集成shiro

integrate-shiro/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>springboot-demo</artifactId>
+        <groupId>com.pannk</groupId>
+        <version>1.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>integrate-shiro</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>5.1.49</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.4</version>
+        </dependency>
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-boot-starter</artifactId>
+            <version>3.4.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-core</artifactId>
+            <version>1.4.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+            <version>1.4.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <version>1.2.73</version>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid-spring-boot-starter</artifactId>
+            <version>1.2.3</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

integrate-shiro/src/main/java/com/pannk/App.java

+package com.pannk;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * Created by wolf on 20-12-3.
+ */
+@SpringBootApplication
+public class App {
+    public static void main(String[] args) {
+        SpringApplication.run(App.class,args);
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/BaseException.java

+package com.pannk.config;
+
+import lombok.Data;
+
+/**
+ * Created by wolf on 20-11-3.
+ */
+@Data
+public class BaseException extends RuntimeException {
+
+    private String msg;
+
+    private int code = 500;
+
+    public BaseException(String msg){
+        super(msg);
+        this.msg =msg;
+    }
+
+    public BaseException(String msg,Throwable e){
+        super(msg,e);
+        this.msg =msg;
+    }
+    public BaseException(String msg,int code){
+        super(msg);
+        this.msg = msg;
+        this.code = code;
+    }
+
+    public BaseException(String msg,int code ,Throwable e){
+        super(msg,e);
+        this.msg = msg;
+        this.code = code;
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/BaseExceptionHandler.java

+package com.pannk.config;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.shiro.authz.AuthorizationException;
+import org.springframework.dao.DuplicateKeyException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.servlet.NoHandlerFoundException;
+
+/**
+ * Created by wolf on 20-11-3.
+ */
+@Slf4j
+@RestControllerAdvice
+public class BaseExceptionHandler {
+
+    /**
+     * 处理自定义异常
+     * @param e 自定义异常
+     * @return
+     */
+    @ExceptionHandler(BaseException.class)
+    public Result handleBaseException(BaseException e){
+        Result result = new Result();
+        result.put("code",e.getCode());
+        result.put("msg",e.getMsg());
+        return result;
+    }
+
+    /**
+     * handler不存在异常
+     * @param e 路径不存在
+     * @return
+     */
+    @ExceptionHandler(NoHandlerFoundException.class)
+    public Result handleNoHandlerFoundException(NoHandlerFoundException e){
+        log.error("访问路径不存在,{}",e);
+        return Result.error(404,"访问路径不存在");
+    }
+
+    /**
+     * 记录重复异常
+     * @param e 数据库已存在记录
+     * @return
+     */
+    @ExceptionHandler(DuplicateKeyException.class)
+    public Result handleDuplicateKeyException(DuplicateKeyException e){
+        log.error("数据库中已存在记录");
+        return Result.error("数据库中已存在记录");
+    }
+
+    /**
+     * 无权限
+     * @param e 无权限
+     * @return
+     */
+    @ExceptionHandler(AuthorizationException.class)
+    public Result handleAuthorizationException(AuthorizationException e){
+        log.error("没有相关权限,{}",e);
+        return Result.error(401,"没有权限,请联系管理员");
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/Constant.java

+package com.pannk.config;
+
+/**
+ * Created by wolf on 20-11-2.
+ */
+public class Constant {
+    public static final String NAME_SPACE = "mms";
+    public static final String KEY_JOIN_CHAR = ":";
+    public static final String USER_CACHE = NAME_SPACE + KEY_JOIN_CHAR + "user_cache" + KEY_JOIN_CHAR;
+    public static final String PERMS_CAHCE = NAME_SPACE + KEY_JOIN_CHAR + "perms_cache" + KEY_JOIN_CHAR;
+    public static final String CODE = "code";
+    public static final String MESSAGE = "msg";
+    public static final String SUCCESS = "success";
+    public static final String ERROR = "error";
+    public static final String DATA = "data";
+    public static final Long SUPER_ADMIN = 1L;
+    public static final long EXPIRE = 30 * 24 * 60 * 60;
+    public static final long DEFAULT_CUR_PAGE = 1;
+    public static final long DEFAULT_PAGE_SIZE = 10;
+    public static final String PAGE = "page";
+    public static final String LIMIT = "limit";
+    public static final String ORDER_FIELD = "sidx";
+    public static final String ORDER = "order";
+    public static final String ASC = "ASC";
+    public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
+    public static final String SIMPLE_DATE_FORMAT = "yyyy-MM-dd";
+    public static final String INIT_PASSWORD = "123456";
+
+    /**
+     * 菜单类型
+     */
+    public enum MenuType {
+        /**
+         * 目录
+         */
+        CATALOG(0),
+        /**
+         * 菜单
+         */
+        MENU(1),
+        /**
+         * 按钮
+         */
+        BUTTON(2);
+        private int value;
+
+        MenuType(int value) {
+            this.value = value;
+        }
+
+        public int getValue() {
+            return value;
+        }
+
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/OAuth2Filter.java

+package com.pannk.config;
+
+import com.alibaba.fastjson.JSON;
+import com.baomidou.mybatisplus.core.toolkit.StringUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Created by wolf on 20-11-6.
+ */
+public class OAuth2Filter extends AuthenticatingFilter {
+    @Override
+    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
+        String token = getToken(servletRequest);
+        if (StringUtils.isBlank(token)) {
+            return null;
+        }
+        return new OAuth2Token(token);
+    }
+
+    @Override
+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
+        if (((HttpServletRequest) request).getMethod().equals(RequestMethod.OPTIONS.name())) {
+            return true;
+        }
+        return false;
+    }
+
+    @Override
+    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
+        String token = getToken(servletRequest);
+        if (StringUtils.isBlank(token)) {
+            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
+            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
+            httpServletResponse.setHeader("Access-Control-Allow-Origin", ((HttpServletRequest) servletRequest).getHeader("Origin"));
+
+            String responseJson = JSON.toJSONString(Result.error(HttpStatus.FORBIDDEN.value(), HttpStatus.FORBIDDEN.getReasonPhrase()));
+            httpServletResponse.getWriter().print(responseJson);
+            return false;
+        }
+        return executeLogin(servletRequest, servletResponse);
+    }
+
+
+    @Override
+    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
+        System.out.println("======================token " + token);
+        System.out.println("======================subject " + subject.getPrincipal());
+        return true;
+    }
+
+    @Override
+    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
+        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+        httpServletResponse.setContentType("application/json;charset=utf-8");
+        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        String origin = httpServletRequest.getHeader("Origin");
+        httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);
+        try {
+            Throwable throwable = e.getCause() == null ? e : e.getCause();
+            Result result = Result.error(HttpStatus.UNAUTHORIZED.value(), throwable.getMessage());
+            String json = JSON.toJSONString(result);
+            httpServletResponse.getWriter().print(json);
+        } catch (IOException ie) {
+            throw new BaseException(ie.getMessage());
+        }
+        return false;
+    }
+
+    private String getToken(ServletRequest request) {
+        return ((HttpServletRequest) request).getHeader("token");
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/OAuth2Realm.java

+package com.pannk.config;
+
+import com.pannk.user.entity.UserEntity;
+import org.apache.shiro.authc.*;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.Set;
+
+/**
+ * Created by wolf on 20-11-6.
+ */
+@Component
+public class OAuth2Realm extends AuthorizingRealm {
+
+    @Autowired
+    private RedisUtil redisUtil;
+
+    @Override
+    public boolean supports(AuthenticationToken token) {
+        return token instanceof OAuth2Token;
+    }
+
+    /**
+     * 授权
+     *
+     * @param principalCollection
+     * @return
+     */
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
+        UserEntity sysUserEntity = (UserEntity) principalCollection.getPrimaryPrincipal();
+        Set<String> perms = redisUtil.getEntity(Constant.PERMS_CAHCE + sysUserEntity.getId(), Set.class);
+        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
+        info.setStringPermissions(perms);
+        return info;
+    }
+
+    /**
+     * 登录认证
+     *
+     * @param authenticationToken token
+     * @return
+     * @throws AuthenticationException
+     */
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws
+            AuthenticationException {
+        String token = (String) authenticationToken.getPrincipal();
+        UserEntity userEntity = redisUtil.getEntity(Constant.USER_CACHE + token, UserEntity.class);
+        if (userEntity == null) {
+            throw new BaseException("token失效,请重新登录");
+        }
+        if (userEntity.getStatus() == 1) {
+            throw new LockedAccountException("账号被锁定,清联系管理员处理");
+        }
+        return new SimpleAuthenticationInfo(userEntity, token, getName());
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/OAuth2Token.java

+package com.pannk.config;
+
+import org.apache.shiro.authc.AuthenticationToken;
+
+/**
+ * Created by wolf on 20-11-6.
+ */
+public class OAuth2Token implements AuthenticationToken {
+
+
+    private String token;
+
+    public OAuth2Token(String token){
+        this.token = token;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return token;
+    }
+
+    @Override
+    public Object getCredentials() {
+        return token;
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/RedisUtil.java

+package com.pannk.config;
+
+import com.alibaba.fastjson.JSON;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
+
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Created by wolf on 20-11-3.
+ */
+@Slf4j
+@Component
+public class RedisUtil {
+
+    @Autowired
+    private RedisTemplate<String, Object> redisTemplate;
+
+    /**
+     * 设置过期时间
+     * @param key 键
+     * @param time 时间,单位:秒
+     * @return
+     */
+    public boolean expire(String key, long time) {
+        try {
+            if (time > 0) {
+                redisTemplate.expire(key, time, TimeUnit.SECONDS);
+            }
+            return true;
+        } catch (Exception e) {
+            log.error("设置失效时间出错,{}", e);
+            return false;
+        }
+    }
+
+    /**
+     * 设置过期时间
+     * @param key 键
+     * @param day 时间,单位：天
+     * @return
+     */
+    public boolean expire(String key,int day){
+        try{
+            if (day<0){
+                redisTemplate.expire(key,day,TimeUnit.DAYS);
+            }
+            return true;
+        }catch (Exception e){
+            log.error("设置失效时间出错,{}",e);
+            return false;
+        }
+    }
+
+    /**
+     * 删除键
+     * @param key 键
+     */
+    public void del(String... key){
+        if (key!=null && key.length>0){
+            if (key.length==1){
+                redisTemplate.delete(key[0]);
+            }else{
+                redisTemplate.delete(CollectionUtils.arrayToList(key));
+            }
+        }
+    }
+
+    /**
+     * 缓存获取
+     * @param key 键
+     * @return
+     */
+    public Object get(String key){
+        return key == null ? null :redisTemplate.opsForValue().get(key);
+    }
+
+    /**
+     * 获取对象
+     * @param key 键
+     * @param cls 类
+     * @param <T> 类型
+     * @return
+     */
+    public <T> T getEntity(String key,Class<T> cls){
+        Object obj = this.get(key);
+        if (obj!=null){
+            return JSON.parseObject(obj.toString(),cls);
+        }
+        return null;
+    }
+
+    /**
+     * 获取列表
+     * @param key 键
+     * @param cls 类
+     * @param <T> 类型
+     * @return
+     */
+    public <T> List<T> getListEntity(String key, Class<T> cls){
+        Object obj = this.get(key);
+        if (obj!=null){
+            return JSON.parseArray(obj.toString(),cls);
+        }
+        return null;
+    }
+
+    /**
+     * 设置键值
+     * @param key 键
+     * @param value 值
+     * @return
+     */
+    public boolean set(String key,Object value){
+        try{
+            redisTemplate.opsForValue().set(key,value);
+            return true;
+        }catch (Exception e){
+            log.error("设置键值出错,{}",e);
+            return false;
+        }
+    }
+
+    /**
+     * 设置键值和失效时间
+     * @param key 键
+     * @param value 值
+     * @param time 失效时间
+     * @return
+     */
+    public boolean set(String key,Object value,long time){
+        try{
+            if(time>0){
+                redisTemplate.opsForValue().set(key,value,time, TimeUnit.SECONDS);
+            }else{
+                set(key,value);
+            }
+            return true;
+        }catch (Exception e){
+            log.error("设置键值和失效时间出错,{}",e);
+            return false;
+        }
+    }
+
+    /**
+     * 获取hash值
+     * @param key 键
+     * @param item 项
+     * @return
+     */
+    public Object hget(String key,String item){
+        return redisTemplate.opsForHash().get(key,item);
+    }
+
+    /**
+     * 获取hashKey对应的所有键值
+     * @param key 键
+     * @return
+     */
+    public Map<Object,Object> hmget(String key){
+        return redisTemplate.opsForHash().entries(key);
+    }
+
+    /**
+     * 设置hash值
+     * @param key 键
+     * @param map 值
+     * @return
+     */
+    public boolean hmset(String key,Map<String,Object> map){
+        try{
+            redisTemplate.opsForHash().putAll(key,map);
+            return true;
+        }catch (Exception e){
+            log.error("设置哈希键值出错,{}",e);
+            return false;
+        }
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/Result.java

+package com.pannk.config;
+
+import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
+
+import java.util.HashMap;
+
+/**
+ * Created by wolf on 20-11-2.
+ */
+@Slf4j
+@Data
+public class Result extends HashMap<String, Object> {
+
+    public Result() {
+        put(Constant.CODE, 0);
+        put(Constant.MESSAGE, Constant.SUCCESS);
+    }
+
+    public static Result success() {
+        return new Result();
+    }
+
+    public static Result error(int code, String msg) {
+        Result result = new Result();
+        result.put(Constant.CODE, code);
+        result.put(Constant.MESSAGE, msg);
+        return result;
+    }
+
+    public static Result error(String msg) {
+        return error(1, msg);
+    }
+
+    public static Result success(Object data) {
+        Result result = new Result();
+        result.put(Constant.DATA, data);
+        return result;
+    }
+}

integrate-shiro/src/main/java/com/pannk/config/ShiroConfig.java

+package com.pannk.config;
+
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.spring.LifecycleBeanPostProcessor;
+import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import javax.servlet.Filter;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Created by wolf on 20-12-3.
+ */
+@Configuration
+public class ShiroConfig {
+
+    @Bean
+    public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
+        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
+        securityManager.setRealm(oAuth2Realm);
+        securityManager.setRememberMeManager(null);
+        return securityManager;
+    }
+
+    @Bean
+    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
+        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
+        advisor.setSecurityManager(securityManager);
+        return advisor;
+    }
+
+    @Bean("shiroFilter")
+    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
+        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
+        shiroFilterFactoryBean.setSecurityManager(securityManager);
+
+        Map<String, Filter> filters = new HashMap<>();
+        filters.put("oauth2", new OAuth2Filter());
+        shiroFilterFactoryBean.setFilters(filters);
+
+        Map<String, String> filterMap = new LinkedHashMap<>();
+        filterMap.put("/webjars/**", "anon");
+        filterMap.put("/druid/**", "anon");
+        filterMap.put("/sys/login", "anon");
+        filterMap.put("/swagger/**", "anon");
+        filterMap.put("/v2/api-docs", "anon");
+        filterMap.put("/swagger-ui.html", "anon");
+        filterMap.put("/swagger-resources/**", "anon");
+        filterMap.put("/doc.html", "anon");
+
+        filterMap.put("/**", "oauth2");
+        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
+        return shiroFilterFactoryBean;
+    }
+
+    @Bean("lifecycleBeanPostProcessor")
+    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
+        return new LifecycleBeanPostProcessor();
+    }
+
+
+}

integrate-shiro/src/main/java/com/pannk/user/controller/UserController.java

+package com.pannk.user.controller;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Created by wolf on 20-12-3.
+ */
+@RequestMapping("/user")
+@RestController
+public class UserController {
+
+
+}

integrate-shiro/src/main/java/com/pannk/user/dao/UserMapper.java

+package com.pannk.user.dao;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.pannk.user.entity.UserEntity;
+import org.apache.ibatis.annotations.Mapper;
+
+/**
+ * Created by wolf on 20-12-3.
+ */
+@Mapper
+public interface UserMapper extends BaseMapper<UserEntity> {
+}

integrate-shiro/src/main/java/com/pannk/user/entity/UserEntity.java

+package com.pannk.user.entity;
+
+import com.baomidou.mybatisplus.annotation.TableId;
+import lombok.Data;
+
+import java.util.Date;
+
+/**
+ * Created by wolf on 20-12-3.
+ */
+@Data
+public class UserEntity {
+
+    @TableId
+    private Long id;
+    private String userName;
+    private String password;
+    private String code;
+    private Date createDate;
+    private Integer status;
+    private Long createId;
+    private Date updateDate;
+    private Long updateId;
+}

integrate-shiro/src/main/java/com/pannk/user/service/UserService.java

+package com.pannk.user.service;
+
+import com.baomidou.mybatisplus.extension.service.IService;
+import com.pannk.user.entity.UserEntity;
+
+/**
+ * Created by wolf on 20-12-3.
+ */
+public interface UserService extends IService<UserEntity> {
+
+
+}

integrate-shiro/src/main/java/com/pannk/user/service/impl/UserServiceImpl.java

+package com.pannk.user.service.impl;
+
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.pannk.user.dao.UserMapper;
+import com.pannk.user.entity.UserEntity;
+import com.pannk.user.service.UserService;
+import org.springframework.stereotype.Service;
+
+/**
+ * Created by wolf on 20-12-3.
+ */
+@Service
+public class UserServiceImpl extends ServiceImpl<UserMapper,UserEntity> implements UserService {
+}

integrate-shiro/src/main/resources/application-dev.yml

+spring:
+  datasource:
+    type: com.alibaba.druid.pool.DruidDataSource
+    druid:
+      driver-class-name: com.mysql.jdbc.Driver
+      url: jdbc:mysql://localhost:3306/mms?userUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai&useSSL=false
+      username: root
+      password: 123456
+      initial-size: 10
+      max-active: 100
+      min-idle: 10
+      max-wait: 60000
+      pool-prepared-statements: true
+      max-pool-prepared-statement-per-connection-size: 20
+      time-between-eviction-runs-millis: 60000
+      min-evictable-idle-time-millis: 300000
+      test-while-idle: true
+      test-on-borrow: false
+      test-on-return: false
+      stat-view-servlet:
+        enabled: true
+        url-pattern: /druid/*
+      filter:
+        stat:
+          log-slow-sql: true
+          slow-sql-millis: 1000
+          merge-sql: true
+        wall:
+          config:
+            multi-statement-allow: true
+  redis:
+    host: localhost
+    port: 6379
+    database: 0
+    timeout: 6000ms
+    jedis:
+      pool:
+        max-active: 100
+        max-wait: -1ms
+        max-idle: 10
+        min-idle: 5
\ No newline at end of file

integrate-shiro/src/main/resources/application.yml

+server:
+  port: 8080
+mybatis-plus:
+  mapper-locations: classpath*:/mapper/**/*.xml
+  type-aliases-package: com.pannk.*.entity
+  global-config:
+    db-config:
+      id-type: AUTO
+    banner: false
+  configuration:
+    map-underscore-to-camel-case: true
+    cache-enabled: false
+    call-setters-on-nulls: true
+    jdbc-type-for-null: 'null'
+    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
\ No newline at end of file

integrate-shiro/src/main/resources/mapper/UserMapper.xml

+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.pannk.user.dao.UserMapper">
+</mapper>
\ No newline at end of file

integrate-shiro/src/main/resources/note

+1、Shiro是什么？
+Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码学和会话管理。
+使用Shiro的易于理解的API，您可以快速、轻松地获得任何应用程序，从最小的移动应用程序到最大的网络和企业应用程序。
+简单的讲，Shiro是一个Java平台的开源权限框架，用于认证和访问授权。
+
+2、Shiro三个核心组件
+Subject, SecurityManager 和 Realms
+    Subject：即“当前操作用户”。但是，在Shiro中，Subject这一概念并不仅仅指人，也可以是第三方进程、后台帐户（Daemon Account）或其他类似事物。
+    它仅仅意味着“当前跟软件交互的东西”。但考虑到大多数目的和用途，你可以把它认为是Shiro的“用户”概念。Subject代表了当前用户的安全操作，SecurityManager则管理所有用户的安全操作。
+    SecurityManager：它是Shiro框架的核心，典型的Facade模式，Shiro通过SecurityManager来管理内部组件实例，并通过它来提供安全管理的各种服务。
+    Realm： Realm充当了Shiro与应用安全数据间的“桥梁”或者“连接器”。也就是说，当对用户执行认证（登录）和授权（访问控制）验证时，Shiro会从应用配置的Realm中查找用户及其权限信息。
+    　　从这个意义上讲，Realm实质上是一个安全相关的DAO：它封装了数据源的连接细节，并在需要时将相关数据提供给Shiro。当配置Shiro时，你必须至少指定一个Realm，用于认证和（或）授权。
+        配置多个Realm是可以的，但是至少需要一个。  　
+    　　Shiro内置了可以连接大量安全数据源（又名目录）的Realm，
+       如LDAP、关系数据库（JDBC）、类似INI的文本配置资源以及属性文件等。
+       如果缺省的Realm不能满足需求，你还可以插入代表自定义数据源的自己的Realm实现。
+3、授权三要素：用户，角色，权限（仅仅是操作权限，数据权限必须与业务需求紧密结合），资源（url）。
+  简单的讲：用户分配角色，角色定义权限。访问授权时支持角色或者权限，并且支持多级的权限定义。
+  Q：对组的支持？
+  A：shiro默认不支持对组设置权限。
+  Q：是否可以满足对组进行角色分配的需求？
+  A：扩展Realm，可以支持对组进行分配角色，其实就是给该组下的所有用户分配权限。
+  Q：对数据权限的支持？ 在业务系统中定义？
+  A：shiro仅仅实现对操作权限的控制，用于在前端控制元素隐藏或者显示，以及对资源访问权限进行检查。数据权限与具体的业务需求紧密关联，shiro本身无法实现对数据权限的控制。
+  Q：动态权限分配？
+  A：扩展org.apache.shiro.realm.Realm，支持动态权限分配。
+  Q：与Spring集成？
+  A：shiro-spring项目可以与Spring无缝集成，shiro还支持jsp标签等。
+4、集成方式
+  1、<dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-spring-boot-web-starter</artifactId>
+                <version>1.4.0</version>
+    </dependency>
+  2、<dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-core</artifactId>
+                <version>1.4.0</version>
+     </dependency>
+     <dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-spring</artifactId>
+                <version>1.4.0</version>
+     </dependency>
\ No newline at end of file

mms-font/src/views/common/login.vue

@@ -26,6 +26,7 @@
 </template>
 
 <script>
+  import md5 from 'js-md5'
   export default {
     data () {
       return {
@@ -55,7 +56,7 @@
               method: 'post',
               data: this.$http.adornData({
                 'userName': this.dataForm.userName,
-                'password': this.dataForm.password
+                'password': md5(this.dataForm.password)
               })
             }).then(({data}) => {
               if (data && data.code === 0) {

mms/src/main/java/com/pannk/mms/App.java

@@ -3,7 +3,6 @@ package com.pannk.mms;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import springfox.documentation.spring.web.SpringfoxWebMvcConfiguration;
 
@@ -17,11 +16,4 @@ public class App implements WebMvcConfigurer {
     public static void main(String[] args) {
         SpringApplication.run(App.class, args);
     }
-
-    @Override
-    public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        registry.addResourceHandler("classpath*:/META-INF/resources/doc.html").addResourceLocations
-                ("classpath*:/META-INF/resources/");
-        registry.addResourceHandler("/webjars/**").addResourceLocations("classpath*:/META-INF/resources/webjars/");
-    }
 }

pom.xml

@@ -20,6 +20,7 @@
         <module>integrate-mongodb</module>
         <module>integrate-mq</module>
         <module>integrate-swagger</module>
+        <module>integrate-shiro</module>
     </modules>
     <parent>
         <groupId>org.springframework.boot</groupId>