xtiawxf 2019-04-25
使用EhCache同时缓存数据库数据及其它需要缓存的数据和shrio共享(shiro主要用于会话的存储和持久化),集成整合步骤如下:
一:集成EhCache
<1>、在pom.xml文件中添加以下依赖。
<!-- 开启 cache 缓存 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-cache</artifactId> </dependency> <!-- ehcache 缓存 --> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache</artifactId> </dependency>
<2>、添加配置文件 ehcache.xml,放在resources下,内容如下。
<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd" updateCheck="false"> <defaultCache eternal="false" maxElementsInMemory="1000" overflowToDisk="false" diskPersistent="false" timeToIdleSeconds="0" timeToLiveSeconds="600" memoryStoreEvictionPolicy="LRU" /> <cache name="permissionCache" eternal="false" maxElementsInMemory="100" overflowToDisk="false" diskPersistent="false" timeToIdleSeconds="0" timeToLiveSeconds="300" memoryStoreEvictionPolicy="LRU" /> </ehcache>
<3>、在启动类加上启用缓存注解@EnableCaching。
<4>、经过上述步骤后,就可以使用缓存注解@Cacheable,@CachePut等。
二:集成Shiro并使用EhCache缓存
<1> 、在pom.xml文件中添加以下依赖。
<!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro-spring.version}</version> </dependency> <!-- shiro ehcache --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro-ehcache.version}</version> </dependency>
<2>、编写Shiro的Realm验证,参考代码如下。
public class ShiroRealm extends AuthorizingRealm { private Logger logger = LoggerFactory.getLogger(this.getClass()); @Resource private IUserService iUserService; @Resource private ILoginLogService iloginLogService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { logger.info("权限配置----->ShiroRealm.doGetAuthorizationInfo()" ); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); UserInfo userInfo = (UserInfo) principals.getPrimaryPrincipal(); authorizationInfo.addRole(userInfo.getRoleInfo().getRoleCode()); for (Permission p : userInfo.getRoleInfo().getPermissions()) { authorizationInfo.addStringPermission(p.getPermissionCode()); } //授权成功添加登录日志 addLoginLog(userInfo); return authorizationInfo; } /*主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确*/ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { logger.info("ShiroRealm.doGetAuthenticationInfo()" ); //获取用户的输入的账号. String username = (String) token.getPrincipal(); //通过username从数据库中查找 User对象,如果找到,没找到. //实际项目中,这里可以根据实际情况做缓存,如果不做,Shiro自己也是有时间间隔机制,2分钟内不会重复执行该方法 UserInfo userInfo = iUserService.findUserInfo(username); logger.info("----->userInfo=" + userInfo); if (userInfo == null) { throw new AccountException(); } else if (userInfo.getState() == 0) { throw new DisabledAccountException(); } else if (userInfo.getState() == 2) { throw new LockedAccountException(); } //保存登录用户ID Session session = SecurityUtils.getSubject().getSession(); session.setAttribute(Constant.LOGIN_USER_ID, userInfo.getId()); SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( userInfo, //用户信息 userInfo.getPassWord(), //密码 ByteSource.Util.bytes(userInfo.getCredentialsSalt()),//salt=username+salt getName() //realm name ); return authenticationInfo; } private void addLoginLog(UserInfo userInfo) { LoginLog loginLog = new LoginLog(); loginLog.setUserId(userInfo.getId()); loginLog.setUserName(userInfo.getUserName()); loginLog.setIpAddress(SecurityUtils.getSubject().getSession().getAttribute(Constant.LOGIN_IP_ADDRESS).toString()); loginLog.setGeographyLocation(AddressUtils.getAddressByIp(loginLog.getIpAddress())); iloginLogService.insert(loginLog); } }
<3>、添加Shiro的配置类,参考代码如下。
@Configuration public class ShiroConfig { private Logger logger = LoggerFactory.getLogger(this.getClass()); @Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { logger.info("ShiroConfiguration.shirFilter()" ); ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); //获取filters Map<String, Filter> filters = shiroFilterFactoryBean.getFilters(); //将自定义的FormAuthenticationFilter注入shiroFilter中(验证码校验) filters.put("authc" , new CustomFormAuthenticationFilter()); //拦截器. Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); // 配置不会被拦截的链接 顺序判断 filterChainDefinitionMap.put("/static/**" , "anon" ); filterChainDefinitionMap.put("/kaptcha/**" , "anon" ); //配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了 filterChainDefinitionMap.put("/logout" , "logout" ); //<!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了; //<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问--> filterChainDefinitionMap.put("/**" , "authc" ); // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面 shiroFilterFactoryBean.setLoginUrl("/login" ); // 登录成功后要跳转的链接 shiroFilterFactoryBean.setSuccessUrl("/index" ); //未授权界面; shiroFilterFactoryBean.setUnauthorizedUrl("/error/403" ); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } /** * 凭证匹配器 * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了) * * @return */ @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5" );//散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5("")); return hashedCredentialsMatcher; } /** * 自定义身份认证realm * * @return */ @Bean public ShiroRealm shiroRealm() { ShiroRealm shiroRealm = new ShiroRealm(); shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return shiroRealm; } @Bean public EhCacheManager ehCacheManager(CacheManager cacheManager) { EhCacheManager em = new EhCacheManager(); //将ehcacheManager转换成shiro包装后的ehcacheManager对象 em.setCacheManager(cacheManager); //em.setCacheManagerConfigFile("classpath:ehcache.xml"); return em; } @Bean public SessionDAO sessionDAO(){ return new MemorySessionDAO(); } /** * shiro session管理 */ @Bean public DefaultWebSessionManager sessionManager() { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setSessionDAO(sessionDAO()); return sessionManager; } @Bean public SecurityManager securityManager(EhCacheManager ehCacheManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); // 设置realm securityManager.setRealm(shiroRealm()); // 自定义缓存实现 securityManager.setCacheManager(ehCacheManager); // 自定义session管理 securityManager.setSessionManager(sessionManager()); return securityManager; } /** * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证 * 配置以下两个bean(DefaultAdvisorAutoProxyCreator和AuthorizationAttributeSourceAdvisor)即可实现此功能 * * @return */ @Bean public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); advisorAutoProxyCreator.setProxyTargetClass(true); return advisorAutoProxyCreator; } /** * 开启shiro aop注解支持. * 使用代理方式;所以需要开启代码支持; * * @param securityManager * @return */ @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } }
注意:
@Bean
public EhCacheManager ehCacheManager(CacheManager cacheManager) {
EhCacheManager em = new EhCacheManager();
//将ehcacheManager转换成shiro包装后的ehcacheManager对象
em.setCacheManager(cacheManager);
//em.setCacheManagerConfigFile("classpath:ehcache.xml");
return em;
}
如上是配置Shiro的缓存管理器org.apache.shiro.cache.ehcach.EhCacheManager,上面方法的参数是把Spring容器中的cacheManager对象注入到EhCacheManager中,这样就实现了Shiro和缓存注解使用同一种缓存方式。
三:代码示例
Gitee:https://gitee.com/xieke90/common-admin/tree/SpringBoot2.X_EhCache