您现在的位置是:首页 > java技术交流java技术交流
shiro1.7 使用springboot 登录 笔记
上善若水2020-12-19 16:24:17【java技术交流】
4360人已围观
简介目前在权限这块shiro和Spring Security是比较热门的两个框架,本篇主要使用shiro实现基本的登录功能,供大家学习使用. 1.引入pom依赖在maven仓库中查找shiro-sprin
目前在权限这块shiro和Spring Security是比较热门的两个框架,本篇主要使用shiro实现基本的登录功能,供大家学习使用.
1.引入pom依赖
在maven仓库中查找shiro-spring 截止到2020-12-19日 最新的版本为1.7,在pom中引入依赖如下.
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.0</version>
</dependency>
2.编写登录控制器,实现登录方法
package com.springboot.blog.controller.admin;
import com.springboot.blog.dto.LayResponse;
import com.springboot.blog.service.IUserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpSession;
import java.util.Map;
@Controller
class AdminLoginController {
@Autowired
IUserService userService;
String PATH = "admin/login/";
@GetMapping(value = {"/admin/login/index", "/admin/login"})
public String index() {
return PATH + "index";
}
@PostMapping(value = {"/admin/login"})
@ResponseBody
public LayResponse login(@RequestParam Map<String, String> param, HttpSession session) {
//用户认证信息
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(param.get("username"), param.get("password"));
LayResponse response = new LayResponse();
response.success("登录成功");
try {
//进行验证,这里可以捕获异常,然后返回对应信息
subject.login(usernamePasswordToken);
} catch (UnknownAccountException e) {
response.error("用户名不存在!");
} catch (AuthenticationException e) {
response.error("账号或密码错误!");
} catch (AuthorizationException e) {
response.error("没有权限");
} catch (Exception e) {
response.error("其他错误");
}
return response;
}
}
3.编写Realm 集成AuthorizingRealm 重写登录逻辑
package com.springboot.blog.interceptor;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.springboot.blog.entity.User;
import com.springboot.blog.service.IUserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
public class CustomRealm extends AuthorizingRealm {
@Autowired
IUserService userService;
/**
* @MethodName doGetAuthorizationInfo
* @Description 权限配置类
* @Param [principalCollection]
* @Return AuthorizationInfo
* @Author WangShiLin
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
return simpleAuthorizationInfo;
}
/**
* @MethodName doGetAuthenticationInfo
* @Description 认证配置类
* @Param [authenticationToken]
* @Return AuthenticationInfo
* @Author WangShiLin
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取用户信息
String name = authenticationToken.getPrincipal().toString();
User user = userService.getOne(new LambdaQueryWrapper<User>().eq(User::getUsername, name));
if(user==null){return null;}
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
}
}
上面的查询是采用mybaits plus自带的查询方法,doGetAuthorizationInfo这个方法本篇不涉及到,可以不用看.
4.配置过滤器 拦截过滤 规则.同时配置shiro其他配置
package com.springboot.blog.config;
import com.springboot.blog.interceptor.CustomRealm;
import com.springboot.blog.interceptor.ShiroLoginFilter;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.Filter;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
/**
* 密码校验规则HashedCredentialsMatcher
* 这个类是为了对密码进行编码的 ,
* 防止密码在数据库里明码保存 , 当然在登陆认证的时候 ,
* 这个类也负责对form里输入的密码进行编码
* 处理认证匹配处理器:如果自定义需要实现继承HashedCredentialsMatcher
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher() {
//Shiro自带加密
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
//散列算法使用md5
credentialsMatcher.setHashAlgorithmName("md5");
//散列次数,1表示md5加密1次
credentialsMatcher.setHashIterations(1);
credentialsMatcher.setStoredCredentialsHexEncoded(true);
return credentialsMatcher;
}
//将自己的验证方式加入容器
@Bean
public CustomRealm myShiroRealm() {
CustomRealm customRealm = new CustomRealm();
customRealm.setCredentialsMatcher(hashedCredentialsMatcher());//将自己的验证方式加入容器
return customRealm;
}
//权限管理,配置主要是Realm的管理认证
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
/*
* @Shiro内置过滤器
* anon org.apache.shiro.web.filter.authc.AnonymousFilter
* authc org.apache.shiro.web.filter.authc.FormAuthenticationFilter
* authcBasic org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
* perms org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
* port org.apache.shiro.web.filter.authz.PortFilter
* rest org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
* roles org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
* ssl org.apache.shiro.web.filter.authz.SslFilter
* user org.apache.shiro.web.filter.authc.UserFilter
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<>();
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
//filters.put("authc", new ShiroLoginFilter());//添加自定义拦截器
//修改退出重定向页面
LogoutFilter logout = new LogoutFilter();
logout.setRedirectUrl("/admin/login");
filters.put("logout", logout);
map.put("/admin/**", "authc");
map.put("/admin/logout", "logout");
map.put("/**", "anon");
//登录
shiroFilterFactoryBean.setLoginUrl("/admin/login");
//错误页面,认证不通过跳转
// shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
5.shiro登录完成.
附上代码:https://gitee.com/my4vsy/springboot-blog/tree/v2.1
参考资料:https://www.jianshu.com/p/7f724bec3dc3
以及网上大佬教程!
Tags: shiro springboot
很赞哦! (12)
相关文章
随机图文
使用maven mybatis generator自动生成mybatis实体以及查询代码 mapper代码详细教程
mybatis-generator-maven-plugin是mybatis 官方发布的maven插件,能够自动生成代码,在项目开发前期设计完数据库库后,需要大量编写实体类,使用maven插件省时省力
精品笑话十五则,总有一则逗乐您
1、刚毕业的时候在一家电子厂打エ,同宿舍有一姐妹老喜欢吃别人的东西。只要是吃的东西放桌上,一转身准没了。有次我买了几个苹果,想想放着不安全,我每个苹果都咬了一口后出去。回来我发现……整颗苹果只剩下我咬的那一小块了…… 2、我侄女是幼儿园老师,她女儿归她教,别的孩子在幼儿园里哭找妈妈,小家伙倒好人家哭天喊地的找爸爸。 3、最近每天陪领导下乡,一个礼拜下来,晒的黑炭似的才回来。刚进家,6岁的儿子看
phpstorm 新建php文件显示为文本 不提示php语法
phpstorm 新建php文件显示为文本 不提示php语法 跟显示txt文本文件一样 不提示任何语法 不变任何颜色 把文件删除 重新建还是一样 默认一文本方式打开 终于找到方法解决.1.首先在设置中
怎么跟女生聊天
关于跟女生聊什么,这个千古难题困扰了无数男同学,今天我带着使命来拯救各位!首先大家想思考一下,你为什么没有话题跟女生聊?是自己直男吗?还是自己太过内向?统统都不是!!!最重要的原因就是你肚子里没有货!
