前言

完整的源代碼已經(jīng)上傳到 CodeChina平臺(tái)上，文末有倉(cāng)庫(kù)鏈接🤭

技術(shù)棧 前端

html Thymleaf Jquery

后端

SpringBootShiroRedisMybatis-Plus

需求分析

有 1 和 2 用戶，用戶名和密碼也分別為 1 和 2 ，1 用戶有增加和刪除的權(quán)限，2用戶有更新的權(quán)限，登錄的時(shí)候需要驗(yàn)證碼并且需要緩存用戶的角色和權(quán)限，用戶登出的時(shí)候需要將緩存的認(rèn)證和授權(quán)信息刪除。

數(shù)據(jù)庫(kù)E-R圖設(shè)計(jì)

其實(shí)就是傳統(tǒng)的 RBAC 模型，不加外鍵的原因是因?yàn)樵黾油怄I會(huì)造成數(shù)據(jù)庫(kù)壓力。

數(shù)據(jù)庫(kù)腳本

/* Navicat Premium Data Transfer Source Server : localhost Source Server Type : MySQL Source Server Version : 80021 Source Host : localhost:3306 Source Schema : spring-security Target Server Type : MySQL Target Server Version : 80021 File Encoding : 65001 Date: 23/04/2021 18:18:01*/create database if not exists `spring-security` charset=utf8mb4;use `spring-security`;SET NAMES utf8mb4;SET FOREIGN_KEY_CHECKS = 0;-- ------------------------------ Table structure for permission-- ----------------------------DROP TABLE IF EXISTS `permission`;CREATE TABLE `permission` ( `permissionid` int NOT NULL AUTO_INCREMENT, `url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, `perm` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, PRIMARY KEY (`permissionid`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;-- ------------------------------ Records of permission-- ----------------------------INSERT INTO `permission` VALUES (1, ’/toUserAdd’, ’user:add’);INSERT INTO `permission` VALUES (2, ’/toUserUpdate’, ’user:update’);INSERT INTO `permission` VALUES (3, ’/toUserDelete’, ’user:delete’);-- ------------------------------ Table structure for role-- ----------------------------DROP TABLE IF EXISTS `role`;CREATE TABLE `role` ( `roleid` int NOT NULL AUTO_INCREMENT, `role` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, PRIMARY KEY (`roleid`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;-- ------------------------------ Records of role-- ----------------------------INSERT INTO `role` VALUES (1, ’student’);INSERT INTO `role` VALUES (2, ’parent’);INSERT INTO `role` VALUES (3, ’teacher’);-- ------------------------------ Table structure for role_permission-- ----------------------------DROP TABLE IF EXISTS `role_permission`;CREATE TABLE `role_permission` ( `permissionid` int NOT NULL, `roleid` int NOT NULL, PRIMARY KEY (`permissionid`, `roleid`) USING BTREE) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;-- ------------------------------ Records of role_permission-- ----------------------------INSERT INTO `role_permission` VALUES (1, 1);INSERT INTO `role_permission` VALUES (2, 2);INSERT INTO `role_permission` VALUES (3, 3);-- ------------------------------ Table structure for user-- ----------------------------DROP TABLE IF EXISTS `user`;CREATE TABLE `user` ( `userid` int NOT NULL AUTO_INCREMENT, `username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, `salt` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, `status` int NULL DEFAULT 1, PRIMARY KEY (`userid`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;-- ------------------------------ Records of user-- ----------------------------INSERT INTO `user` VALUES (1, ’1’, ’a0c68c64557599483e99630ce4d2f30e’, ’ainjee’, 1);INSERT INTO `user` VALUES (2, ’2’, ’78fc06a914bcf261ed749952b0c9f67b’, ’eeiain’, 1);-- ------------------------------ Table structure for user_role-- ----------------------------DROP TABLE IF EXISTS `user_role`;CREATE TABLE `user_role` ( `userid` int NOT NULL, `roleid` int NOT NULL, PRIMARY KEY (`userid`, `roleid`) USING BTREE) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;-- ------------------------------ Records of user_role-- ----------------------------INSERT INTO `user_role` VALUES (1, 1);INSERT INTO `user_role` VALUES (1, 3);INSERT INTO `user_role` VALUES (2, 2);SET FOREIGN_KEY_CHECKS = 1;

Shiro 與 Redis 整合學(xué)習(xí)總結(jié)

整合SpringBoot與Shiro與Redis，這里貼出整個(gè) pom.xml 文件源碼，可以直接復(fù)制

<?xml version='1.0' encoding='UTF-8'?><project xmlns='http://maven.apache.org/POM/4.0.0' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd'> <modelVersion>4.0.0</modelVersion> <groupId>com.jmu</groupId> <artifactId>shiro_demo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>shiro_demo</name> <description>Demo project for Spring Boot</description> <properties><java.version>1.8</java.version><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding><spring-boot.version>2.3.7.RELEASE</spring-boot.version> </properties> <dependencies><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-redis</artifactId> <version>2.3.7.RELEASE</version></dependency><dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-generator</artifactId> <version>3.4.0</version></dependency><dependency> <groupId>org.apache.velocity</groupId> <artifactId>velocity-engine-core</artifactId> <version>2.3</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.1</version></dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId></dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId></dependency><dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-boot-starter</artifactId> <version>3.4.0</version></dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <scope>runtime</scope> <optional>true</optional></dependency><dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope></dependency><dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional></dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions><exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId></exclusion> </exclusions></dependency><dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.7.1</version></dependency> </dependencies> <dependencyManagement><dependencies> <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>${spring-boot.version}</version><type>pom</type><scope>import</scope> </dependency></dependencies> </dependencyManagement> <build><plugins> <plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.8.1</version><configuration> <source>1.8</source> <target>1.8</target> <encoding>UTF-8</encoding></configuration> </plugin> <plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><version>2.3.7.RELEASE</version><configuration> <mainClass>com.jmu.shiro_demo.ShiroDemoApplication</mainClass></configuration><executions> <execution><id>repackage</id><goals> <goal>repackage</goal></goals> </execution></executions> </plugin></plugins><!-- 資源目錄 --><resources> <resource><!-- 設(shè)定主資源目錄 --><directory>src/main/java</directory><!-- maven default生命周期，process-resources階段執(zhí)行maven-resources-plugin插件的resources目標(biāo)處理主資源目下的資源文件時(shí)，只處理如下配置中包含的資源類型 --><includes> <include>**/*.xml</include></includes><!-- maven default生命周期，process-resources階段執(zhí)行maven-resources-plugin插件的resources目標(biāo)處理主資源目下的資源文件時(shí)，是否對(duì)主資源目錄開啟資源過(guò)濾 --><filtering>true</filtering> </resource></resources> </build></project>

2.自定義 Realm 繼承 AuthorizingRealm 實(shí)現(xiàn) 認(rèn)證和授權(quán)兩個(gè)方法

package com.jmu.shiro_demo.shiro;import com.jmu.shiro_demo.entity.Permission;import com.jmu.shiro_demo.entity.Role;import com.jmu.shiro_demo.entity.User;import com.jmu.shiro_demo.service.UserService;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.util.ObjectUtils;import java.util.List;public class UserRealm extends AuthorizingRealm { @Autowired private UserService userService; //授權(quán) @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();String username = (String) SecurityUtils.getSubject().getPrincipal();User user = userService.getUserByUserName(username);//1.動(dòng)態(tài)分配角色List<Role> roles = userService.getUserRoleByUserId(user.getUserid());roles.stream().forEach(role -> {authorizationInfo.addRole(role.getRole());});//2.動(dòng)態(tài)授權(quán)List<Permission> perms = userService.getUserPermissionsByUserId(user.getUserid());perms.stream().forEach(permission -> {authorizationInfo.addStringPermission(permission.getPerm());});return authorizationInfo; } //認(rèn)證 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {//1.獲取用戶名UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;String username = token.getUsername();User user = userService.getUserByUserName(username);if(ObjectUtils.isEmpty(user)) { return null;}return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(), new MyByteSource(user.getSalt()),this.getName()); }}

3.編寫 ShiroConfig 配置核心是配置 ShiroFilterFactoryBean，DefaultSecurityManager，UserRealm(這里的Realm是自定義的)，ShiroDialect 是整合 shiro與thymleaf在前端使用 shiro 的標(biāo)簽的拓展包,來(lái)源于 github 的開源項(xiàng)目。

依次關(guān)系為ShiroFilterFactoryBean 中 set DefaultSecurityManager，DefaultSecurityManager 中 set UserRealm，UserRealm 中 set CacheManager 和 加密的算法CacheManager 可以為 EhCacheManager 也可以為 RedisCacheManager，此項(xiàng)目整合 redis 的 緩存管理器

package com.jmu.shiro_demo.shiro;import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;import com.jmu.shiro_demo.entity.Permission;import com.jmu.shiro_demo.service.PermissionService;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.cache.ehcache.EhCacheManager;import org.apache.shiro.mgt.DefaultSecurityManager;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import java.util.LinkedHashMap;import java.util.List;import java.util.Map;@Configurationpublic class ShiroConfig { @Autowired private PermissionService permissionService; //1.配置ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier('securityManager') DefaultSecurityManager securityManager){ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();// 設(shè)置安全管理器shiroFilterFactoryBean.setSecurityManager(securityManager);/** 設(shè)置Shiro 內(nèi)置過(guò)濾器 * anon: 無(wú)需認(rèn)證（登陸）可以訪問(wèn) * authc: 必須認(rèn)證才可以訪問(wèn) * user: 如果使用 rememberMe 的功能可以直接訪問(wèn) * perms: 該資源必須得到資源權(quán)限才可以訪問(wèn) * role: 該資源必須得到角色權(quán)限才可以訪問(wèn)*/Map<String ,String> filterMap = new LinkedHashMap<String ,String>();//配置頁(yè)面請(qǐng)求攔截filterMap.put('/index','anon');filterMap.put('/login','anon');filterMap.put('/getAuthCode','anon');//配置動(dòng)態(tài)授權(quán)List<Permission> perms = permissionService.list();for (Permission permission : perms) { filterMap.put(permission.getUrl(),'perms['+permission.getPerm()+']');}filterMap.put('/*','authc');shiroFilterFactoryBean.setLoginUrl('/toLogin');shiroFilterFactoryBean.setUnauthorizedUrl('/unauthorized');shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);return shiroFilterFactoryBean; } //2.配置DefaultSecurityManager @Bean(name = 'securityManager') public DefaultSecurityManager defaultSecurityManager(@Qualifier('userRealm') UserRealm userRealm){DefaultSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();defaultSecurityManager.setRealm(userRealm);return defaultSecurityManager; } //3.配置Realm @Bean(name = 'userRealm') public UserRealm getRealm() {//1. 創(chuàng)建自定義的 userRealm 對(duì)象UserRealm userRealm = new UserRealm();//2. 設(shè)置 userRealm 的 CredentialsMatcher密碼校驗(yàn)器HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();//2.1 設(shè)置加密算法matcher.setHashAlgorithmName('MD5');//2.2 設(shè)置散列次數(shù)matcher.setHashIterations(6);userRealm.setCredentialsMatcher(matcher);userRealm.setCacheManager(new RedisCacheManager());userRealm.setAuthenticationCachingEnabled(true); //認(rèn)證userRealm.setAuthenticationCacheName('authenticationCache');userRealm.setAuthorizationCachingEnabled(true); //授權(quán)userRealm.setAuthorizationCacheName('authorizationCache');return userRealm; } //4.配置Thymleaf的Shiro擴(kuò)展標(biāo)簽 @Bean public ShiroDialect getShiroDialect() {return new ShiroDialect(); }}

4.定義Shiro 加鹽的類

package com.jmu.shiro_demo.shiro;import org.apache.shiro.codec.Base64;import org.apache.shiro.codec.CodecSupport;import org.apache.shiro.codec.Hex;import org.apache.shiro.util.ByteSource;import java.io.File;import java.io.InputStream;import java.io.Serializable;import java.util.Arrays;/** * 解決： * shiro 使用緩存時(shí)出現(xiàn)：java.io.NotSerializableException: * org.apache.shiro.util.SimpleByteSource * 序列化后，無(wú)法反序列化的問(wèn)題 */public class MyByteSource implements ByteSource, Serializable { private static final long serialVersionUID = 1L; private byte[] bytes; private String cachedHex; private String cachedBase64; public MyByteSource(){ } public MyByteSource(byte[] bytes) {this.bytes = bytes; } public MyByteSource(char[] chars) {this.bytes = CodecSupport.toBytes(chars); } public MyByteSource(String string) {this.bytes = CodecSupport.toBytes(string); } public MyByteSource(ByteSource source) {this.bytes = source.getBytes(); } public MyByteSource(File file) {this.bytes = (new MyByteSource.BytesHelper()).getBytes(file); } public MyByteSource(InputStream stream) {this.bytes = (new MyByteSource.BytesHelper()).getBytes(stream); } public static boolean isCompatible(Object o) {return o instanceof byte[] || o instanceof char[] || o instanceof String || o instanceof ByteSource || o instanceof File || o instanceof InputStream; } public void setBytes(byte[] bytes) {this.bytes = bytes; } @Override public byte[] getBytes() {return this.bytes; } @Override public String toHex() {if(this.cachedHex == null) { this.cachedHex = Hex.encodeToString(this.getBytes());}return this.cachedHex; } @Override public String toBase64() {if(this.cachedBase64 == null) { this.cachedBase64 = Base64.encodeToString(this.getBytes());}return this.cachedBase64; } @Override public boolean isEmpty() {return this.bytes == null || this.bytes.length == 0; } @Override public String toString() {return this.toBase64(); } @Override public int hashCode() {return this.bytes != null && this.bytes.length != 0? Arrays.hashCode(this.bytes):0; } @Override public boolean equals(Object o) {if(o == this) { return true;} else if(o instanceof ByteSource) { ByteSource bs = (ByteSource)o; return Arrays.equals(this.getBytes(), bs.getBytes());} else { return false;} } private static final class BytesHelper extends CodecSupport {private BytesHelper() {}public byte[] getBytes(File file) { return this.toBytes(file);}public byte[] getBytes(InputStream stream) { return this.toBytes(stream);} }}

5.定義 RedisCacheManager

package com.jmu.shiro_demo.shiro;import org.apache.shiro.cache.Cache;import org.apache.shiro.cache.CacheException;import org.apache.shiro.cache.CacheManager;public class RedisCacheManager implements CacheManager { //參數(shù)1 ：認(rèn)證或者是授權(quán)緩存的統(tǒng)一名稱 @Override public <K, V> Cache<K, V> getCache(String cacheName) throws CacheException {System.out.println(cacheName);return new RedisCache<K,V>(cacheName); }}

6.定義 RedisCache

package com.jmu.shiro_demo.shiro;import com.jmu.shiro_demo.utils.ApplicationContextUtil;import lombok.extern.slf4j.Slf4j;import org.apache.shiro.cache.Cache;import org.apache.shiro.cache.CacheException;import org.springframework.data.redis.core.RedisTemplate;import org.springframework.data.redis.serializer.StringRedisSerializer;import java.util.Collection;import java.util.Set;@Slf4jpublic class RedisCache<k,v> implements Cache<k,v> { private String cacheName; public RedisCache() { } public RedisCache(String cacheName) {this.cacheName = cacheName; } @Override public v get(k k) throws CacheException {System.out.println('get key:' + k);return (v) getRedisTemplate().opsForHash().get(this.cacheName,k.toString()); } @Override public v put(k k, v v) throws CacheException {System.out.println('put key: ' + k);System.out.println('put value: ' + v);getRedisTemplate().opsForHash().put(this.cacheName,k.toString(),v);return v; } @Override public v remove(k k) throws CacheException {log.info('remove k:' + k.toString());return (v) getRedisTemplate().opsForHash().delete(this.cacheName,k.toString()); } @Override public void clear() throws CacheException {log.info('clear');getRedisTemplate().delete(this.cacheName); } @Override public int size() {return getRedisTemplate().opsForHash().size(this.cacheName).intValue(); } @Override public Set<k> keys() {return getRedisTemplate().opsForHash().keys(this.cacheName); } @Override public Collection<v> values() {return getRedisTemplate().opsForHash().values(this.cacheName); } public RedisTemplate getRedisTemplate() {RedisTemplate redisTemplate = (RedisTemplate) ApplicationContextUtil.getBeanByBeanName('redisTemplate');redisTemplate.setKeySerializer(new StringRedisSerializer());redisTemplate.setHashKeySerializer(new StringRedisSerializer());return redisTemplate; }}核心Mapper文件

1.UserMapper.xml

<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE mapper PUBLIC '-//mybatis.org//DTD Mapper 3.0//EN' 'http://mybatis.org/dtd/mybatis-3-mapper.dtd'><mapper namespace='com.jmu.shiro_demo.mapper.UserMapper'><!--這是 連接 5 張表的sql語(yǔ)句，根據(jù)用戶ID獲取到該用戶所擁有的權(quán)限，在這里寫出來(lái)，但是不使用，因?yàn)樾什桓?-> <select parameterType='int' resultType='permission'>select url,perm from user,user_role,role,role_permission,permissionwhere user.userid = user_role.userid and user_role.roleid = role.roleid and role.roleid = role_permission.roleid and role_permission.permissionid = permission.permissionid and user.userid=#{userid}; </select> <!--查出一個(gè)用戶所擁有的全部角色--> <select parameterType='int' resultType='role'>select role.roleid,role from user,user_role,rolewhere user.userid = user_role.userid and user_role.roleid = role.roleid and user.userid = #{userId}; </select></mapper>

2.RoleMapper.xml

<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE mapper PUBLIC '-//mybatis.org//DTD Mapper 3.0//EN' 'http://mybatis.org/dtd/mybatis-3-mapper.dtd'><mapper namespace='com.jmu.shiro_demo.mapper.RoleMapper'> <!--查出一個(gè)角色所擁有的全部權(quán)限--> <select parameterType='int' resultType='permission'>select url,perm from role,role_permission,permissionwhere role.roleid = role_permission.roleid and role_permission.permissionid = permission.permissionid and role.roleid = #{roleId}; </select></mapper>

項(xiàng)目完整代碼(CodeChina平臺(tái))

shiro_demo

項(xiàng)目運(yùn)行

踩過(guò)的坑歸納 Redis 反序列化的時(shí)候報(bào)錯(cuò) no valid constructor; 解決：MyByteSource 加鹽類實(shí)現(xiàn)的時(shí)候需要實(shí)現(xiàn)ByteSource接口，然后提供無(wú)參構(gòu)造方法 用戶退出的時(shí)候Redis中認(rèn)證信息的緩存沒(méi)有刪除干凈 解決：UserRealm 的認(rèn)證方法返回的第一個(gè)參數(shù)不要用 User實(shí)體對(duì)象，而是用 User 的 getUsername() 返回唯一標(biāo)識(shí)用戶的用戶名，其他有用到 Principal 的時(shí)候獲得到的都是 這個(gè) username。