户名和密码去数据库进行比对
那么对于shiro来讲,咱们只须要准备前端传的参数和数据库的参数,shiro就会为咱们自动比对
(1)前端数据:
<from> <input name="username"/> <input name="password"> <input type="submit"> </from>
(2) 数据库
CREATE TABLE `fsp_user` (
`UUID` varchar(50) NOT NULL,
`F_NICKNAME` varchar(100) DEFAULT NULL,
`F_PASSWORD` varchar(100) DEFAULT NULL,
PRIMARY KEY (`UUID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO
`fsp_user`
VALUES
('90feec5c-67bd-4fb2-b360-8b0387c4c009',
'admin',
'87632a5ef1d47286da9c1361717a1312');
(3)登陆比对
这一步是由shiro来完成,shiro须要知道咱们的 输入参数和数据库的数据
在此以前shiro须要初始化
shiro的中心管理器是SecurityManager,那么第一步就是要配置SecurityManager
@Bean
public SecurityManager securityManager() {
//new 一个DefaultWebSecurityManager
DefaultSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
//realm 就是从数据库取出数据比对登陆
defaultSecurityManager.setRealm(myShiroRealm());
//session管理器
defaultSecurityManager.setSessionManager(sessionManager());
//cache管理器
defaultSecurityManager.setCacheManager(cacheManager());
//咱们须要对密码进行加密 使用md5,加密10次
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher("md5");
hashedCredentialsMatcher.setHashIterations(10);
myShiroRealm().setCredentialsMatcher(hashedCredentialsMatcher);
SecurityUtils.setSecurityManager(defaultSecurityManager);
return defaultSecurityManager;
}
@Bean
//session 管理器
public DefaultWebSessionManager sessionManager(){
DefaultWebSessionManager defaultWebSessionManager = new DefaultWebSessionManager();
SimpleCookie simpleCookie= new SimpleCookie();
simpleCookie.setName("jeesite.session.id");
defaultWebSessionManager.setSessionIdCookie(simpleCookie);
defaultWebSessionManager.setSessionDAO(sessionDAO());
return defaultWebSessionManager;
}
//session的增删改查操做
@Bean
public MemorySessionDAO sessionDAO(){
return new MemorySessionDAO();
}
//cache管理器
@Bean
public CacheManager cacheManager(){
return new EhCacheManager();
}
@Bean
//取出数据库的数据 这个是咱们自定义的
public UserRealm myShiroRealm(){
return new UserRealm();
}
//咱们定义的数据源集成自AuthorizingRealm
public class UserRealm extends AuthorizingRealm {
private Logger logger = LoggerFactory.getLogger(AuthorizingRealm.class);
//数据库fsp_user 表对应的mybatis mapper接口
@Autowired
private FspUserDao fspUserDao;
//受权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
return authorizationInfo;
}
//登陆
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1,得到前端传值
String username = (String) authenticationToken.getPrincipal();
//去数据库查询
FspUser user = fspUserDao.isSelect("F_IPONE",username);
if (user == null) {
//没找到账号
throw new UnknownAccountException();
}
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, user.getF_PASSWORD(), "");
//盐
authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("GGZEServer"));
user.setF_PASSWORD("");
//将用户信息放入session中
SecurityUtils.getSubject().getSession().setTimeout(-5000);
SecurityUtils.getSubject().getSession().setAttribute("FSPUSER", user);
return authenticationInfo;
}
/*//加密
public static void main(String[] args){
Md5Hash md5Hash = new Md5Hash("123456","GGZEServer",10);
System.out.println(md5Hash.toString());
}*/
}
(4)配置完成后,咱们须要让全部的请求都是合法的,就必须进行登陆,记住登陆信息,每次的请求验证其合法性
咱们使用过滤器来过滤全部请求,
首先要使shiro认识咱们自定义的过滤器
@Bean
public AutoShiro shirFilter(SecurityManager securityManager, FspDataRecordDao fspDataRecordDao) {
System.out.println("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 过滤器链11
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
//key 为访问地址,value为权限。anao所有不过滤 authc为须要登陆 loingout为登出
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/login", "authc");
filterChainDefinitionMap.put("/img/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/loginout", "loginout");
shiroFilterFactoryBean.setSecurityManager(securityManager);
//登陆地址设置
shiroFilterFactoryBean.setLoginUrl("/vsp_8201574998956");
//成功地址设置
shiroFilterFactoryBean.setSuccessUrl("/vsp_8201574998957");
Map<String, Filter> filters = new LinkedHashMap<String, Filter>();
AuthFilter authFilter=new AuthFilter();
authFilter.setLoginUrl("/login");
authFilter.setUsernameParam("F_IPONE");
authFilter.setPasswordParam("F_PASSWORD");
authFilter.setUserClass(FspUser.class);
//设置过滤器名
filters.put("authc", authFilter);
//这里能够设置自定义的过滤器
//设置登出
LogoutFilter logoutFilter=new LogoutFilter();
filters.put("loginout",logoutFilter);
shiroFilterFactoryBean.setFilters(filters);
return shiroFilterFactoryBean;
}
按以上配置,shiro会认知shiro的过滤器,咱们来实现它的过滤器
public class AuthFilter extends FormAuthenticationFilter {
private Class<? extends FspUser> userClass;
private static final String REDIRECT_URL_PARAMETER_NAME = "redirectUrl";
//建立身份认证
@Override
protected org.apache.shiro.authc.AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
String username = getUsername(servletRequest);
String password = getPassword(servletRequest);
boolean rememberMe = isRememberMe(servletRequest);
String host = getHost(servletRequest);
return new UsernamePasswordToken(username, password, rememberMe, host);
}
/**
* 是否容许访问
*
* @param servletRequest ServletRequest
* @param servletResponse ServletResponse
* @param mappedValue 映射值
* @return 是否容许访问
*/
@Override
protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object mappedValue) {
Subject subject = getSubject(servletRequest, servletResponse);
Object principal = subject != null ? subject.getPrincipal() : null;
if (principal == null || !FspUser.class.isAssignableFrom(principal.getClass())) {
return false;
}
HttpServletRequest request=(HttpServletRequest) servletRequest;
if(request.getServletPath().indexOf("login")>=0&&request.getSession().getAttribute("FSPUSER")!=null){
HttpServletResponse response = (HttpServletResponse)servletResponse;
try {
response.sendRedirect("/shopc/vsp_8201574998957");
} catch (IOException e) {
e.printStackTrace();
}
}
return super.isAccessAllowed(servletRequest, servletResponse, mappedValue);
}
/**
* 拒绝访问处理
*
* @param servletRequest ServletRequest
* @param servletResponse ServletResponse
* @return 是否继续处理
*/
@Override
protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (isLoginRequest(request, response)) {
if (isLoginSubmission(request, response)) {
return executeLogin(request, response);
} else {
return true;
}
}
response.sendRedirect("/shopc/vsp_8201574998956");
return false;
}
/**
* 登陆成功处理
*
* @param authenticationToken 令牌
* @param subject Subject
* @param servletRequest ServletRequest
* @param servletResponse ServletResponse
* @return 是否继续处理
*/
@Override
protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
return super.onLoginSuccess(authenticationToken, subject, servletRequest, servletResponse);
}
/**
* 登陆失败处理
*
* @param authenticationToken 令牌
* @param authenticationException 认证异常
* @param servletRequest ServletRequest
* @param servletResponse ServletResponse
* @return 是否继续处理
*/
@Override
protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
return super.onLoginFailure(authenticationToken, authenticationException, servletRequest, servletResponse);
}
public Class<? extends FspUser> getUserClass() {
return userClass;
}
public void setUserClass(Class<? extends FspUser> userClass) {
this.userClass = userClass;
}
public static String getRedirectUrlParameterName() {
return REDIRECT_URL_PARAMETER_NAME;
}
当执行建立身份认证的时候return new UsernamePasswordToken(username, password, rememberMe, host);
会进去咱们自定义的Realm 登陆成功。
已上传码云:https://gitee.com/wervernice/shirotest
未完待续
相关文章
- 1. 登陆同一个帐号,把前一个帐号踢掉
- 2. 限制同一帐号多处登陆
- 3. spring security 登陆限制 防止同一用户重复登陆 同一个帐号登陆能够踢掉前一个用户 配置
- 4. qq受权登陆。微信受权登陆、微博受权登陆
- 5. GitHub受权登陆没法获取受权帐号信息
- 6. 第三方帐号登陆--QQ登陆,以及QQ微博帐号登陆
- 7. QQ受权登陆
- 8. OAuth2.0受权登陆
- 9. OAuth受权登陆
- 10. mysql受权帐户远程登陆
- 更多相关文章...
- • 一对一关联查询 - MyBatis教程
- • 登录MySQL数据库 - MySQL教程
- • RxJava操作符(一)Creating Observables
- • Kotlin学习(一)基本语法
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 跳槽面试的几个实用小技巧,不妨看看!
- 2. Mac实用技巧 |如何使用Mac系统中自带的预览工具将图片变成黑白色?
- 3. Mac实用技巧 |如何使用Mac系统中自带的预览工具将图片变成黑白色?
- 4. 如何使用Mac系统中自带的预览工具将图片变成黑白色?
- 5. Mac OS非兼容Windows软件运行解决方案——“以VMware & Microsoft Access为例“
- 6. 封装 pyinstaller -F -i b.ico excel.py
- 7. 数据库作业三ER图待完善
- 8. nvm安装使用低版本node.js(非命令安装)
- 9. 如何快速转换图片格式
- 10. 将表格内容分条转换为若干文档
欢迎关注本站公众号,获取更多信息
