Shiro permission authentication ii

This is the 19th day of my participation in the Challenge. For details, see:More article challenges

Set up a Flag and write something every day and stick to it.

Distributed Shiro permission authentication

Previous article: juejin.cn/post/697663…

This article describes how to apply Shiro to distribute permissions in a project.

Because Shiro is based on a single service, session sharing allows for multiple services. Distributed permission, which requires the same domain name (session scope).

Use the unified login service to log in, and use the Iframe framework to jump to the menu.

Build the home page structure

header.html

<! DOCTYPEhtml>
<html lang="en">
<body>
<div th:fragment="header">
    <div>header</div>
</div>

</body>
</html>
Copy the code

The navigator. HTML menu can obtain data from the background. The path is the absolute path of the gateway domain name, target to iframe, where the domain name is localhost.

<! DOCTYPEhtml>
<html lang="en">
<body>
<div th:fragment="navigator">
    <div>navigator</div>
    <div>
        <li><a href="http://localhost:9000/paw-authorize-shiro-api/home" target="mainFrame">a link</a></li>
        <li><a href="http://localhost:9000/paw-sky-api/index" target="bodyFrame">sky</a></li>
    </div>
</div>
</body>
</html>
Copy the code

The final index.html can be built from some existing front-end framework with header, left menu bar, and right work bar beautiful layout.

<! DOCTYPEhtml>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Shiro Session</title>

</head>
<body>
<script>
    / / the window. The location. Href = 'http://172.20.25.8:9000/paw-authorize-shiro-api/home';
</script>

<div  style="width: 100%; height: 100px">
    <div th:include=".. /templates/header"></div>
</div>

<div style="display: flex">
    <div style="width: 200px; height: 100%">
        <div th:include=".. /templates/navigator"></div>
    </div>

    <div style="width: 1500px; height: 1000px">
        <iframe src="home" name="mainFrame" width="100%" height="100%" ></iframe>
    </div>
</div>
</body>
</html>
Copy the code

After login, jump to index.html, after which the entire page frame remains unchanged, invoke the corresponding microservice through the menu, and the workspace mainFrame content transforms.

Menu < li > < a href = “http://localhost:9000/paw-sky-api/index” target = “bodyFrame” > sky < / a > < / li > services

Configure shiroConfig. The login address points to the login service. In addition to the login service, you do not need to configure the login page and index page

shiro:
  loginUrl: http://localhost:8081/login
  successUrl: http://localhost:8081/index
Copy the code

Configuration class, obtain session and annotate permission processing

@Configuration
public class ShiroConfig {
  public ShiroConfig(a) {}@Bean
  public UserRealm userRealm(a) {
    UserRealm userRealm = new UserRealm();
    userRealm.setCredentialsMatcher(this.credentialsMatcher());
    return userRealm;
  }

  @Bean
  public ShiroFilterChainDefinition shiroFilterChainDefinition(a) {
    DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
    chainDefinition.addPathDefinition("/captcha"."anon");
    chainDefinition.addPathDefinition("/logout"."anon");
    chainDefinition.addPathDefinition("/layuiadmin/**"."anon");
    chainDefinition.addPathDefinition("/druid/**"."anon");
    chainDefinition.addPathDefinition("/api/**"."anon");
    chainDefinition.addPathDefinition("/login"."anon");
    chainDefinition.addPathDefinition("/ * *"."authc");
    return chainDefinition;
  }

  @Bean
  public HashedCredentialsMatcher credentialsMatcher(a) {
    HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
    credentialsMatcher.setHashAlgorithmName("SHA-256");
    credentialsMatcher.setStoredCredentialsHexEncoded(false);
    credentialsMatcher.setHashIterations(1024);
    return credentialsMatcher;
  }

  @Bean
  public SessionsSecurityManager securityManager(a) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// securityManager.setRealm(this.userRealm());
    return securityManager;
  }
Copy the code

At this point the entire distributed page permissions complete.

Gitee: gitee.com/tg_seahorse…

Or branch gitee.com/tg_seahorse…

paw-authorize-shiro

paw-authorize-shiro-sky

paw-demos-gateway

Consider: How to extract Shiro related content into a common service, and other page services only need to introduce this common service to realize Shiro permission verification.