• Shiro认证


    Pom依赖

     

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.3.2</version>
    </dependency>
    
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.3.2</version>
    </dependency>
    
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-spring</artifactId>
        <version>1.3.2</version>
    </dependency>

     web.xml配置

    <!-- shiro过滤器定义 -->
    <filter>
      <filter-name>shiroFilter</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      <init-param>
        <!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>shiroFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

     

    通过逆向工程将五张表生成对应的model、mapper

     

    applicationContext-shiro.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    
        <!--配置自定义的Realm-->
        <bean id="shiroRealm" class="com.hxc.shiro.MyRealm">
            <property name="shiroUserService" ref="shiroUserService" />
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--以下三个配置告诉shiro将如何对用户传来的明文密码进行加密-->
            <property name="credentialsMatcher">
                <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
                    <!--指定hash算法为MD5-->
                    <property name="hashAlgorithmName" value="md5"/>
                    <!--指定散列次数为1024次-->
                    <property name="hashIterations" value="1024"/>
                    <!--true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储-->
                    <property name="storedCredentialsHexEncoded" value="true"/>
                </bean>
            </property>
        </bean>
    
        <!--注册安全管理器-->
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="shiroRealm" />
        </bean>
    
        <!--Shiro核心过滤器-->
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <!-- Shiro的核心安全接口,这个属性是必须的 -->
            <property name="securityManager" ref="securityManager" />
            <!-- 身份验证失败,跳转到登录页面 -->
            <property name="loginUrl" value="/login"/>
            <!-- 身份验证成功,跳转到指定页面 -->
            <!--<property name="successUrl" value="/index.jsp"/>-->
            <!-- 权限验证失败,跳转到指定页面 -->
            <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
            <!-- Shiro连接约束配置,即过滤链的定义 -->
            <property name="filterChainDefinitions">
                <value>
                    <!--
                    注:anon,authcBasic,auchc,user是认证过滤器
                        perms,roles,ssl,rest,port是授权过滤器
                    -->
                    <!--anon 表示匿名访问,不需要认证以及授权-->
                    <!--authc表示需要认证 没有进行身份认证是不能进行访问的-->
                    <!--roles[admin]表示角色认证,必须是拥有admin角色的用户才行-->
                    /user/login=anon
                    /user/updatePwd.jsp=authc
                    /admin/*.jsp=roles[admin]
                    /user/teacher.jsp=perms["user:update"]
                    <!-- /css/**               = anon
                     /images/**            = anon
                     /js/**                = anon
                     /                     = anon
                     /user/logout          = logout
                     /user/**              = anon
                     /userInfo/**          = authc
                     /dict/**              = authc
                     /console/**           = roles[admin]
                     /**                   = anon-->
                </value>
            </property>
        </bean>
    
        <!-- Shiro生命周期,保证实现了Shiro内部lifecycle函数的bean执行 -->
        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
    </beans>

    ShiroUserService

    package com.hxc.service;
    
    import com.hxc.model.ShiroUser;
    
    
    
    public interface ShiroUserService {
        ShiroUser queryByName(String uname);
        int insert(ShiroUser record);
    }

    MyRealm

    package com.hxc.shiro;
    
    import com.hxc.model.ShiroUser;
    import com.hxc.service.ShiroUserService;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.apache.shiro.util.ByteSource;
    
    
    public class MyRealm extends AuthorizingRealm {
        private ShiroUserService shiroUserService;
    
        public ShiroUserService getShiroUserService() {
            return shiroUserService;
        }
    
        public void setShiroUserService(ShiroUserService shiroUserService) {
            this.shiroUserService = shiroUserService;
        }
    
        /**
         * 授权方法
         * @param principalCollection
         * @return
         */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            return null;
        }
    
        /**
         * 身份认证方法
         * @param authenticationToken
         * @return
         * @throws AuthenticationException
         */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
          String uname=authenticationToken.getPrincipal().toString();
            String pwd=authenticationToken.getCredentials().toString();
            ShiroUser shiroUser = shiroUserService.queryByName(uname);
    
            AuthenticationInfo info=new SimpleAuthenticationInfo(
                    shiroUser.getUsername(),
                    shiroUser.getPassword(),
                    ByteSource.Util.bytes(shiroUser.getSalt()),
                    this.getName()
            );
            return info;
        }
    }

    ShiroUserControll

    package com.hxc.controller;
    import com.hxc.model.ShiroUser;
    import com.hxc.service.ShiroUserService;
    import com.hxc.util.PasswordHelper;
    import jdk.nashorn.internal.ir.ReturnNode;
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.subject.Subject;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.IOException;
    
    
    @Controller
    public class ShiroUserController {
    
        @RequestMapping("/login")
        public String login(HttpServletRequest req, HttpServletResponse resp){
            Subject subject = SecurityUtils.getSubject();
            String username = req.getParameter("username");
            String password = req.getParameter("password");
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
            try {
                subject.login(usernamePasswordToken);
                req.getSession().setAttribute("username",username);
                return "main";
            } catch (Exception e) {
            req.setAttribute("message","用户名密码错误");
            return "login";
            }
        }
    
        @RequestMapping("/logout")
        public String logout(HttpServletRequest req, HttpServletResponse resp) {
            Subject subject = SecurityUtils.getSubject();
            subject.logout();
            return "redirect:/login.jsp";
        }
    
        @RequestMapping("/register")
        public String register(HttpServletRequest req, HttpServletResponse resp){
            String uname = req.getParameter("username");
            String pwd = req.getParameter("password");
            String salt = PasswordHelper.createSalt();
            String credentials = PasswordHelper.createCredentials(pwd, salt);
    
            ShiroUser shiroUser=new ShiroUser();
            shiroUser.setUsername(uname);
            shiroUser.setPassword(credentials);
            shiroUser.setSalt(salt);
            int insert = shiroUserService.insert(shiroUser);
            if(insert>0){
                req.setAttribute("message","注册成功");
                return "login";
            }
            else{
                req.setAttribute("message","注册失败");
                return "register";
            }
        }
    
    
    }

    盐加密

     

    盐加密工具类,在做新增用户的时候使用,将加密后的密码、及加密时候的盐放入数据库;

    本篇博客中的表数据是现成的,暂时用不上这个工具类去生成数据;

    PasswordHelper
    package com.hxc.util;
    import org.apache.shiro.crypto.RandomNumberGenerator;
    import org.apache.shiro.crypto.SecureRandomNumberGenerator;
    import org.apache.shiro.crypto.hash.SimpleHash;
    
    public class PasswordHelper {
    
        /**
         * 随机数生成器
         */
        private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
    
        /**
         * 指定hash算法为MD5
         */
        private static final String hashAlgorithmName = "md5";
    
        /**
         * 指定散列次数为1024次,即加密1024次
         */
        private static final int hashIterations = 1024;
    
        /**
         * true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储
         */
        private static final boolean storedCredentialsHexEncoded = true;
    
        /**
         * 获得加密用的盐
         *
         * @return
         */
        public static String createSalt() {
            return randomNumberGenerator.nextBytes().toHex();
        }
    
        /**
         * 获得加密后的凭证
         *
         * @param credentials 凭证(即密码)
         * @param salt        盐
         * @return
         */
        public static String createCredentials(String credentials, String salt) {
            SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials,
                    salt, hashIterations);
            return storedCredentialsHexEncoded ? simpleHash.toHex() : simpleHash.toBase64();
        }
    
    
        /**
         * 进行密码验证
         *
         * @param credentials        未加密的密码
         * @param salt               盐
         * @param encryptCredentials 加密后的密码
         * @return
         */
        public static boolean checkCredentials(String credentials, String salt, String encryptCredentials) {
            return encryptCredentials.equals(createCredentials(credentials, salt));
        }
    
        public static void main(String[] args) {
            //
            String salt = createSalt();
            System.out.println(salt);
            System.out.println(salt.length());
            //凭证+盐加密后得到的密码
            String credentials = createCredentials("123", salt);
            System.out.println(credentials);
            System.out.println(credentials.length());
            boolean b = checkCredentials("123", salt, credentials);
            System.out.println(b);
        }
    }

     login.jsp    

    <%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <html>
    <head>
        <title>Title</title>
    </head>
    <body>
        <h1>用户登陆</h1>
        <div style="color: red">${message}</div>
        <form action="${pageContext.request.contextPath}/login" method="post">
            帐号:<input type="text" name="username"><br>
            密码:<input type="password" name="password"><br>
            <input type="submit" value="确定">
            <input type="reset" value="重置">
        </form>
    </body>
    </html>

     

     

  • 相关阅读:
    图形化代码阅读工具——Scitools Understand
    cocos studio UI 1.6.0.0 修改导出项目路径
    cocos2dx 中文路径编译错误记录
    利用特性区分查找方法,并通过反射调用方法
    WPF MVVM学习(二)
    wpf 控件模板、面板模板、数据模板
    blend 自定义控件
    wpf dataGrid样式
    blend 使用模板的几点说明
    WPF MVVM学习
  • 原文地址:https://www.cnblogs.com/huxiaocong/p/11832197.html
Copyright © 2020-2023  润新知