package com.alatus.shiro.config;
import com.alatus.shiro.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.AllSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class ShiroConfig {
@Autowired
private MyRealm realm;
// 配置SecurityManager
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager(){
// 创建SecurityManager对象
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
// 创建加密对象,设置相关属性
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
// 采用MD5加密
matcher.setHashAlgorithmName("md5");
// 迭代次数
matcher.setHashIterations(3);
// 创建认证对象
ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
// 全部策略通过
modularRealmAuthenticator.setAuthenticationStrategy(new AllSuccessfulStrategy());
// 将认证对象传入
defaultWebSecurityManager.setAuthenticator(modularRealmAuthenticator);
// 将加密对象存储到Realm中
realm.setCredentialsMatcher(matcher);
// 将Realm存入defaultWebSecurityManager对象
// 如果有多个realm就放入多个,但是需要以集合的形式传入
List list = new ArrayList<AuthorizingRealm>();
list.add(realm);
defaultWebSecurityManager.setRealms(list);
// defaultWebSecurityManager.setRealm(realm);
// 设置rememberMe
defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
// 返回
return defaultWebSecurityManager;
}
// 配置 Shiro 内置过滤器拦截范围
@Bean
public DefaultShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
// 设置不需要认证可以访问的资源
definition.addPathDefinition("/myController/userLogin", "anon");
definition.addPathDefinition("/login", "anon");
// 设置需要进行身份认证的拦截范围
definition.addPathDefinition("/**", "authc");
// 存在rememberMe的过滤器
definition.addPathDefinition("/**", "user");
return definition;
}
// 创建记住我功能所需的简单 Cookie 对象
public SimpleCookie rememberMeCookie() {
SimpleCookie cookie = new SimpleCookie("rememberMe");
// 设置 Cookie 的路径、HTTPOnly 属性和最大生存时间(以秒为单位,这里设置为30天)
cookie.setPath("/");
cookie.setHttpOnly(true);
cookie.setMaxAge(30 * 24 * 60 * 60);
return cookie;
}
// 创建 Shiro 的 CookieRememberMeManager 对象
public CookieRememberMeManager rememberMeManager() {
// 创建 CookieRememberMeManager 对象
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
// 设置 CookieRememberMeManager 的 Cookie 对象
cookieRememberMeManager.setCookie(rememberMeCookie());
// 设置 CookieRememberMeManager 的加密密钥
cookieRememberMeManager.setCipherKey("1234567890987654".getBytes());
return cookieRememberMeManager;
}
}
package com.alatus.shiro.config;
import com.alatus.shiro.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.AllSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class ShiroConfig {
@Autowired
private MyRealm realm;
// 配置SecurityManager
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager(){
// 创建SecurityManager对象
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
// 创建加密对象,设置相关属性
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
// 采用MD5加密
matcher.setHashAlgorithmName("md5");
// 迭代次数
matcher.setHashIterations(3);
// 创建认证对象
ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
// 全部策略通过
modularRealmAuthenticator.setAuthenticationStrategy(new AllSuccessfulStrategy());
// 将认证对象传入
defaultWebSecurityManager.setAuthenticator(modularRealmAuthenticator);
// 将加密对象存储到Realm中
realm.setCredentialsMatcher(matcher);
// 将Realm存入defaultWebSecurityManager对象
// 如果有多个realm就放入多个,但是需要以集合的形式传入
List list = new ArrayList<AuthorizingRealm>();
list.add(realm);
defaultWebSecurityManager.setRealms(list);
// defaultWebSecurityManager.setRealm(realm);
// 设置rememberMe
defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
// 返回
return defaultWebSecurityManager;
}
// 配置 Shiro 内置过滤器拦截范围
@Bean
public DefaultShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
// 设置不需要认证可以访问的资源
definition.addPathDefinition("/myController/userLogin", "anon");
definition.addPathDefinition("/login", "anon");
// 设置需要进行身份认证的拦截范围
definition.addPathDefinition("/**", "authc");
// 存在rememberMe的过滤器
definition.addPathDefinition("/**", "user");
return definition;
}
// 创建记住我功能所需的简单 Cookie 对象
public SimpleCookie rememberMeCookie() {
SimpleCookie cookie = new SimpleCookie("rememberMe");
// 设置 Cookie 的路径、HTTPOnly 属性和最大生存时间(以秒为单位,这里设置为30天)
cookie.setPath("/");
cookie.setHttpOnly(true);
cookie.setMaxAge(30 * 24 * 60 * 60);
return cookie;
}
// 创建 Shiro 的 CookieRememberMeManager 对象
public CookieRememberMeManager rememberMeManager() {
// 创建 CookieRememberMeManager 对象
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
// 设置 CookieRememberMeManager 的 Cookie 对象
cookieRememberMeManager.setCookie(rememberMeCookie());
// 设置 CookieRememberMeManager 的加密密钥
cookieRememberMeManager.setCipherKey("1234567890987654".getBytes());
return cookieRememberMeManager;
}
}
package com.alatus.shiro.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.servlet.http.HttpSession;
@Controller
@RequestMapping("myController")
public class MyController {
@GetMapping("userLogin")
public String userLogin(String name, String pwd,@RequestParam(defaultValue = "false")boolean rememberMe, HttpSession session){
// 获取subject对象
Subject subject = SecurityUtils.getSubject();
// 封装对象到token
AuthenticationToken token = new UsernamePasswordToken(name,pwd,rememberMe);
// 调用login方法进行认证
try{
subject.login(token);
session.setAttribute("user",token.getPrincipal().toString());
return "main";
}
catch (AuthenticationException e){
e.printStackTrace();
return "登陆失败";
}
}
@GetMapping("userLoginRm")
public String userLogin(HttpSession session){
session.setAttribute("user","rememberMe");
return "main";
}
// 跳转登陆页面
@GetMapping("login")
public String login(){
return "login";
}
}
package com.alatus.shiro.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.servlet.http.HttpSession;
@Controller
@RequestMapping("myController")
public class MyController {
@GetMapping("userLogin")
public String userLogin(String name, String pwd,@RequestParam(defaultValue = "false")boolean rememberMe, HttpSession session){
// 获取subject对象
Subject subject = SecurityUtils.getSubject();
// 封装对象到token
AuthenticationToken token = new UsernamePasswordToken(name,pwd,rememberMe);
// 调用login方法进行认证
try{
subject.login(token);
session.setAttribute("user",token.getPrincipal().toString());
return "main";
}
catch (AuthenticationException e){
e.printStackTrace();
return "登陆失败";
}
}
@GetMapping("userLoginRm")
public String userLogin(HttpSession session){
session.setAttribute("user","rememberMe");
return "main";
}
// 跳转登陆页面
@GetMapping("login")
public String login(){
return "login";
}
}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Shiro</title>
</head>
<body>
<h1>Shiro验证登录</h1>
<br>
<form action="/myController/userLogin">
<div>
用户名:<input type="text" name="name" value="Jack"/>
</div>
<div>
密码:<input type="password" name="pwd" value="admin123"/>
</div>
<div>
记住我:<input type="checkbox" name="rememberMe" value="true">
</div>
<div>
<input type="submit" value="登录"/>
</div>
</form>
</body>
</html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Shiro</title>
</head>
<body>
<h1>Shiro验证登录</h1>
<br>
<form action="/myController/userLogin">
<div>
用户名:<input type="text" name="name" value="Jack"/>
</div>
<div>
密码:<input type="password" name="pwd" value="admin123"/>
</div>
<div>
记住我:<input type="checkbox" name="rememberMe" value="true">
</div>
<div>
<input type="submit" value="登录"/>
</div>
</form>
</body>
</html>