SpringBoot整合JWT+Shiro( 二 )
<>();//filterMap.put("/test/**", "anon");配置不会被拦截的链接 顺序判断filterMap.put("/**", "jwt");definition.addPathDefinitions(filterMap);return definition;}@Bean("shiroFilterFactoryBean")public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager,ShiroFilterChainDefinition shiroFilterChainDefinition) {ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();shiroFilter.setSecurityManager(securityManager);// 添加自己的过滤器并且取名为jwtMap filters = new HashMap<>();filters.put("jwt",jwtFilter);shiroFilter.setFilters(filters);Map filterMap = shiroFilterChainDefinition.getFilterChainMap();shiroFilter.setFilterChainDefinitionMap(filterMap);return shiroFilter;}}AccountRealm 验证JWTAccountRealm是shiro进行登录或者权限校验的逻辑所在 , 算是核心了 , 我们需要重写3个方法 , 分别是
- supports:为了让realm支持jwt的凭证校验
- doGetAuthorizationInfo:权限校验
- doGetAuthenticationInfo:登录认证校验
@Componentpublic class AccountReaIm extends AuthorizingRealm {@AutowiredJwtUtils jwtUtils;@AutowiredTestService service;@Overridepublic boolean supports(AuthenticationToken token) {return token instanceof JwtToken;}@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {JwtToken jwtToken = (JwtToken) authenticationToken;String userid = jwtUtils.getClaimByToken((String) jwtToken.getPrincipal()).getSubject();Test test=service.selectByPrimaryKey( Integer.parseInt(userid));if (test == null) {throw new UnknownAccountException("账户不存在");}login profile = new login();BeanUtil.copyProperties(test, profile);return new SimpleAuthenticationInfo(profile, jwtToken.getCredentials(), getName());}}LoginReaIm 验证登录与上面的区别验证的Token不一样@Log4j2@Componentpublic class LoginReaIm extends AuthorizingRealm {@AutowiredTestService service;@AutowiredJwtUtils jwtUtils;/*** 必须重写此方法 , 不然Shiro会报错*/@Overridepublic boolean supports(AuthenticationToken token) {return token instanceofUsernamePasswordToken;}@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}/***shiro 身份验证* @param token* @return* @throws AuthenticationException*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String userId = token.getPrincipal().toString();Test test=service.selectByPrimaryKey( Integer.parseInt(userId));if (test == null) {throw new UnknownAccountException("账户不存在");}login profile = new login();BeanUtil.copyProperties(test, profile);return new SimpleAuthenticationInfo(profile,test.getName(), getName());}}JwtToken/** * 我们需要重写AuthenticationToken接口 此接口的作用 * AuthenticationToken: shiro中负责把username,password生成用于验证的token的封装类 * 自定义一个对象用来封装token */public class JwtTokenimplements AuthenticationToken {private String token;publicJwtToken (String token){this.token=token;}@Overridepublic Object getPrincipal() {return token;}@Overridepublic Object getCredentials() {return token;}}
推荐阅读
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 人脸识别设备主板如何选型 软硬整合大幅缩短开发时间
- 三星公布2021年款电视阵容:屏幕技术大升级 整合Google Duo等服务
- 整合零代码+AI+云原生技术,「速优云」布局智慧教培和智慧社区
- 整合K12业务 在线教育企业跟谁学升级旗下高途课堂
- 全力推进手机×AIoT战略 小米宣布整合成立三大部门:直接向雷军汇报
- SpringBoot常用注解
- 阿里爆款SpringBoot项目实战PDF+源码+视频分享
- 微软已经完成将Pinterest整合到Edge收藏夹的工作
- 微软Reunion首个0.1.0预览版发布 整合统一Win32和UWP API
- 全网最深分析:SpringBoot MVC自动配置失效的原因
![砂锅菜的做法大全[做法大全]窍门,食材_砂锅菜谱砂锅做法大全窍门-](http://img.jiangsulong.com/220703/1U154EG-0-lp.jpg)
