SpringCloud+ sso+shiro+redis+cookie尝试单点登录shiro权限控制
最近在试着学习sso整合shiro , 可是一直解决不了一次性登录,所有服务都可以完成shiro的那种页面标签控制,最近想到了一个笨办法,试着用了下,结果成功了
办法:使用单点登录,每个服务需要进入时跳转到sso完成登录,在zuul反向代理回需要进入的服务,用户数据保留进redis ,cookie保留redis的key , 回到服务里面再进行shiro的认证(每个服务都已经单独部署了shiro) ,当需要授权的时候可以完成授权了,
很麻烦,希望有大佬帮我简化一下,留下你们的思路,以下是实现代码
每个服务都有个shiro 已经搞定,下面是自定义域
package com.xykj.shiro.realm;
import javax.annotation.Resource;
import org.apache.shiro.subject.Subject;
import com.xykj.service.StuService;
import eureka_entity.Stu;
import org.apache.shiro.SecurityUtils;
/**
* 自定义域
*/
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyShiroRealm extends AuthorizingRealm {
@Resource
public StuService peopleServiceM;
/**
* 执行授权逻辑
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
// TODO Auto-generated method stub
System.out.println("授权逻辑");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
Stu peoples = (Stu)subject.getPrincipal();
Stu peoples2 = new Stu();
try {
peoples2 = peopleServiceM.selectById(peoples.getStuid());
System.out.println("++++++++++++++++++++++++++++:"+peoples2.getStuid());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//添加资源的授权字符串
info.addStringPermission(peoples2.getStupwd()+"");
info.addRole(peoples2.getStupwd()+"");
return info;
}
/**
* 执行认证逻辑
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
// TODO Auto-generated method stub
UsernamePasswordToken token = (UsernamePasswordToken)arg0;
String pwd="";
Stu peoples = new Stu();
System.out.println("认证逻辑:名字"+token.getUsername()+"认证逻辑:密码"+String.valueOf(token.getPassword()));
try {
peoples = peopleServiceM.selectById(Long.parseLong(token.getUsername()));
System.out.println("shiro取得的对象:"+peoples);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if(peoples==null){
System.out.println("用户名不存在");
//用户名不存在
return new SimpleAuthenticationInfo(token,pwd,getName());
}else {
System.out.println(peoples.getStuid()+"密码"+peoples.getStupassword()+"权限"+peoples.getStupwd());
pwd= peoples.getStupassword()+"";
}
//2.判断密码
return new SimpleAuthenticationInfo(peoples,pwd,getName());
}
}
下面是config
package com.consumer.shiro.configuration;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import lombok.extern.log4j.Log4j2;
import com.consumer.shiro.realm.MyShiroRealm;
@Log4j2
@Configuration
public class ShiroConfiguration {
@Bean
public ShiroFilterFactoryBean shirFilter(@Qualifier("SecurityManager") SecurityManager securityManager) {
log.error("============ShiroConfiguration.java进入==============");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager((org.apache.shiro.mgt.SecurityManager) securityManager);
// 拦截器.
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/SpringCloudLogin/list", "authc");
filterChainDefinitionMap.put("/SpringCloudLogin/list", "perms[1]");
shiroFilterFactoryBean.setLoginUrl("/SpringCloudLogin/getlogin");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/SpringCloudLogin/list");
// 未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/Mygod");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean("SecurityManager")
public SecurityManager securityManager(@Qualifier("MyShiroRealm") MyShiroRealm myShiroRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
// 自定义域
@Bean("MyShiroRealm")
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
return myShiroRealm;
}
}
再来就是sso的controller代码
@Autowired
public StuService stuservices;
@Resource
@Qualifier("redis-cache") // 跟着名字调用到对应的方法
public IRedisService<String> redis;
@Value("${server.port}")
public String dkh;
String cookieCode = UUID.randomUUID().toString();
String getloginurl = null;
// 登录业务
@RequestMapping("/login")
public String logout(@RequestParam(required = true) String stuid, @RequestParam(required = true) String stupwd,
HttpServletRequest request, HttpServletResponse response, Model model) throws IOException {
UsernamePasswordToken token = new UsernamePasswordToken(stuid, stupwd);
try {
SecurityUtils.getSubject().login(token);
System.out.println("shiroLogin后" + getloginurl);
redis.put(cookieCode, stuid, 60 * 60);
System.out.println("cookieCode:" + cookieCode);
CookieUtils.setCookie(request, response, "cookieCode", cookieCode, 60 * 60);
System.out.println("cookie值:" + CookieUtils.getCookieValue(request, "cookieCode"));
model.addAttribute("entity", stuid);
if (!StringUtils.isEmpty(getloginurl)) {
System.out.println("进入URI判断");
return "redirect:" + getloginurl;
}
return "list";
} catch (IncorrectCredentialsException ex) {
System.out.println(ex);
model.addAttribute("entity", "登录失败,账号密码错误!!");
}
return "login";
}
// 跳转登录业务
@RequestMapping("/getlogin")
public String getlogin(HttpServletRequest request, HttpServletResponse response,
@RequestParam(required = false) String url, Model model) throws IOException {
log.info("传递到的URL:" + url);
getloginurl = url;
String token = CookieUtils.getCookieValue(request, "cookieCode");
log.info("传递到的cookie:" + token);
if (!StringUtils.isEmpty(token)) {
String loginCode = redis.get(token);
if (!StringUtils.isEmpty(loginCode)) {
Stu stu = stuservices.selectById(Long.parseLong(loginCode));
if (stu != null) {
if (!StringUtils.isEmpty(url)) {
model.addAttribute("stu", stu);
log.info("成功获取到stu:" + stu);
return "redirect:" + url;
}
return "list";
}else {
return "Mygod";
}
}
}
Subject subject = SecurityUtils.getSubject();
if (subject != null) {
try {
subject.logout();// 关闭
} catch (Exception ex) {
ex.printStackTrace();
}
}
return "login";
}
页面发一下吧,虽然很垃圾哈哈哈
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
<head>
<meta charset="UTF-8">
<title>权限测试</title>
</head>
<body>
<h2>欢迎 <span th:text="${stu.getStuname()}"></span> 来到我们的测试权限主页!!</h2>
<div shiro:hasAnyRoles="8,9"><a href="javascript:;" id="shouhuo">售货单管理</a></div>
<shiro:authenticated>宗教情怀与国家情怀——在福建佛学院新学期开学式上的开示</shiro:authenticated>
<p shiro:hasRoles="3">
标签https://www.cnblogs.com/qlqwjy/p/7257616.html
https://www.cnblogs.com/jifeng/p/4500410.html
可以去看看
</p>
</body>
</html>
完成页面
可以实现页面的控制显示隐藏
有术无道,望大佬多批评