引入jar包 <spring -shiro >
创建主配置类
package com.aaa.pettyloan.config;
import com.aaa.pettyloan.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.Map;
/**
* @author fei
* @description shiro的主配置文件
* @company AAA软件
* @className QY95
*/
@Configuration
public class ShiroConfig {
/**
* 在spring 的工厂中创建ShiroFilterFactoryBean 的对象
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap();
//没有登录跳转到的界面
shiroFilterFactoryBean.setLoginUrl("/login");
// 没有授权跳转到的界面
shiroFilterFactoryBean.setUnauthorizedUrl("/toError");
// 配置不能拦截的请求
filterChainDefinitionMap.put("/logout","logout");
filterChainDefinitionMap.put("/plugins/element-ui/fonts/**","anon");
filterChainDefinitionMap.put("/plugins/element-ui/**","anon");
filterChainDefinitionMap.put("/login","anon");
filterChainDefinitionMap.put("/checkEmp","anon");
filterChainDefinitionMap.put("/toError","anon");
//配置员工必须有相对应的权限才能访问
filterChainDefinitionMap.put("/sys/*","perms[sys]");
filterChainDefinitionMap.put("/fan/*","perms[fan]");
filterChainDefinitionMap.put("/cle/*","perms[cle]");
filterChainDefinitionMap.put("/loan/*","perms[loan]");
filterChainDefinitionMap.put("/check/*","perms[check]");
filterChainDefinitionMap.put("/show/*","perms[show]");
filterChainDefinitionMap.put("/other/*","perms[other]");
// 所有其他请求都要经过登录校验
filterChainDefinitionMap.put("/**","authc");
return shiroFilterFactoryBean;
}
/**
* 在spring工厂中创建SecurityManager 对象
* @return
*/
@Bean
public SecurityManager getSecurityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(getRealm());
return securityManager;
}
/**
* 创建realm的实现类对象
* @return
*/
@Bean
public MyRealm getRealm(){
MyRealm realm = new MyRealm();
realm.setCredentialsMatcher(getMatcher());
return realm;
}
/**
* 创建凭证匹配器对象
* @return
*/
@Bean
public HashedCredentialsMatcher getMatcher(){
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName("MD5");
credentialsMatcher.setHashIterations(10);
return credentialsMatcher;
}
}
创建realm
package com.aaa.pettyloan.realm;
import com.aaa.pettyloan.entity.Employee;
import com.aaa.pettyloan.entity.Users;
import com.aaa.pettyloan.service.LoginService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.List;
/**
* @author fei
* @description 自定义的realm域
* @company AAA软件
* @className QY95
* 2019/7/17 19:26
*/
public class MyRealm extends AuthorizingRealm {
@Autowired
private LoginService loginService;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取用户对象
Employee emp = (Employee) principalCollection.getPrimaryPrincipal();
//根据用户id查询用户能操作的命名空间
List<String> namespaces = loginService.queryPermitByshiro(emp);
//吧命名空间放到shiro中
SimpleAuthorizationInfo saf = new SimpleAuthorizationInfo();
saf.addStringPermissions(namespaces);
return saf;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取用户前台传来的用户名密码
String empno = authenticationToken.getPrincipal().toString();
//根据用户名查询用户对象
Employee emp = loginService.findByUsername(empno);
if(emp==null){
throw new UnknownAccountException("用户名输入错误");
}
//传递密码时设置盐值
ByteSource salt = ByteSource.Util.bytes(emp.getSalt());
SimpleAuthenticationInfo slf = new SimpleAuthenticationInfo(emp,emp.getPassword(),salt,"MyRealm");
return slf;
}
}
之后再登录controller配置
完成!