【WEEK13】 【DAY3】Shiro Part 3【English Version】

2024.5.22 Wednesday

Continued from 【WEEK13】 【DAY2】Shiro Part 2【English Version】

15.4. Login Interception

15.4.1. Modifying ShiroConfig.java

package com.P40.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    // ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        // What to configure: click to enter the source code of ShiroFilterFactoryBean to view
        // Set the security manager
        bean.setSecurityManager(defaultWebSecurityManager);

        // Add Shiro's built-in filters
        Map<String,String> filterMap = new LinkedHashMap<>();
        filterMap.put("/user/add","authc");
        filterMap.put("/user/update","authc");
        // After modifying the access permissions for the add and update pages here, restart the project. Clicking on add or update will be intercepted, showing a 404 error, and should redirect to the login page

        bean.setFilterChainDefinitionMap(filterMap);
        return bean;
    }

    // DefaultWebSecurityManager
    ...
}
- anon: Accessible without authentication
- authc: Requires authentication
- user: Requires the remember me feature
- perms: Requires permission for a specific resource
- role: Requires a certain role permission

15.4.2. Creating login.html Page

Insert image description here

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>Login</h1>

<hr>
<form action="">
    <p>Username: <input type="text" name="username"></p>
    <p>Password: <input type="text" name="password"></p>
    <p><input type="submit"></p>
</form>
</body>
</html>

15.4.3. Modifying MyController.java

Adding a method to access the login page

package com.P40.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class MyController {

    @RequestMapping({"/", "/index"})
    public String toIndex(Model model){
        model.addAttribute("msg","hello, Shiro");
        return "index";
    }

    @RequestMapping("/user/add")
    public String add(){
        return "user/add";
    }

    @RequestMapping("/user/update")
    public String update(){
        return "user/update";
    }

    @RequestMapping("/toLogin")
    public String toLogin(){
        return "login";
    }
}

15.4.4. Further Modification to ShiroConfig.java

Using wildcards to redirect to the login page

package com.P40.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    // ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        // What to configure: click to enter the source code of ShiroFilterFactoryBean to view
        // Set the security manager
        bean.setSecurityManager(defaultWebSecurityManager);

        // Add Shiro's built-in filters
        /*
        anon: Accessible without authentication
        authc: Requires authentication
        user: Requires the remember me feature
        perms: Requires permission for a specific resource
        role: Requires a certain role permission
         */
        // Login interception
        Map<String,String> filterMap = new LinkedHashMap<>();
//        filterMap.put("/user/add","authc");
//        filterMap.put("/user/update","authc");
        // After modifying the access permissions for the add and update pages here, restart the project. Clicking on add or update will be intercepted, showing a 404 error, and should redirect to the login page
        filterMap.put("/user/*","authc");   // Wildcards can also be used to achieve the same effect as the above two lines (/user/add and /user/update)
        bean.setFilterChainDefinitionMap(filterMap);

        // If there is no permission, it needs to be redirected to the login page
        bean.setLoginUrl("/toLogin");   // Set the login request
        return bean;
    }

    // DefaultWebSecurityManager
    @Bean(name = "securityManager") // Assign an alias to this class for easy reference by ShiroFilterFactoryBean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){    // Get UserRealm, but it seems that annotations are not needed here and can be called directly
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // The default class name of DefaultWebSecurityManager is defaultWebSecurityManager, but it is changed to securityManager here

        // Associate UserRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    // Create realm object, need to customize the class
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }

    // The creation order is reversed (from realm->DefaultWebSecurityManager->ShiroFilterFactoryBean)
}

15.4.5. Restart

Click add or update on the homepage to jump to the login page
http://localhost:8080/toLogin
Insert image description here

15.5. User Authentication

15.5.1. Modifying MyController.java

package com.P40.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class MyController {

    @RequestMapping({"/", "/index"})
    public String toIndex(Model model){
        model.addAttribute("msg","hello, Shiro");
        return "index";
    }

    @RequestMapping("/user/add")
    public String add(){
        return "user/add";
    }

    @RequestMapping("/user/update")
    public String update(){
        return "user/update";
    }

    @RequestMapping("/toLogin")
    public String toLogin(){
        return "login";
    }


    @RequestMapping("/login")
    public String login(String username, String password, Model model){
        // Get the current user
        Subject subject = SecurityUtils.getSubject();

        // Encapsulate user login data
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);

        // Execute the login method. If there is no exception, it is successful. Select the code and press Ctrl+Alt+T to add try catch
        try {
            subject.login(token);
            return "index";
        } catch (UnknownAccountException e) {   // Username does not exist
            model.addAttribute("msg","Incorrect username");
            return "login";
        } catch (IncorrectCredentialsException e) {   // Incorrect password
            model.addAttribute("msg","Incorrect password");
            return "login";
        }
    }
}

15.5.2.Modifying login.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>Login</h1>

<hr>
<p th:text="${msg}" style="color: cadetblue"></p>

<form th:action="@{/login}">
    <p>Username: <input type="text" name="username"></p>
    <p>Password: <input type="text" name="password"></p>
    <p><input type="submit"></p>
</form>
</body>
</html>

15.5.3. Restart

Enter any username and password
Insert image description here
Insert image description here
Insert image description here
It indicates that the execution was successful
Insert image description here

15.5.4. Modify UserRealm.java

package com.P40.config;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

// UserRealm is a bean
// Custom UserRealm, you must inherit the AuthorizingRealm method, and then implement methods (alt+insert)
public class UserRealm extends AuthorizingRealm {
    // Authorization
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("do doGetAuthorizationInfo Authorization");
        return null;
    }

    // Authentication
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("do doGetAuthorizationInfo Authentication");

        // Username, password————data retrieval
        String name = "root";
        String password = "1";
        UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;

        if (!userToken.getUsername().equals(name)){
            return null;    // Throw UnknownAccountException automatically
        }

        // Password authentication, shiro operation
        return new SimpleAuthenticationInfo("",password,"");
    }
}

15.5.5. Restart

Select add or update to click, and automatically jump to the login page.

15.5.5.1. Enter the correct username and password

Insert image description here
After submission, return to the homepage, and both the add and update pages can be accessed
Insert image description here
Insert image description here

15.5.5.2. Enter the wrong username

Insert image description here
Insert image description here

15.5.5.3. Enter the wrong password

Insert image description here
Insert image description here

  • 19
    点赞
  • 12
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值