• shiro认证


    shiro认证

    pom依赖

    <!-- shiro核心包 -->
        <dependency>
          <groupId>org.apache.shiro</groupId>
          <artifactId>shiro-core</artifactId>
          <version>${shiro.version}</version>
        </dependency>
        <!-- 添加shiro web支持 -->
        <dependency>
          <groupId>org.apache.shiro</groupId>
          <artifactId>shiro-web</artifactId>
          <version>${shiro.version}</version>
        </dependency>
        <dependency>
          <groupId>org.apache.shiro</groupId>
          <artifactId>shiro-spring</artifactId>
          <version>${shiro.version}</version>
        </dependency>

    web.xml配置

    <!-- shiro过滤器定义 -->
    <filter>
      <filter-name>shiroFilter</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      <init-param>
        <!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>shiroFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    通过逆向工程将五张表生成对应的model、mapper

    Usermapper

    ShiroUser queryByName(@Param("uname") String uname);
      <select id="queryByName" resultType="com.huang.model.ShiroUser" parameterType="java.lang.String">
        select
        <include refid="Base_Column_List" />
        from t_shiro_user
        where username = #{uname}
      </select>

    Service层

    package com.huang.service;
    
    import com.huang.model.ShiroUser;
    
    /**
     * @auther 宇晨
     * @company
     * @create 2019-11-03-21:31
     */
    public interface ShiroUserService {
        ShiroUser queryByName(String uname);
    }

    impl

    package com.huang.service.impl;
    
    import com.huang.mapper.ShiroUserMapper;
    import com.huang.model.ShiroUser;
    import com.huang.service.ShiroUserService;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.stereotype.Service;
    
    /**
     * @auther 宇晨
     * @company
     * @create 2019-11-03-21:32
     */
    @Service("shiroUserService")
    public class ShiroUserServiceImpl implements ShiroUserService {
        @Autowired
        private ShiroUserMapper shiroUserMapper;
        @Override
        public ShiroUser queryByName(String uname) {
            return shiroUserMapper.queryByName(uname);
        }
    }

    MyRealm

    package com.huang.shiro;
    
    import com.huang.model.ShiroUser;
    import com.huang.service.ShiroUserService;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.apache.shiro.util.ByteSource;
    
    /**
     * @auther 宇晨
     * @company
     * @create 2019-11-03-20:14
     * 替换掉了ini文件,,所有用户的身份都从这里来
     */
    public class MyRealm extends AuthorizingRealm {
        private ShiroUserService shiroUserService;
        public ShiroUserService getShiroUserService() {
            return shiroUserService;
        }
        public void setShiroUserService(ShiroUserService shiroUserService) {
            this.shiroUserService = shiroUserService;
        }
    
        /**
         * 授权的方法
         * @param principalCollection
         * @return
         *
         */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    
            return null;
        }
    
        /**
         * 身份认证的方法
         * @param authenticationToken
         * @return
         * @throws AuthenticationException
         */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            String uname = authenticationToken.getPrincipal().toString();
            String pwd = authenticationToken.getCredentials().toString();
            ShiroUser shiroUser = shiroUserService.queryByName(uname);
    
            AuthenticationInfo info = new SimpleAuthenticationInfo(
                shiroUser.getUsername(),
                shiroUser.getPassword(),
                ByteSource.Util.bytes(shiroUser.getSalt()),
                this.getName()
            );
            return info;
        }
    }

    applicationContext-shiro.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    
        <!--配置自定义的Realm-->
        <bean id="shiroRealm" class="com.huang.shiro.MyRealm">
            <property name="shiroUserService" ref="shiroUserService" />
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--以下三个配置告诉shiro将如何对用户传来的明文密码进行加密-->
            <property name="credentialsMatcher">
                <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
                    <!--指定hash算法为MD5-->
                    <property name="hashAlgorithmName" value="md5"/>
                    <!--指定散列次数为1024次-->
                    <property name="hashIterations" value="1024"/>
                    <!--true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储-->
                    <property name="storedCredentialsHexEncoded" value="true"/>
                </bean>
            </property>
        </bean>
    
        <!--注册安全管理器-->
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="shiroRealm" />
        </bean>
    
        <!--Shiro核心过滤器-->
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <!-- Shiro的核心安全接口,这个属性是必须的 -->
            <property name="securityManager" ref="securityManager" />
            <!-- 身份验证失败,跳转到登录页面 -->
            <property name="loginUrl" value="/login"/>
            <!-- 身份验证成功,跳转到指定页面 -->
            <!--<property name="successUrl" value="/index.jsp"/>-->
            <!-- 权限验证失败,跳转到指定页面 -->
            <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
            <!-- Shiro连接约束配置,即过滤链的定义 -->
            <property name="filterChainDefinitions">
                <value>
                    <!--
                    注:anon,authcBasic,auchc,user是认证过滤器
                        perms,roles,ssl,rest,port是授权过滤器
                    -->
                    <!--anon 表示匿名访问,不需要认证以及授权-->
                    <!--authc表示需要认证 没有进行身份认证是不能进行访问的-->
                    <!--roles[admin]表示角色认证,必须是拥有admin角色的用户才行-->
                    /user/login=anon
                    /user/updatePwd.jsp=authc
                    /admin/*.jsp=roles[admin]
                    /user/teacher.jsp=perms["user:update"]
                   <!-- /css/**               = anon
                    /images/**            = anon
                    /js/**                = anon
                    /                     = anon
                    /user/logout          = logout
                    /user/**              = anon
                    /userInfo/**          = authc
                    /dict/**              = authc
                    /console/**           = roles[admin]
                    /**                   = anon-->
                </value>
            </property>
        </bean>
    
        <!-- Shiro生命周期,保证实现了Shiro内部lifecycle函数的bean执行 -->
        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
    </beans>

    ShiroUserController.java

    package com.huang.controller;
    
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.subject.Subject;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    
    import javax.servlet.http.HttpServletRequest;
    
    /**
     * @auther 宇晨
     * @company
     * @create 2019-11-03-22:15
     */
    @Controller
    public class ShiroUserController {
        @RequestMapping("/login")
        public String login(HttpServletRequest req){
            Subject subject = SecurityUtils.getSubject();
            String uname = req.getParameter("userName");
            String pwd = req.getParameter("password");
            UsernamePasswordToken token = new UsernamePasswordToken(uname,pwd);
    
            try {
    //            这里会跳转到MyRealm中的认证方法
                subject.login(token);
                req.getSession().setAttribute("username",uname);
                return "main";
            }catch (Exception e){
                req.setAttribute("message","用户名密码错误!!!");
                return "login";
            }
        }
    
        @RequestMapping("/logout")
        public String logout(HttpServletRequest req){
            Subject subject = SecurityUtils.getSubject();
            subject.logout();
            return "redirect:/login.jsp";
        }
    }

    login.jsp

    <%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <html>
    <head>
        <title>Title</title>
    </head>
    <body>
        <h1>用户登陆</h1>
        <div style="color: red">${message}</div>
        <form action="${pageContext.request.contextPath}/login" method="post">
            帐号:<input type="text" name="username"><br>
            密码:<input type="password" name="password"><br>
            <input type="submit" value="确定">
            <input type="reset" value="重置">
        </form>
    </body>
    </html>

     

  • 相关阅读:
    【Emit基础】IL定义方法的语法详解
    Audit login 与 Audit logout
    锁定与并发
    【Emit基础】调用Tostring()方法的IL表示
    《DataRabbit 完全手册V1.0》 发布
    Remoting方法重载遇到的一个问题
    DataRabbit 3.1发布,完全支持SqlServer2005/2008
    A*算法的C#实现
    Spring.net 的一个bug ?
    【Emit基础】System.AccessViolationException: 尝试读取或写入受保护的内存。这通常指示其他内存已损坏。
  • 原文地址:https://www.cnblogs.com/bf6rc9qu/p/11789916.html
Copyright © 2020-2023  润新知