{"id":2031,"date":"2023-04-01T20:28:58","date_gmt":"2023-04-01T12:28:58","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=2031"},"modified":"2023-04-07T06:13:33","modified_gmt":"2023-04-06T22:13:33","slug":"spring-boot-integrates-shiro-login-authentication-and-permission-management","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/04\/01\/spring-boot-integrates-shiro-login-authentication-and-permission-management\/","title":{"rendered":"Spring Boot\u6574\u5408Shiro\u767b\u5f55\u8ba4\u8bc1\u548c\u6743\u9650\u7ba1\u7406"},"content":{"rendered":"<h2>Shiro\u7b80\u4ecb<\/h2>\n<p>Apache Shiro\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u3001\u7075\u6d3b\u7684\uff0c\u5f00\u6e90\u7684\u5b89\u5168\u6846\u67b6\u3002\u5b83\u53ef\u4ee5\u5e72\u51c0\u5229\u843d\u5730\u5904\u7406\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u3001\u4f01\u4e1a\u4f1a\u8bdd\u7ba1\u7406\u548c\u52a0\u5bc6\u3002<\/p>\n<p><!-- more --><\/p>\n<p>Authentication\uff08\u8ba4\u8bc1\uff09, Authorization\uff08\u6388\u6743\uff09, Session Management\uff08\u4f1a\u8bdd\u7ba1\u7406\uff09, Cryptography\uff08\u52a0\u5bc6\uff09\u88ab Shiro \u6846\u67b6\u7684\u5f00\u53d1\u56e2\u961f\u79f0\u4e4b\u4e3a\u5e94\u7528\u5b89\u5168\u7684\u56db\u5927\u57fa\u77f3\u3002<\/p>\n<ul>\n<li><code>Authentication\uff08\u8ba4\u8bc1\uff09<\/code>\uff1a\u7528\u6237\u8eab\u4efd\u8bc6\u522b\uff0c\u901a\u5e38\u88ab\u79f0\u4e3a\u7528\u6237\u201c\u767b\u5f55\u201d<\/li>\n<li><code>Authorization\uff08\u6388\u6743\uff09<\/code>\uff1a\u8bbf\u95ee\u63a7\u5236\u3002\u6bd4\u5982\u67d0\u4e2a\u7528\u6237\u662f\u5426\u5177\u6709\u67d0\u4e2a\u64cd\u4f5c\u7684\u4f7f\u7528\u6743\u9650<\/li>\n<li><code>Session Management\uff08\u4f1a\u8bdd\u7ba1\u7406\uff09<\/code>\uff1a\u7279\u5b9a\u4e8e\u7528\u6237\u7684\u4f1a\u8bdd\u7ba1\u7406,\u751a\u81f3\u5728\u975eweb \u6216 EJB \u5e94\u7528\u7a0b\u5e8f<\/li>\n<li><code>Cryptography\uff08\u52a0\u5bc6\uff09<\/code>\uff1a\u5728\u5bf9\u6570\u636e\u6e90\u4f7f\u7528\u52a0\u5bc6\u7b97\u6cd5\u52a0\u5bc6\u7684\u540c\u65f6\uff0c\u4fdd\u8bc1\u6613\u4e8e\u4f7f\u7528<\/li>\n<\/ul>\n<p>Shiro \u67b6\u6784\u5305\u542b\u4e09\u4e2a\u4e3b\u8981\u7684\u7406\u5ff5\uff1a<code>Subject<\/code>\uff0c<code>SecurityManager<\/code>\u548c <code>Realm<\/code><\/p>\n<ul>\n<li><code>Subject<\/code>\uff1a\u5f53\u524d\u7528\u6237\uff0cSubject \u53ef\u4ee5\u662f\u4e00\u4e2a\u4eba\uff0c\u4f46\u4e5f\u53ef\u4ee5\u662f\u7b2c\u4e09\u65b9\u670d\u52a1\u3001\u5b88\u62a4\u8fdb\u7a0b\u5e10\u6237\u3001\u65f6\u949f\u5b88\u62a4\u4efb\u52a1\u6216\u8005\u5176\u5b83\u2013\u5f53\u524d\u548c\u8f6f\u4ef6\u4ea4\u4e92\u7684\u4efb\u4f55\u4e8b\u4ef6\u3002<\/li>\n<li><code>SecurityManager<\/code>\uff1a\u7ba1\u7406\u6240\u6709Subject\uff0cSecurityManager \u662f Shiro \u67b6\u6784\u7684\u6838\u5fc3\uff0c\u914d\u5408\u5185\u90e8\u5b89\u5168\u7ec4\u4ef6\u5171\u540c\u7ec4\u6210\u5b89\u5168\u4f1e\u3002<\/li>\n<li><code>Realms<\/code>\uff1a\u7528\u4e8e\u8fdb\u884c\u6743\u9650\u4fe1\u606f\u7684\u9a8c\u8bc1\uff0c\u6211\u4eec\u81ea\u5df1\u5b9e\u73b0\u3002Realm \u672c\u8d28\u4e0a\u662f\u4e00\u4e2a\u7279\u5b9a\u7684\u5b89\u5168 DAO\uff1a\u5b83\u5c01\u88c5\u4e0e\u6570\u636e\u6e90\u8fde\u63a5\u7684\u7ec6\u8282\uff0c\u5f97\u5230Shiro \u6240\u9700\u7684\u76f8\u5173\u7684\u6570\u636e\u3002\u5728\u914d\u7f6e Shiro \u7684\u65f6\u5019\uff0c\u4f60\u5fc5\u987b\u6307\u5b9a\u81f3\u5c11\u4e00\u4e2aRealm \u6765\u5b9e\u73b0\u8ba4\u8bc1\uff08authentication\uff09\u548c\/\u6216\u6388\u6743\uff08authorization\uff09\u3002<\/li>\n<\/ul>\n<p>\u6211\u4eec\u9700\u8981\u5b9e\u73b0Realms\u7684<code>Authentication<\/code>\u548c<code>Authorization<\/code>\u3002\u5176\u4e2d<code>Authentication<\/code>\u662f\u7528\u6765\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\uff0c<code>Authorization<\/code>\u662f\u6388\u6743\u8bbf\u95ee\u63a7\u5236\uff0c\u7528\u4e8e\u5bf9\u7528\u6237\u8fdb\u884c\u7684\u64cd\u4f5c\u6388\u6743\uff0c\u8bc1\u660e\u8be5\u7528\u6237\u662f\u5426\u5141\u8bb8\u8fdb\u884c\u5f53\u524d\u64cd\u4f5c\uff0c\u5982\u8bbf\u95ee\u67d0\u4e2a\u94fe\u63a5\uff0c\u67d0\u4e2a\u8d44\u6e90\u6587\u4ef6\u7b49\u3002<\/p>\n<h2>\u5feb\u901f\u4e0a\u624b<\/h2>\n<h3>\u57fa\u7840\u4fe1\u606f<\/h3>\n<h4>pom\u5305\u4f9d\u8d56<\/h4>\n<pre><code class=\"language-xml\">&lt;dependencies&gt;\n    &lt;dependency&gt;\n        &lt;groupId&gt;org.springframework.boot&lt;\/groupId&gt;\n        &lt;artifactId&gt;spring-boot-starter-data-jpa&lt;\/artifactId&gt;\n    &lt;\/dependency&gt;\n    &lt;dependency&gt;\n        &lt;groupId&gt;org.springframework.boot&lt;\/groupId&gt;\n        &lt;artifactId&gt;spring-boot-starter-thymeleaf&lt;\/artifactId&gt;\n    &lt;\/dependency&gt;\n    &lt;dependency&gt;\n        &lt;groupId&gt;net.sourceforge.nekohtml&lt;\/groupId&gt;\n        &lt;artifactId&gt;nekohtml&lt;\/artifactId&gt;\n        &lt;version&gt;1.9.22&lt;\/version&gt;\n    &lt;\/dependency&gt;\n    &lt;dependency&gt;\n        &lt;groupId&gt;org.springframework.boot&lt;\/groupId&gt;\n        &lt;artifactId&gt;spring-boot-starter-web&lt;\/artifactId&gt;\n    &lt;\/dependency&gt;\n    &lt;dependency&gt;\n        &lt;groupId&gt;org.apache.shiro&lt;\/groupId&gt;\n        &lt;artifactId&gt;shiro-spring&lt;\/artifactId&gt;\n        &lt;version&gt;1.4.0&lt;\/version&gt;\n    &lt;\/dependency&gt;\n    &lt;dependency&gt;\n        &lt;groupId&gt;mysql&lt;\/groupId&gt;\n        &lt;artifactId&gt;mysql-connector-java&lt;\/artifactId&gt;\n        &lt;scope&gt;runtime&lt;\/scope&gt;\n    &lt;\/dependency&gt;\n&lt;\/dependencies&gt;<\/code><\/pre>\n<h4>\u914d\u7f6e\u6587\u4ef6<\/h4>\n<pre><code class=\"language-yml\">spring:\n  datasource:\n    url: jdbc:mysql:\/\/localhost:3306\/test\n    username: root\n    password: root\n    driver-class-name: com.mysql.jdbc.Driver\n\n  jpa:\n    database: mysql\n    show-sql: true\n    hibernate:\n      ddl-auto: update\n      naming:\n        strategy: org.hibernate.cfg.DefaultComponentSafeNamingStrategy\n    properties:\n      hibernate:\n        dialect: org.hibernate.dialect.MySQL5Dialect\n\n  thymeleaf:\n    cache: false\n    mode: LEGACYHTML5<\/code><\/pre>\n<p>thymeleaf\u7684\u914d\u7f6e\u662f\u4e3a\u4e86\u53bb\u6389html\u7684\u6821\u9a8c<\/p>\n<h4>\u524d\u7aef\u9875\u9762<\/h4>\n<p>\u65b0\u5efa6\u4e2a\u9875\u9762\u7528\u6765\u6d4b\u8bd5\uff1a<\/p>\n<p><code>resources\/templates\/shiro\/index.html<\/code>\uff1a\u9996\u9875<\/p>\n<pre><code class=\"language-html\">&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;en&quot;&gt;\n&lt;head&gt;\n    &lt;meta charset=&quot;UTF-8&quot;&gt;\n    &lt;title&gt;index&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n&lt;h1&gt;index&lt;\/h1&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<p><code>resources\/templates\/shiro\/login.html<\/code>\uff1a\u767b\u5f55\u9875<\/p>\n<pre><code class=\"language-html\">&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;en&quot; xmlns:th=&quot;http:\/\/www.w3.org\/1999\/xhtml&quot;&gt;\n&lt;head&gt;\n    &lt;meta charset=&quot;UTF-8&quot;&gt;\n    &lt;title&gt;Login&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n\u9519\u8bef\u4fe1\u606f\uff1a&lt;h4 th:text=&quot;${msg}&quot;&gt;&lt;\/h4&gt;\n&lt;form action=&quot;&quot; method=&quot;post&quot;&gt;\n    &lt;p&gt;\u8d26\u53f7\uff1a&lt;input type=&quot;text&quot; name=&quot;username&quot; value=&quot;admin&quot;\/&gt;&lt;\/p&gt;\n    &lt;p&gt;\u5bc6\u7801\uff1a&lt;input type=&quot;text&quot; name=&quot;password&quot; value=&quot;123456&quot;\/&gt;&lt;\/p&gt;\n    &lt;p&gt;&lt;input type=&quot;submit&quot; value=&quot;\u767b\u5f55&quot;\/&gt;&lt;\/p&gt;\n&lt;\/form&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<p><code>resources\/templates\/shiro\/userInfo.html<\/code>\uff1a\u7528\u6237\u4fe1\u606f\u9875\u9762<\/p>\n<pre><code class=\"language-html\">&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;en&quot;&gt;\n&lt;head&gt;\n    &lt;meta charset=&quot;UTF-8&quot;&gt;\n    &lt;title&gt;UserInfo&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n&lt;h3&gt;\u7528\u6237\u67e5\u8be2\u754c\u9762&lt;\/h3&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<p><code>resources\/templates\/shiro\/userInfoAdd.html<\/code>\uff1a\u6dfb\u52a0\u7528\u6237\u9875\u9762<\/p>\n<pre><code class=\"language-html\">&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;en&quot;&gt;\n&lt;head&gt;\n    &lt;meta charset=&quot;UTF-8&quot;&gt;\n    &lt;title&gt;Add&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n&lt;h3&gt;\u7528\u6237\u6dfb\u52a0\u754c\u9762&lt;\/h3&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<p><code>resources\/templates\/shiro\/userInfoDel.html<\/code>\uff1a\u5220\u9664\u7528\u6237\u9875\u9762<\/p>\n<pre><code class=\"language-html\">&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;en&quot;&gt;\n&lt;head&gt;\n    &lt;meta charset=&quot;UTF-8&quot;&gt;\n    &lt;title&gt;Del&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n&lt;h3&gt;\u7528\u6237\u5220\u9664\u754c\u9762&lt;\/h3&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<p><code>resources\/templates\/shiro\/403.html<\/code>\uff1a\u6ca1\u6709\u6743\u9650\u7684\u9875\u9762<\/p>\n<pre><code class=\"language-html\">&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;en&quot;&gt;\n&lt;head&gt;\n    &lt;meta charset=&quot;UTF-8&quot;&gt;\n    &lt;title&gt;403&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n&lt;h3&gt;403\u6ca1\u6709\u6743\u9650&lt;\/h3&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<h3>RBAC<\/h3>\n<p>RBAC \u662f\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff08Role-Based Access Control \uff09\u5728 RBAC \u4e2d\uff0c\u6743\u9650\u4e0e\u89d2\u8272\u76f8\u5173\u8054\uff0c\u7528\u6237\u901a\u8fc7\u6210\u4e3a\u9002\u5f53\u89d2\u8272\u7684\u6210\u5458\u800c\u5f97\u5230\u8fd9\u4e9b\u89d2\u8272\u7684\u6743\u9650\u3002\u8fd9\u5c31\u6781\u5927\u5730\u7b80\u5316\u4e86\u6743\u9650\u7684\u7ba1\u7406\u3002\u8fd9\u6837\u7ba1\u7406\u90fd\u662f\u5c42\u7ea7\u76f8\u4e92\u4f9d\u8d56\u7684\uff0c\u6743\u9650\u8d4b\u4e88\u7ed9\u89d2\u8272\uff0c\u800c\u628a\u89d2\u8272\u53c8\u8d4b\u4e88\u7528\u6237\uff0c\u8fd9\u6837\u7684\u6743\u9650\u8bbe\u8ba1\u5f88\u6e05\u695a\uff0c\u7ba1\u7406\u8d77\u6765\u5f88\u65b9\u4fbf\u3002<\/p>\n<p>\u91c7\u7528 Jpa \u6280\u672f\u6765\u81ea\u52a8\u751f\u6210\u57fa\u7840\u8868\u683c\uff0c\u5bf9\u5e94\u7684\u5b9e\u4f53\u5982\u4e0b\uff1a<\/p>\n<p>\uff081\uff09\u7528\u6237\u4fe1\u606f<\/p>\n<pre><code class=\"language-java\">@Getter\n@Setter\n@ToString\n@Entity\npublic class UserInfo implements Serializable {\n    private static final long serialVersionUID = 3839390521933848740L;\n    @Id\n    @GeneratedValue\n    private Integer uid;\n    @Column(unique = true)\n    private String username; \/\/\u5e10\u53f7\n    private String name; \/\/\u540d\u79f0\uff08\u6635\u79f0\u6216\u8005\u771f\u5b9e\u59d3\u540d\uff0c\u4e0d\u540c\u7cfb\u7edf\u4e0d\u540c\u5b9a\u4e49\uff09\n    private String password; \/\/\u5bc6\u7801\n    private String salt; \/\/\u52a0\u5bc6\u5bc6\u7801\u7684\u76d0\n    private byte state; \/\/\u7528\u6237\u72b6\u6001, 0: \u521b\u5efa\u672a\u8ba4\u8bc1\uff08\u6bd4\u5982\u6ca1\u6709\u6fc0\u6d3b, \u6ca1\u6709\u8f93\u5165\u9a8c\u8bc1\u7801\u7b49\u7b49\uff09--\u7b49\u5f85\u9a8c\u8bc1\u7684\u7528\u6237, 1: \u6b63\u5e38\u72b6\u6001, 2: \u7528\u6237\u88ab\u9501\u5b9a\n    @ManyToMany(fetch = FetchType.EAGER) \/\/\u7acb\u5373\u4ece\u6570\u636e\u5e93\u4e2d\u8fdb\u884c\u52a0\u8f7d\u6570\u636e;\n    @JoinTable(name = &quot;SysUserRole&quot;, joinColumns = { @JoinColumn(name = &quot;uid&quot;) }, inverseJoinColumns = {@JoinColumn(name = &quot;roleId&quot;) })\n    private List&lt;SysRole&gt; roleList; \/\/\u4e00\u4e2a\u7528\u6237\u5177\u6709\u591a\u4e2a\u89d2\u8272\n\n    \/**\n     * \u5bc6\u7801\u76d0\n     * @return\n     *\/\n    public String getCredentialsSalt() {\n        return this.username + this.salt;\n    }\n    \/\/\u91cd\u65b0\u5bf9\u76d0\u91cd\u65b0\u8fdb\u884c\u4e86\u5b9a\u4e49\uff0c\u7528\u6237\u540d+salt\uff0c\u8fd9\u6837\u5c31\u66f4\u52a0\u4e0d\u5bb9\u6613\u88ab\u7834\u89e3\n}<\/code><\/pre>\n<p>\uff082\uff09\u89d2\u8272\u4fe1\u606f<\/p>\n<pre><code class=\"language-java\">@Getter\n@Setter\n@Entity\npublic class SysRole implements Serializable {\n    @Id\n    @GeneratedValue\n    private Integer id; \/\/ \u7f16\u53f7\n    private String role; \/\/ \u89d2\u8272\u6807\u8bc6\u7a0b\u5e8f\u4e2d\u5224\u65ad\u4f7f\u7528, \u5982&quot;admin&quot;, \u8fd9\u4e2a\u662f\u552f\u4e00\u7684\n    private String description; \/\/ \u89d2\u8272\u63cf\u8ff0, UI\u754c\u9762\u663e\u793a\u4f7f\u7528\n    private Boolean available = Boolean.FALSE; \/\/ \u662f\u5426\u53ef\u7528, \u5982\u679c\u4e0d\u53ef\u7528\u5c06\u4e0d\u4f1a\u6dfb\u52a0\u7ed9\u7528\u6237\n\n    \/\/ \u89d2\u8272 - \u6743\u9650\u5173\u7cfb: \u591a\u5bf9\u591a\u5173\u7cfb\n    @ManyToMany(fetch = FetchType.EAGER)\n    @JoinTable(name = &quot;SysRolePermission&quot;, joinColumns = {@JoinColumn(name=&quot;roleId&quot;)}, inverseJoinColumns = {@JoinColumn(name=&quot;permissionId&quot;)})\n    private List&lt;SysPermission&gt; permissions;\n\n    \/\/ \u7528\u6237 - \u89d2\u8272\u5173\u7cfb\u5b9a\u4e49\n    @ManyToMany\n    @JoinTable(name = &quot;SysUserRole&quot;, joinColumns = {@JoinColumn(name=&quot;roleId&quot;)}, inverseJoinColumns = {@JoinColumn(name=&quot;uid&quot;)})\n    private List&lt;UserInfo&gt; userInfos; \/\/ \u4e00\u4e2a\u89d2\u8272\u5bf9\u5e94\u591a\u4e2a\u7528\u6237\n}<\/code><\/pre>\n<p>\uff083\uff09\u6743\u9650\u4fe1\u606f<\/p>\n<pre><code class=\"language-java\">@Getter\n@Setter\n@ToString\n@Entity\npublic class UserInfo implements Serializable {\n    private static final long serialVersionUID = 3839390521933848740L;\n    @Id\n    @GeneratedValue\n    private Integer uid;\n    @Column(unique = true)\n    private String username; \/\/\u5e10\u53f7\n    private String name; \/\/\u540d\u79f0\uff08\u6635\u79f0\u6216\u8005\u771f\u5b9e\u59d3\u540d\uff0c\u4e0d\u540c\u7cfb\u7edf\u4e0d\u540c\u5b9a\u4e49\uff09\n    private String password; \/\/\u5bc6\u7801\n    private String salt; \/\/\u52a0\u5bc6\u5bc6\u7801\u7684\u76d0\n    private byte state; \/\/\u7528\u6237\u72b6\u6001, 0: \u521b\u5efa\u672a\u8ba4\u8bc1\uff08\u6bd4\u5982\u6ca1\u6709\u6fc0\u6d3b, \u6ca1\u6709\u8f93\u5165\u9a8c\u8bc1\u7801\u7b49\u7b49\uff09--\u7b49\u5f85\u9a8c\u8bc1\u7684\u7528\u6237, 1: \u6b63\u5e38\u72b6\u6001, 2: \u7528\u6237\u88ab\u9501\u5b9a\n    @ManyToMany(fetch = FetchType.EAGER) \/\/\u7acb\u5373\u4ece\u6570\u636e\u5e93\u4e2d\u8fdb\u884c\u52a0\u8f7d\u6570\u636e;\n    @JoinTable(name = &quot;SysUserRole&quot;, joinColumns = { @JoinColumn(name = &quot;uid&quot;) }, inverseJoinColumns = {@JoinColumn(name = &quot;roleId&quot;) })\n    private List&lt;SysRole&gt; roleList; \/\/\u4e00\u4e2a\u7528\u6237\u5177\u6709\u591a\u4e2a\u89d2\u8272\n\n    \/**\n     * \u5bc6\u7801\u76d0\n     * @return\n     *\/\n    public String getCredentialsSalt() {\n        return this.username + this.salt;\n    }\n    \/\/\u91cd\u65b0\u5bf9\u76d0\u91cd\u65b0\u8fdb\u884c\u4e86\u5b9a\u4e49\uff0c\u7528\u6237\u540d+salt\uff0c\u8fd9\u6837\u5c31\u66f4\u52a0\u4e0d\u5bb9\u6613\u88ab\u7834\u89e3\n}<\/code><\/pre>\n<p>\u6839\u636e\u4ee5\u4e0a\u7684\u4ee3\u7801\u4f1a\u81ea\u52a8\u751f\u6210 <code>user_info<\/code>\uff08\u7528\u6237\u4fe1\u606f\u8868\uff09\u3001<code>sys_role<\/code>\uff08\u89d2\u8272\u8868\uff09\u3001<code>sys_permission<\/code>\uff08\u6743\u9650\u8868\uff09\u3001<code>sys_user_role<\/code>\uff08\u7528\u6237\u89d2\u8272\u8868\uff09\u3001<code>sys_role_permission<\/code>\uff08\u89d2\u8272\u6743\u9650\u8868\uff09\u8fd9\u4e94\u5f20\u8868\uff0c\u4e3a\u4e86\u65b9\u4fbf\u6d4b\u8bd5\u6211\u4eec\u7ed9\u8fd9\u4e94\u5f20\u8868\u63d2\u5165\u4e00\u4e9b\u521d\u59cb\u5316\u6570\u636e\uff1a<\/p>\n<pre><code class=\"language-sql\">INSERT INTO `user_info` (`uid`,`username`,`name`,`password`,`salt`,`state`) VALUES (&#039;1&#039;, &#039;admin&#039;, &#039;\u7ba1\u7406\u5458&#039;, &#039;d3c59d25033dbf980d29554025c23a75&#039;, &#039;8d78869f470951332959580424d4bf4f&#039;, 0);\nINSERT INTO `sys_permission` (`id`,`available`,`name`,`parent_id`,`parent_ids`,`permission`,`resource_type`,`url`) VALUES (1,0,&#039;\u7528\u6237\u7ba1\u7406&#039;,0,&#039;0\/&#039;,&#039;userInfo:view&#039;,&#039;menu&#039;,&#039;userInfo\/userList&#039;);\nINSERT INTO `sys_permission` (`id`,`available`,`name`,`parent_id`,`parent_ids`,`permission`,`resource_type`,`url`) VALUES (2,0,&#039;\u7528\u6237\u6dfb\u52a0&#039;,1,&#039;0\/1&#039;,&#039;userInfo:add&#039;,&#039;button&#039;,&#039;userInfo\/userAdd&#039;);\nINSERT INTO `sys_permission` (`id`,`available`,`name`,`parent_id`,`parent_ids`,`permission`,`resource_type`,`url`) VALUES (3,0,&#039;\u7528\u6237\u5220\u9664&#039;,1,&#039;0\/1&#039;,&#039;userInfo:del&#039;,&#039;button&#039;,&#039;userInfo\/userDel&#039;);\nINSERT INTO `sys_role` (`id`,`available`,`description`,`role`) VALUES (1,0,&#039;\u7ba1\u7406\u5458&#039;,&#039;admin&#039;);\nINSERT INTO `sys_role` (`id`,`available`,`description`,`role`) VALUES (2,0,&#039;VIP\u4f1a\u5458&#039;,&#039;vip&#039;);\nINSERT INTO `sys_role` (`id`,`available`,`description`,`role`) VALUES (3,1,&#039;test&#039;,&#039;test&#039;);\nINSERT INTO `sys_role_permission` VALUES (&#039;1&#039;, &#039;1&#039;);\nINSERT INTO `sys_role_permission` (`permission_id`,`role_id`) VALUES (1,1);\nINSERT INTO `sys_role_permission` (`permission_id`,`role_id`) VALUES (2,1);\nINSERT INTO `sys_role_permission` (`permission_id`,`role_id`) VALUES (3,2);\nINSERT INTO `sys_user_role` (`role_id`,`uid`) VALUES (1,1);<\/code><\/pre>\n<h3>Shiro\u914d\u7f6e<\/h3>\n<p>\u9996\u5148\u8981\u914d\u7f6e\u7684\u662f ShiroConfig \u7c7b\uff0cApache Shiro \u6838\u5fc3\u901a\u8fc7 Filter \u6765\u5b9e\u73b0\uff0c\u5c31\u597d\u50cf SpringMvc \u901a\u8fc7 DispachServlet \u6765\u4e3b\u63a7\u5236\u4e00\u6837\u3002 \u65e2\u7136\u662f\u4f7f\u7528 Filter \u4e00\u822c\u4e5f\u5c31\u80fd\u731c\u5230\uff0c\u662f\u901a\u8fc7 URL \u89c4\u5219\u6765\u8fdb\u884c\u8fc7\u6ee4\u548c\u6743\u9650\u6821\u9a8c\uff0c\u6240\u4ee5\u6211\u4eec\u9700\u8981\u5b9a\u4e49\u4e00\u7cfb\u5217\u5173\u4e8e URL \u7684\u89c4\u5219\u548c\u8bbf\u95ee\u6743\u9650\u3002<\/p>\n<pre><code class=\"language-java\">@Configuration\npublic class ShiroConfig {\n    @Bean\n    public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {\n        System.out.println(&quot;ShiroConfiguration.shirFilter()&quot;);\n        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();\n        shiroFilterFactoryBean.setSecurityManager(securityManager);\n        \/\/ \u62e6\u622a\u5668.\n        Map&lt;String,String&gt; filterChainDefinitionMap = new LinkedHashMap&lt;String,String&gt;();\n        \/\/ \u914d\u7f6e\u4e0d\u4f1a\u88ab\u62e6\u622a\u7684\u94fe\u63a5 \u987a\u5e8f\u5224\u65ad\n        filterChainDefinitionMap.put(&quot;\/static\/**&quot;, &quot;anon&quot;);\n        \/\/ \u914d\u7f6e\u9000\u51fa\u8fc7\u6ee4\u5668, \u5176\u4e2d\u7684\u5177\u4f53\u7684\u9000\u51fa\u4ee3\u7801Shiro\u5df2\u7ecf\u66ff\u6211\u4eec\u5b9e\u73b0\u4e86\n        filterChainDefinitionMap.put(&quot;\/logout&quot;, &quot;logout&quot;);\n        \/\/&lt;!-- \u8fc7\u6ee4\u94fe\u5b9a\u4e49, \u4ece\u4e0a\u5411\u4e0b\u987a\u5e8f\u6267\u884c, \u4e00\u822c\u5c06\/**\u653e\u5728\u6700\u4e3a\u4e0b\u8fb9 --&gt; \u8fd9\u662f\u4e00\u4e2a\u5751\u5462, \u4e00\u4e0d\u5c0f\u5fc3\u4ee3\u7801\u5c31\u4e0d\u597d\u4f7f\u4e86\n        \/\/&lt;!-- authc:\u6240\u6709url\u90fd\u5fc5\u987b\u8ba4\u8bc1\u901a\u8fc7\u624d\u53ef\u4ee5\u8bbf\u95ee; anon:\u6240\u6709url\u90fd\u90fd\u53ef\u4ee5\u533f\u540d\u8bbf\u95ee --&gt;\n        filterChainDefinitionMap.put(&quot;\/**&quot;, &quot;authc&quot;);\n        \/\/ \u5982\u679c\u4e0d\u8bbe\u7f6e\u9ed8\u8ba4\u4f1a\u81ea\u52a8\u5bfb\u627eWeb\u5de5\u7a0b\u6839\u76ee\u5f55\u4e0b\u7684&quot;\/login.jsp&quot;\u9875\u9762\n        shiroFilterFactoryBean.setLoginUrl(&quot;\/login&quot;);\n        \/\/ \u767b\u5f55\u6210\u529f\u540e\u8981\u8df3\u8f6c\u7684\u94fe\u63a5\n        shiroFilterFactoryBean.setSuccessUrl(&quot;\/index&quot;);\n\n        \/\/ \u672a\u6388\u6743\u754c\u9762\n        shiroFilterFactoryBean.setUnauthorizedUrl(&quot;\/403&quot;);\n        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);\n        return shiroFilterFactoryBean;\n    }\n\n    \/**\n     * \u51ed\u8bc1\u5339\u914d\u5668\n     * \uff08\u7531\u4e8e\u6211\u4eec\u7684\u5bc6\u7801\u6821\u9a8c\u4ea4\u7ed9Shiro\u7684SimpleAuthenticationInfo\u8fdb\u884c\u5904\u7406\u4e86\uff09\n     * @return\n     *\/\n    @Bean\n    public HashedCredentialsMatcher hashedCredentialsMatcher(){\n        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();\n        hashedCredentialsMatcher.setHashAlgorithmName(&quot;md5&quot;); \/\/\u6563\u5217\u7b97\u6cd5: \u8fd9\u91cc\u4f7f\u7528MD5\u7b97\u6cd5\n        hashedCredentialsMatcher.setHashIterations(2); \/\/\u6563\u5217\u7684\u6b21\u6570, \u6bd4\u5982\u6563\u5217\u4e24\u6b21, \u76f8\u5f53\u4e8e md5(md5(&quot;&quot;))\n        return hashedCredentialsMatcher;\n    }\n\n    @Bean\n    public MyShiroRealm myShiroRealm(){\n        MyShiroRealm myShiroRealm = new MyShiroRealm();\n        myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());\n        return myShiroRealm;\n    }\n\n    @Bean\n    public SecurityManager securityManager(){\n        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();\n        securityManager.setRealm(myShiroRealm());\n        return securityManager;\n    }\n\n    \/**\n     *  \u5f00\u542fshiro aop\u6ce8\u89e3\u652f\u6301\n     *  \u4f7f\u7528\u4ee3\u7406\u65b9\u5f0f, \u6240\u4ee5\u9700\u8981\u5f00\u542f\u4ee3\u7801\u652f\u6301\n     * @param securityManager\n     * @return\n     *\/\n    @Bean\n    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){\n        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();\n        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);\n        return authorizationAttributeSourceAdvisor;\n    }\n\n    @Bean(name=&quot;simpleMappingExceptionResolver&quot;)\n    public SimpleMappingExceptionResolver createSimpleMappingExceptionResolver() {\n        SimpleMappingExceptionResolver r = new SimpleMappingExceptionResolver();\n        Properties mappings = new Properties();\n        mappings.setProperty(&quot;DatabaseException&quot;, &quot;databaseError&quot;);  \/\/ \u6570\u636e\u5e93\u5f02\u5e38\u5904\u7406\n        mappings.setProperty(&quot;UnauthorizedException&quot;, &quot;shiro\/403&quot;);\n        r.setExceptionMappings(mappings);  \/\/ None by default\n        r.setDefaultErrorView(&quot;error&quot;);  \/\/ No default\n        r.setExceptionAttribute(&quot;ex&quot;);  \/\/ Default is &quot;exception&quot;\n        \/\/r.setWarnLogCategory(&quot;example.MvcLogger&quot;);  \/\/ No default\n        return r;\n    }\n}<\/code><\/pre>\n<p>Filter Chain \u5b9a\u4e49\u8bf4\u660e\uff1a<\/p>\n<p>1\u3001\u4e00\u4e2aURL\u53ef\u4ee5\u914d\u7f6e\u591a\u4e2aFilter\uff0c\u4f7f\u7528\u9017\u53f7\u5206\u9694<br \/>\n2\u3001\u5f53\u8bbe\u7f6e\u591a\u4e2a\u8fc7\u6ee4\u5668\u65f6\uff0c\u5168\u90e8\u9a8c\u8bc1\u901a\u8fc7\uff0c\u624d\u89c6\u4e3a\u901a\u8fc7<br \/>\n3\u3001\u90e8\u5206\u8fc7\u6ee4\u5668\u53ef\u6307\u5b9a\u53c2\u6570\uff0c\u5982 perms\uff0croles<\/p>\n<p>Shiro \u5185\u7f6e\u7684 FilterChain<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Filter Name<\/th>\n<th style=\"text-align: left;\">Class<\/th>\n<th style=\"text-align: left;\">\u8bf4\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">anon<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authc.AnonymousFilter<\/td>\n<td style=\"text-align: left;\">\u6240\u6709 url \u90fd\u90fd\u53ef\u4ee5\u533f\u540d\u8bbf\u95ee<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">authc<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authc.FormAuthenticationFilter<\/td>\n<td style=\"text-align: left;\">\u9700\u8981\u8ba4\u8bc1\u624d\u80fd\u8fdb\u884c\u8bbf\u95ee<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">authcBasic<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter<\/td>\n<td style=\"text-align: left;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">perms<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter<\/td>\n<td style=\"text-align: left;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">port<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authz.PortFilter<\/td>\n<td style=\"text-align: left;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">rest<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter<\/td>\n<td style=\"text-align: left;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">roles<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authz.RolesAuthorizationFilter<\/td>\n<td style=\"text-align: left;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">ssl<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authz.SslFilter<\/td>\n<td style=\"text-align: left;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">user<\/td>\n<td style=\"text-align: left;\">org.apache.shiro.web.filter.authc.UserFilter<\/td>\n<td style=\"text-align: left;\">\u914d\u7f6e\u8bb0\u4f4f\u6211\u6216\u8ba4\u8bc1\u901a\u8fc7\u53ef\u4ee5\u8bbf\u95ee<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u767b\u5f55\u8ba4\u8bc1\u5b9e\u73b0<\/h3>\n<p>\u5728\u8ba4\u8bc1\u3001\u6388\u6743\u5185\u90e8\u5b9e\u73b0\u673a\u5236\u4e2d\u90fd\u6709\u63d0\u5230\uff0c\u6700\u7ec8\u5904\u7406\u90fd\u5c06\u4ea4\u7ed9Realm\u8fdb\u884c\u5904\u7406\u3002\u56e0\u4e3a\u5728Shiro\u4e2d\uff0c\u6700\u7ec8\u662f\u901a\u8fc7Realm\u6765\u83b7\u53d6\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u7528\u6237\u3001\u89d2\u8272\u53ca\u6743\u9650\u4fe1\u606f\u7684\u3002\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u5728 Realm\u4e2d\u4f1a\u76f4\u63a5\u4ece\u6211\u4eec\u7684\u6570\u636e\u6e90\u4e2d\u83b7\u53d6Shiro\u9700\u8981\u7684\u9a8c\u8bc1\u4fe1\u606f\u3002\u53ef\u4ee5\u8bf4\uff0cRealm\u662f\u4e13\u7528\u4e8e\u5b89\u5168\u6846\u67b6\u7684DAO\uff0cShiro\u7684\u8ba4\u8bc1\u8fc7\u7a0b\u6700\u7ec8\u4f1a\u4ea4\u7531Realm\u6267\u884c\uff0c\u8fd9\u65f6\u4f1a\u8c03\u7528Realm\u7684getAuthenticationInfo(token)\u65b9\u6cd5\u3002<\/p>\n<p>\u8be5\u65b9\u6cd5\u4e3b\u8981\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a<\/p>\n<p>1\u3001\u68c0\u67e5\u63d0\u4ea4\u7684\u8fdb\u884c\u8ba4\u8bc1\u7684\u4ee4\u724c\u4fe1\u606f<br \/>\n2\u3001\u6839\u636e\u4ee4\u724c\u4fe1\u606f\u4ece\u6570\u636e\u6e90(\u901a\u5e38\u4e3a\u6570\u636e\u5e93)\u4e2d\u83b7\u53d6\u7528\u6237\u4fe1\u606f<br \/>\n3\u3001\u5bf9\u7528\u6237\u4fe1\u606f\u8fdb\u884c\u5339\u914d\u9a8c\u8bc1<br \/>\n4\u3001\u9a8c\u8bc1\u901a\u8fc7\u5c06\u8fd4\u56de\u4e00\u4e2a\u5c01\u88c5\u4e86\u7528\u6237\u4fe1\u606f\u7684AuthenticationInfo\u5b9e\u4f8b<br \/>\n5\u3001\u9a8c\u8bc1\u5931\u8d25\u5219\u629b\u51faAuthenticationException\u5f02\u5e38\u4fe1\u606f<\/p>\n<p>\u800c\u5728\u6211\u4eec\u7684\u5e94\u7528\u7a0b\u5e8f\u4e2d\u8981\u505a\u7684\u5c31\u662f\u81ea\u5b9a\u4e49\u4e00\u4e2aRealm\u7c7b\uff0c\u7ee7\u627fAuthorizingRealm\u62bd\u8c61\u7c7b\uff0c\u91cd\u8f7d<code>doGetAuthenticationInfo()<\/code>\uff0c\u91cd\u5199\u83b7\u53d6\u7528\u6237\u4fe1\u606f\u7684\u65b9\u6cd5\u3002<\/p>\n<pre><code class=\"language-java\">\/*\u4e3b\u8981\u662f\u7528\u6765\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u7684\uff0c\u4e5f\u5c31\u662f\u8bf4\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u7684\u8d26\u53f7\u548c\u5bc6\u7801\u662f\u5426\u6b63\u786e*\/\n@Override\nprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)\n        throws AuthenticationException {\n    System.out.println(&quot;MyShiroRealm.doGetAuthenticationInfo()&quot;);\n    \/\/\u83b7\u53d6\u7528\u6237\u7684\u8f93\u5165\u7684\u8d26\u53f7.\n    String username = (String)token.getPrincipal();\n    System.out.println(token.getCredentials());\n    \/\/\u901a\u8fc7username\u4ece\u6570\u636e\u5e93\u4e2d\u67e5\u627e User\u5bf9\u8c61\uff0c\u5982\u679c\u627e\u5230\uff0c\u6ca1\u627e\u5230.\n    \/\/\u5b9e\u9645\u9879\u76ee\u4e2d\uff0c\u8fd9\u91cc\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u7f13\u5b58\uff0c\u5982\u679c\u4e0d\u505a\uff0cShiro\u81ea\u5df1\u4e5f\u662f\u6709\u65f6\u95f4\u95f4\u9694\u673a\u5236\uff0c2\u5206\u949f\u5185\u4e0d\u4f1a\u91cd\u590d\u6267\u884c\u8be5\u65b9\u6cd5\n    UserInfo userInfo = userInfoService.findByUsername(username);\n    System.out.println(&quot;userInfo=&quot; + userInfo.toString());\n    if (userInfo == null) {\n        return null;\n    }\n    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(\n            userInfo, \/\/\u7528\u6237\u540d\n            userInfo.getPassword(), \/\/\u5bc6\u7801\n            ByteSource.Util.bytes(userInfo.getCredentialsSalt()), \/\/salt=username+salt\n            getName() \/\/realm name\n    );\n    return authenticationInfo;\n}<\/code><\/pre>\n<h3>\u94fe\u63a5\u6743\u9650\u7684\u5b9e\u73b0<\/h3>\n<p>Shiro\u7684\u6743\u9650\u6388\u6743\u662f\u901a\u8fc7\u7ee7\u627fAuthorizingRealm\u62bd\u8c61\u7c7b\uff0c\u91cd\u8f7d<code>doGetAuthorizationInfo()<\/code>\u3002\u5f53\u8bbf\u95ee\u5230\u9875\u9762\u7684\u65f6\u5019\uff0c\u94fe\u63a5\u914d\u7f6e\u4e86\u76f8\u5e94\u7684\u6743\u9650\u6216\u8005Shiro\u6807\u7b7e\u624d\u4f1a\u6267\u884c\u6b64\u65b9\u6cd5\u5426\u5219\u4e0d\u4f1a\u6267\u884c\uff0c\u6240\u4ee5\u5982\u679c\u53ea\u662f\u7b80\u5355\u7684\u8eab\u4efd\u8ba4\u8bc1\u6ca1\u6709\u6743\u9650\u7684\u63a7\u5236\u7684\u8bdd\uff0c\u90a3\u4e48\u8fd9\u4e2a\u65b9\u6cd5\u53ef\u4ee5\u4e0d\u8fdb\u884c\u5b9e\u73b0\uff0c\u76f4\u63a5\u8fd4\u56de<code>null<\/code>\u5373\u53ef\u3002\u5728\u8fd9\u4e2a\u65b9\u6cd5\u4e2d\u4e3b\u8981\u662f\u4f7f\u7528\u7c7b<code>SimpleAuthorizationInfo<\/code>\u8fdb\u884c\u89d2\u8272\u7684\u6dfb\u52a0\u548c\u6743\u9650\u7684\u6dfb\u52a0\u3002<\/p>\n<pre><code class=\"language-java\">@Override\nprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {\n    System.out.println(&quot;\u6743\u9650\u914d\u7f6e --&gt; MyShiroRealm.doGetAuthorizationInfo()&quot;);\n    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();\n    UserInfo userInfo = (UserInfo) principals.getPrimaryPrincipal();\n    for (SysRole role : userInfo.getRoleList()) {\n        authorizationInfo.addRole(role.getRole());\n        for (SysPermission p : role.getPermissions()) {\n            authorizationInfo.addStringPermission(p.getPermission());\n        }\n    }\n    return authorizationInfo;\n}<\/code><\/pre>\n<p>\u5f53\u7136\u4e5f\u53ef\u4ee5\u6dfb\u52a0set\u96c6\u5408\uff1aroles\u662f\u4ece\u6570\u636e\u5e93\u67e5\u8be2\u7684\u5f53\u524d\u7528\u6237\u7684\u89d2\u8272\uff0cstringPermissions\u662f\u4ece\u6570\u636e\u5e93\u67e5\u8be2\u7684\u5f53\u524d\u7528\u6237\u5bf9\u5e94\u7684\u6743\u9650<\/p>\n<pre><code>authorizationInfo.setRoles(roles);\nauthorizationInfo.setStringPermissions(stringPermissions);<\/code><\/pre>\n<p>\u5c31\u662f\u8bf4\u5982\u679c\u5728shiro\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4e86<code>filterChainDefinitionMap.put(&quot;\/add&quot;, &quot;perms[\u6743\u9650\u6dfb\u52a0]&quot;);<\/code>\u5c31\u8bf4\u660e\u8bbf\u95ee<code>\/add<\/code>\u8fd9\u4e2a\u94fe\u63a5\u5fc5\u987b\u8981\u6709\u201c\u6743\u9650\u6dfb\u52a0\u201d\u8fd9\u4e2a\u6743\u9650\u624d\u53ef\u4ee5\u8bbf\u95ee\uff0c\u5982\u679c\u5728shiro\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4e86<code>filterChainDefinitionMap.put(&quot;\/add&quot;, &quot;roles[100002]\uff0cperms[\u6743\u9650\u6dfb\u52a0]&quot;);<\/code>\u5c31\u8bf4\u660e\u8bbf\u95ee<code>\/add<\/code>\u8fd9\u4e2a\u94fe\u63a5\u5fc5\u987b\u8981\u6709\u201c\u6743\u9650\u6dfb\u52a0\u201d\u8fd9\u4e2a\u6743\u9650\u548c\u5177\u6709\u201c100002\u201d\u8fd9\u4e2a\u89d2\u8272\u624d\u53ef\u4ee5\u8bbf\u95ee\u3002<\/p>\n<pre><code class=\"language-java\">public class MyShiroRealm extends AuthorizingRealm {\n    @Resource\n    private UserInfoService userInfoService;\n\n    @Override\n    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {\n        System.out.println(&quot;\u6743\u9650\u914d\u7f6e --&gt; MyShiroRealm.doGetAuthorizationInfo()&quot;);\n        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();\n        UserInfo userInfo = (UserInfo) principals.getPrimaryPrincipal();\n        for(SysRole role : userInfo.getRoleList()) {\n            authorizationInfo.addRole(role.getRole());\n            for (SysPermission p : role.getPermissions()) {\n                authorizationInfo.addStringPermission(p.getPermission());\n            }\n        }\n        return authorizationInfo;\n    }\n\n    \/*\u4e3b\u8981\u662f\u7528\u6765\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u7684\uff0c\u4e5f\u5c31\u662f\u8bf4\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u7684\u8d26\u53f7\u548c\u5bc6\u7801\u662f\u5426\u6b63\u786e*\/\n    @Override\n    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)\n            throws AuthenticationException {\n        System.out.println(&quot;MyShiroRealm.doGetAuthenticationInfo()&quot;);\n        \/\/\u83b7\u53d6\u7528\u6237\u7684\u8f93\u5165\u7684\u8d26\u53f7.\n        String username = (String)token.getPrincipal();\n        System.out.println(token.getCredentials());\n        \/\/\u901a\u8fc7username\u4ece\u6570\u636e\u5e93\u4e2d\u67e5\u627e User\u5bf9\u8c61\uff0c\u5982\u679c\u627e\u5230\uff0c\u6ca1\u627e\u5230.\n        \/\/\u5b9e\u9645\u9879\u76ee\u4e2d\uff0c\u8fd9\u91cc\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u7f13\u5b58\uff0c\u5982\u679c\u4e0d\u505a\uff0cShiro\u81ea\u5df1\u4e5f\u662f\u6709\u65f6\u95f4\u95f4\u9694\u673a\u5236\uff0c2\u5206\u949f\u5185\u4e0d\u4f1a\u91cd\u590d\u6267\u884c\u8be5\u65b9\u6cd5\n        UserInfo userInfo = userInfoService.findByUsername(username);\n        System.out.println(&quot;userInfo=&quot; + userInfo.toString());\n        if (userInfo == null) {\n            return null;\n        }\n        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(\n                userInfo, \/\/\u7528\u6237\u540d\n                userInfo.getPassword(), \/\/\u5bc6\u7801\n                ByteSource.Util.bytes(userInfo.getCredentialsSalt()), \/\/salt=username+salt\n                getName() \/\/realm name\n        );\n        return authenticationInfo;\n    }\n}<\/code><\/pre>\n<pre><code class=\"language-java\">public interface UserInfoDao extends CrudRepository&lt;UserInfo, Long&gt; {\n    \/**\u901a\u8fc7username\u67e5\u627e\u7528\u6237\u4fe1\u606f**\/\n    UserInfo findByUsername(String username);\n}<\/code><\/pre>\n<pre><code class=\"language-java\">public interface UserInfoService {\n    \/**\u901a\u8fc7username\u67e5\u627e\u7528\u6237\u4fe1\u606f*\/\n    public UserInfo findByUsername(String username);\n}<\/code><\/pre>\n<pre><code class=\"language-java\">@Service\npublic class UserInfoServiceImpl implements UserInfoService {\n    @Resource\n    private UserInfoDao userInfoDao;\n\n    @Override\n    public UserInfo findByUsername(String username) {\n        System.out.println(&quot;UserInfoServiceImpl.findByUsername()&quot;);\n        return userInfoDao.findByUsername(username);\n    }\n}<\/code><\/pre>\n<h2>\u767b\u5f55\u5b9e\u73b0<\/h2>\n<p>\u767b\u5f55\u8fc7\u7a0b\u5176\u5b9e\u53ea\u662f\u5904\u7406\u5f02\u5e38\u7684\u76f8\u5173\u4fe1\u606f\uff0c\u5177\u4f53\u7684\u767b\u5f55\u9a8c\u8bc1\u4ea4\u7ed9Shiro\u6765\u5904\u7406<\/p>\n<pre><code class=\"language-java\">@Controller\npublic class HomeController {\n    @RequestMapping({&quot;\/&quot;, &quot;\/index&quot;})\n    public String index() {\n        return &quot;shiro\/index&quot;;\n    }\n\n    @RequestMapping(&quot;\/login&quot;)\n    public String login(HttpServletRequest request, Map&lt;String, Object&gt; map) throws Exception {\n        System.out.println(&quot;HomeController.login()&quot;);\n        \/\/ \u767b\u5f55\u5931\u8d25\u4ecerequest\u4e2d\u83b7\u53d6shiro\u5904\u7406\u7684\u5f02\u5e38\u4fe1\u606f\n        \/\/ shiroLoginFailure:\u5c31\u662fshiro\u5f02\u5e38\u7c7b\u7684\u5168\u7c7b\u540d\n        String exception = (String) request.getAttribute(&quot;shiroLoginFailure&quot;);\n        System.out.println(&quot;exception=&quot; + exception);\n        String msg = &quot;&quot;;\n        if (exception != null) {\n            if (UnknownAccountException.class.getName().equals(exception)) {\n                System.out.println(&quot;UnknownAccountException --&gt; \u8d26\u53f7\u4e0d\u5b58\u5728&quot;);\n                msg = &quot;UnknownAccountException --&gt; \u8d26\u53f7\u4e0d\u5b58\u5728&quot;;\n            } else if (IncorrectCredentialsException.class.getName().equals(exception)) {\n                System.out.println(&quot;IncorrectCredentialsException --&gt; \u5bc6\u7801\u4e0d\u6b63\u786e&quot;);\n                msg = &quot;IncorrectCredentialsException --&gt; \u5bc6\u7801\u4e0d\u6b63\u786e&quot;;\n            } else if (&quot;kaptchaValidateFailed&quot;.equals(exception)) {\n                System.out.println(&quot;kaptchaValidateFailed --&gt; \u9a8c\u8bc1\u7801\u9519\u8bef&quot;);\n                msg = &quot;kaptchaValidateFailed --&gt; \u9a8c\u8bc1\u7801\u9519\u8bef&quot;;\n            } else {\n                msg = &quot;else &gt;&gt; &quot; + exception;\n                System.out.println(&quot;else --&gt; &quot; + exception);\n            }\n        }\n        map.put(&quot;msg&quot;, msg);\n        \/\/ \u6b64\u65b9\u6cd5\u4e0d\u5904\u7406\u767b\u5f55\u6210\u529f,\u7531shiro\u8fdb\u884c\u5904\u7406\n        return &quot;shiro\/login&quot;;\n    }\n\n    @RequestMapping(&quot;\/403&quot;)\n    public String unauthorizedRole() {\n        System.out.println(&quot;------\u6ca1\u6709\u6743\u9650-------&quot;);\n        return &quot;shiro\/403&quot;;\n    }\n}<\/code><\/pre>\n<pre><code class=\"language-java\">@Controller\n@RequestMapping(&quot;\/userInfo&quot;)\npublic class UserInfoController {\n    \/**\n     * \u7528\u6237\u67e5\u8be2.\n     * @return\n     *\/\n    @RequestMapping(&quot;\/userList&quot;)\n    @RequiresPermissions(&quot;userInfo:view&quot;) \/\/\u6743\u9650\u7ba1\u7406\n    public String userInfo() {\n        return &quot;shiro\/userInfo&quot;;\n    }\n\n    \/**\n     * \u7528\u6237\u6dfb\u52a0\n     * @return\n     *\/\n    @RequestMapping(&quot;\/userAdd&quot;)\n    @RequiresPermissions(&quot;userInfo:add&quot;) \/\/\u6743\u9650\u7ba1\u7406\n    public String userInfoAdd() {\n        return &quot;shiro\/userInfoAdd&quot;;\n    }\n\n    \/**\n     * \u7528\u6237\u5220\u9664\n     * @return\n     *\/\n    @RequestMapping(&quot;\/userDel&quot;)\n    @RequiresPermissions(&quot;userInfo:del&quot;) \/\/\u6743\u9650\u7ba1\u7406\n    public String userDel() {\n        return &quot;shiro\/userInfoDel&quot;;\n    }\n}<\/code><\/pre>\n<h2>\u6d4b\u8bd5<\/h2>\n<p>1\u3001\u7f16\u5199\u597d\u540e\u5c31\u53ef\u4ee5\u542f\u52a8\u7a0b\u5e8f\uff0c\u8bbf\u95ee\uff1a<code>http:\/\/localhost:8080\/userInfo\/userList<\/code> \u9875\u9762\uff0c\u7531\u4e8e\u6ca1\u6709\u767b\u5f55\u5c31\u4f1a\u8df3\u8f6c\u5230\uff1a<code>http:\/\/localhost:8080\/login<\/code> \u9875\u9762\u3002\u767b\u5f55\u4e4b\u540e\u5c31\u4f1a\u8df3\u8f6c\u5230 index \u9875\u9762\uff0c\u767b\u5f55\u540e\uff0c\u76f4\u63a5\u5728\u6d4f\u89c8\u5668\u4e2d\u8f93\u5165\uff1a<code>http:\/\/localhost:8080\/userInfo\/userList<\/code> \u8bbf\u95ee\u5c31\u4f1a\u770b\u5230\u7528\u6237\u4fe1\u606f\u3002\u4e0a\u9762\u8fd9\u4e9b\u64cd\u4f5c\u65f6\u5019\u89e6\u53d1<code>MyShiroRealm.doGetAuthenticationInfo()<\/code>\u8fd9\u4e2a\u65b9\u6cd5\uff0c\u4e5f\u5c31\u662f\u767b\u5f55\u8ba4\u8bc1\u7684\u65b9\u6cd5\u3002<\/p>\n<p>2\u3001\u767b\u5f55admin\u8d26\u6237\uff0c\u8bbf\u95ee\uff1a<code>http:\/\/127.0.0.1:8080\/userInfo\/userAdd<\/code> \u663e\u793a\u7528\u6237\u6dfb\u52a0\u754c\u9762\uff0c\u8bbf\u95ee<code>http:\/\/127.0.0.1:8080\/userInfo\/userDel<\/code> \u663e\u793a403\u6ca1\u6709\u6743\u9650\u3002\u4e0a\u9762\u8fd9\u4e9b\u64cd\u4f5c\u65f6\u5019\u89e6\u53d1<code>MyShiroRealm.doGetAuthorizationInfo()<\/code>\u8fd9\u4e2a\u65b9\u9762\uff0c\u4e5f\u5c31\u662f\u6743\u9650\u6821\u9a8c\u7684\u65b9\u6cd5\u3002<\/p>\n<p>3\u3001\u4fee\u6539admin\u4e0d\u540c\u7684\u6743\u9650\u8fdb\u884c\u6d4b\u8bd5<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Shiro\u7b80\u4ecb Apache Shiro\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u3001\u7075\u6d3b\u7684\uff0c\u5f00\u6e90\u7684\u5b89\u5168\u6846\u67b6\u3002\u5b83\u53ef\u4ee5\u5e72\u51c0\u5229\u843d\u5730\u5904\u7406\u8eab\u4efd\u9a8c\u8bc1\u3001 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41],"tags":[513],"class_list":["post-2031","post","type-post","status-publish","format-standard","hentry","category-spring-boot","tag-shiro"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/2031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=2031"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/2031\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=2031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=2031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=2031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}