• springboot整合shiro


    1、引入依赖

    <dependency>
    		<groupId>org.apache.shiro</groupId>
    		<artifactId>shiro-spring</artifactId>
    		<version>1.7.1</version>
    </dependency>

    2、编写自定义Realm

    //自定义的UserRealm
    public class UserRealm extends AuthorizingRealm {

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    System.out.println("执行了=>授权doGetAuthorizationInfo");
    SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
    //拿到当前登录的这个对象
    Subject subject = SecurityUtils.getSubject();
    Demo d = (Demo) subject.getPrincipal();
    simpleAuthorizationInfo.addStringPermission(d.getRole());
    return simpleAuthorizationInfo;
    }
    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    System.out.println("执行了=>认证doGetAuthorizationInfo");
    //用户名、密码、数据库中取
    UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
    QueryWrapper<Demo> queryWrapper=new QueryWrapper();
    queryWrapper.eq("user_name",userToken.getUsername());
    Demo d=demoMapper.selectOne(queryWrapper);
    if(!userToken.getUsername().equals(d.getUserName())){
    return null;
    }
    //密码认证,shiro做
    return new SimpleAuthenticationInfo("",d.getPassword(),"");
    }

    编写ShiroConfig

    @Configuration
    public class ShiroConfig {

    //ShiroFilterFactoryBean:3

       @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    //设置安全管理器
    bean.setSecurityManager(defaultWebSecurityManager);
    //添加Shiro的内置过滤器
    /*anon: 无需认证就可以访问
    * authc: 必须认证了才能访问
    * user:必须拥有 记住我 功能才能访问
    * perms:拥有对某个资源的权限才能访问
    * role:拥有某个角色权限才能访问
    * */
    LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();

    filterMap.put("/test1", "perms[user:add]");
    filterMap.put("/test2", "perms[user:update]");
    filterMap.put("/test", "authc");

    bean.setFilterChainDefinitionMap(filterMap);

    //设置登录的请求
    bean.setLoginUrl("/tologin");
    //设置未授权请求
    bean.setUnauthorizedUrl("/unauthorized");
    return bean;
    }

    //DefaultWebSecurityManager:2
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    //关联UserRealm
    securityManager.setRealm(userRealm);
    return securityManager;
    }


    //创建realm对象, 需要自定义
    @Bean
    public UserRealm userRealm() {
    return new UserRealm();
    }

    4、创建测试页面:
    在这里插入图片描述
    在这里插入图片描述

    4、实现登录拦截拦截
    ShiroConfig.java

    @Configuration
    public class ShiroConfig {

    //ShiroFilterFactoryBean:3
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    //设置安全管理器
    bean.setSecurityManager(defaultWebSecurityManager);

    //添加Shiro的内置过滤器
    /*anon: 无需认证就可以访问
    * authc: 必须认证了才能访问
    * user:必须拥有 记住我 功能才能访问
    * perms:拥有对某个资源的权限才能访问
    * role:拥有某个角色权限才能访问
    * */
    LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();

    //filterMap.put("/user/add", "authc");
    //filterMap.put("/user/update", "authc");
    filterMap.put("/user/**", "authc");

    bean.setFilterChainDefinitionMap(filterMap);

    //设置登录的请求
    bean.setLoginUrl("/tologin");

    return bean;
    }

    //DefaultWebSecurityManager:2
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    //关联UserRealm
    securityManager.setRealm(userRealm);
    return securityManager;
    }


    //创建realm对象, 需要自定义
    @Bean
    public UserRealm userRealm(){
    return new UserRealm();
    }

    }

    实现用户认证
    MyController.java

    ....
    @RequestMapping("/login")
    public String login(@RequestParam("username") String username, @RequestParam("password") String password, Model model){
    //获取当前用户
    Subject subject = SecurityUtils.getSubject();
    //封装用户数据
    UsernamePasswordToken token = new UsernamePasswordToken(username, password);

    try {
    subject.login(token);
    return "index";
    } catch (UnknownAccountException e){ //用户名不存在
    model.addAttribute("msg", "用户名不存在");
    return "login";
    } catch (IncorrectCredentialsException e){ //密码不存在
    model.addAttribute("msg", "密码错误");
    return "login";
    }
    }

    login.html

    <!DOCTYPE html>
    <html lang="en" xmlns:th="http:www.thymeleaf.org">
    <head>
    <meta charset="UTF-8">
    <title>Title</title>
    </head>
    <body>
    <h1>登录</h1>
    <p th:text="${msg}" style="color: red"></p>
    <form th:action="@{/login}">
    <p> 用户名: <input type="text" name="username"></p>
    <p> 密码: <input type="text" name="password"></p>
    <p> <input type="submit">登录</p>
    </form>
    </body>
    </html>
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    Realm.java

    public class UserRealm extends AuthorizingRealm {
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    System.out.println("执行了=>授权doGetAuthorizationInfo");
    return null;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    System.out.println("执行了=>认证doGetAuthorizationInfo");

    //用户名、密码、数据库中取
    String name = "root";
    String password = "123456";

    UsernamePasswordToken userToken = (UsernamePasswordToken) token;

    if (!userToken.getUsername().equals(name)){
    return null; // 抛出异常 UnknownAccountException
    }

    //密码认证,shiro做
    return new SimpleAuthenticationInfo("", password, "");
    }
    }

     
  • 相关阅读:
    【STM32H7教程】第35章 STM32H7的定时器应用之高精度单次延迟实现(支持TIM2,3,4和5)
    【重大更新】AppWizard来了,emWin6.10版本来了
    【STM32H7教程】第34章 STM32H7的定时器应用之TIM1-TIM17的PWM实现
    【STM32H7教程】第33章 STM32H7的定时器应用之TIM1-TIM17的中断实现
    【性能测评】DSP库,MDK5的AC5,AC6,IAR和Embedded Studio的三角函数性能
    【实战经验分享】一劳永逸的解决网线随意热插拔问题
    基于STM32的无损压缩算法miniLZO移植,压缩率很高,20KB随机数压缩到638字节,耗时275us
    Java Number & Math类
    Java switch case语句
    java条件语句
  • 原文地址:https://www.cnblogs.com/lyy0622/p/15037547.html
Copyright © 2020-2023  润新知