<>();//filterMap.put("/test/**", "anon");配置不会被拦截的链接 顺序判断filterMap.put("/**", "jwt");definition.addPathDefinitions(filterMap);return definition;}@Bean("shiroFilterFactoryBean")public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager,ShiroFilterChainDefinition shiroFilterChainDefinition) {ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();shiroFilter.setSecurityManager(securityManager);// 添加自己的过滤器并且取名为jwtMap filters = new HashMap<>();filters.put("jwt",jwtFilter);shiroFilter.setFilters(filters);Map filterMap = shiroFilterChainDefinition.getFilterChainMap();shiroFilter.setFilterChainDefinitionMap(filterMap);return shiroFilter;}}AccountRealm 验证JWTAccountRealm是shiro进行登录或者权限校验的逻辑所在 ， 算是核心了 ， 我们需要重写3个方法 ， 分别是

• supports：为了让realm支持jwt的凭证校验
• doGetAuthorizationInfo：权限校验
• doGetAuthenticationInfo：登录认证校验

@Componentpublic class AccountReaIm extends AuthorizingRealm {@AutowiredJwtUtils jwtUtils;@AutowiredTestService service;@Overridepublic boolean supports(AuthenticationToken token) {return token instanceof JwtToken;}@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {JwtToken jwtToken = (JwtToken) authenticationToken;String userid = jwtUtils.getClaimByToken((String) jwtToken.getPrincipal()).getSubject();Test test=service.selectByPrimaryKey( Integer.parseInt(userid));if (test == null) {throw new UnknownAccountException("账户不存在");}login profile = new login();BeanUtil.copyProperties(test, profile);return new SimpleAuthenticationInfo(profile, jwtToken.getCredentials(), getName());}}LoginReaIm 验证登录与上面的区别验证的Token不一样
@Log4j2@Componentpublic class LoginReaIm extends AuthorizingRealm {@AutowiredTestService service;@AutowiredJwtUtils jwtUtils;/*** 必须重写此方法 ， 不然Shiro会报错*/@Overridepublic boolean supports(AuthenticationToken token) {return token instanceofUsernamePasswordToken;}@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}/***shiro 身份验证* @param token* @return* @throws AuthenticationException*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String userId = token.getPrincipal().toString();Test test=service.selectByPrimaryKey( Integer.parseInt(userId));if (test == null) {throw new UnknownAccountException("账户不存在");}login profile = new login();BeanUtil.copyProperties(test, profile);return new SimpleAuthenticationInfo(profile,test.getName(), getName());}}JwtToken
/** * 我们需要重写AuthenticationToken接口 此接口的作用 * AuthenticationToken: shiro中负责把username,password生成用于验证的token的封装类 * 自定义一个对象用来封装token */public class JwtTokenimplements AuthenticationToken {private String token;publicJwtToken (String token){this.token=token;}@Overridepublic Object getPrincipal() {return token;}@Overridepublic Object getCredentials() {return token;}}

• 上一页
• 1
• 2
• 3
• 4
• 下一页

• 文件系统(02)：基于SpringBoot管理Xml和CSV
• SpringBoot2.x入门到项目实战课程系列（第二章）
• SpringBoot集成Mybatis
• 大牛深入解析SpringBoot核心运行原理和运作原理源码
• SpringBoot写后端接口，看这一篇就够了
• SpringBoot2.x入门到项目实战课程系列（第五章）
• 不做CRUD的我开源了Springboot API一键生成器
• 10k+点赞的SpringBoot系统竟出了详细教程！爱了
• SpringBoot运行流程源码分析：run方法流程及监听器
• 连锁美业+互联网，四种可以资源整合又能拆分运营的变现法则