howieyuan / shiro-springboot Goto Github PK
View Code? Open in Web Editor NEWshiro 框架的构建以及与 JWT 的整合
shiro-springboot's People
Contributors
Stargazers
Watchers
Forkers
hbally fubjie zjblog fwayne ye13jian kraznich 20158711 andy521 likeapple bpli hztangsheng a598328656 myhgc lidk beppezhang samson886 frankie-todd eacdy whlshot redsma feiniaoying liuchenyang01234 xunxun0532 xiaor186 roger-jie ccbobe weir2010 waffcloud cybertechs huangjianven gougou1993 celleychen ycab 18130602229 hongboyang1119 reed228 ybyao07 jieziz arvinzhao coderaodong neuliuxiaoxiao hi-jing mashuangwei xygyu jerry-goodboy aaavector tonkuns cnzyljh allenz92 yanligang hsj-xiaokang skyformat99 long729564606 foryxs merlinfenrir jiangwenpeng zhucxi josephusmao tonylit mistxzh kangyangyang520 fogmeng 490205395 wangfwhu llf1838 hlc35315153 qishu19890228 shisanchanggong toread-jxj processisanswer zhanuuuuu etouchs learn-knowlege winmin86 sunqizheng1993 scottleef dontbelieve xiaofengjingbo imaginex yuhaibin kevinzgx fengyajing lingluoyi youngzhe huxiaofeng1995 czq-woodpecker zhoujwming qiuguoqiang guanghuichen bixiadebi hongbug lxc66 jinchao8060 park96323 stepbackshot xuelangpeng evezyw javacodemood xsharh 136700719shiro-springboot's Issues
hashmap是不对的.
new LinkedHashMap<>()代码赘余
老哥,
JWTFilter.java中的这段:
/**
* 对跨域提供支持
*/
@OverRide
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
// 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态
if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
httpServletResponse.setStatus(HttpStatus.OK.value());
return false;
}
return super.preHandle(request, response);
}
对跨域的支持已经淘汰了,直接@crossorigin解决一切问题!
大佬,realm报错:does not support authentication token
realm代码:`package com.shiloh.common.shiro;
import com.shiloh.common.util.JwtUtils;
import com.shiloh.dao.PermissionDao;
import com.shiloh.dao.UserDao;
import com.shiloh.entity.Permission;
import com.shiloh.entity.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
-
@author shiloh
-
@Date Created in 2019/8/28 16:29
-
@description 自定义realm
-
@Modified By:
*/
@component("myShiroRealm")
public class MyShiroRealm extends AuthorizingRealm {
@Autowired
private UserDao userDao;
@Autowired
private PermissionDao permissionDao;/**
- 不重写这个方法会报错
- 判断token是否是系统支持的类型
- @param token
- @return
*/
@OverRide
public boolean supports(AuthenticationToken token) {
return token instanceof JwtToken;
}
/**
- 获取授权信息
- 只有当需要检测用户权限的时候才会调用此方法,例如checkRole,checkPermission之类的
- @param principalCollection
- @return
*/
@OverRide
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("--权限认证--");
String userName = JwtUtils.getUserName(principalCollection.toString());
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// 获取当前用户信息
User user = userDao.findByUserName(userName);
//需要将用户拥有的角色, 以及角色对于的权限信息封装到 Set 作为 info.setRoles(), info.setStringPermissions() 的参数
Set roleSet = new HashSet<>();
Set permissionSet = new HashSet<>();
List permissionList = permissionDao.findAll();
user.getRoles().forEach(role -> {
roleSet.add(role.getRoleName());
// 获取角色对应的权限信息
Set permissions = role.getPermissions();
permissions.forEach(permission -> {
permissionSet.add(permission.getPerName());
});
// 每个用户可以设置新的权限
permissionList.forEach(permission -> {
if (role.getId().equals(permission.getId())) {
permissionSet.add(permission.getPerName());
}
});
});
// //设置该用户拥有的角色和权限
info.setRoles(roleSet);
info.setStringPermissions(permissionSet);
return info;
}
/**
- 获取身份验证信息
- Shiro中,最终是通过 Realm 来获取应用程序中的用户、角色及权限信息的。
- 默认使用此方法进行用户名正确与否验证,错误抛出异常即可。
- @param authenticationToken 用户身份信息 token
- @return 返回封装了用户信息的 AuthenticationInfo 实例
*/
@OverRide
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("--身份认证方法--");
//UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String token = (String) authenticationToken.getCredentials();
System.out.println("token = " + token);
// 解密获得username,用于和数据库进行对比
String userName = JwtUtils.getUserName(token);
System.out.println("userName = " + userName);
if (userName == null || !JwtUtils.verifyToken(token, userName)) {
throw new AuthenticationException("token认证失败!");
}
// 获取用户信息
User user = userDao.findByUserName(userName);
System.out.println("user = " + user);
if (user.getPassword() == null) {
throw new AccountException("用户名不正确!");
} else if ("0".equals(user.getState())) {
throw new AuthenticationException("该用户的账号已被禁用!");
}
return new SimpleAuthenticationInfo(user, token, getName());
}
}
`
token 过期时间会自动刷新吗?
您好,我看了下您的代码token过期时间是24小时,请问如果我在这个过期时间段内访问了你的接口,token过期时间都不会和session过期时间一样往后顺延吗?只要与token创建时间相隔24小时就肯定过期吗?
事务失效
发现 ShiroConfig 这个系统配置会引起 spring 的 @transactional 声明式事务失效 。 多次测试 但是没找到具体原因
大神请问,登出是如何实现的
登出的话是不是要让当前这个token失效呢?
兄嘚,有没有数据库的sql
关于自定义角色维护
如果自定义了角色。权限,这个怎么维护?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.