2024.5.23 Thursday
Continued from 【WEEK13】 【DAY3】Shiro Part 3【English Version】
Contents
15.6. Integrate Shiro with MyBatis
15.6.1. Modify pom.xml
Import 5 dependencies
<!--mysql-->
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
</dependency>
<!--log4j-->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<!--druid-->
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.21</version>
</dependency>
<!--mybatis-->
<!-- https://mvnrepository.com/artifact/org.mybatis.spring.boot/mybatis-spring-boot-starter -->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.2</version>
</dependency>
<!--lombok-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.16.20</version>
</dependency>
15.6.2. Create application.yaml
Use the YAML file configuration previously used, copy and paste it, and make some modifications at the end. At this point, all contents of application.properties can be commented out without affecting use.
spring:
datasource:
username: root
password: 123456
# If there is a time zone error, add a time zone configuration and connect it with other configurations using &
# For example: serverTimezone=UTC
url: jdbc:mysql://localhost:3306/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.alibaba.druid.pool.DruidDataSource
# Spring Boot does not inject these attribute values by default, so you need to bind them yourself
# Druid-specific configuration
initialSize: 5
minIdle: 5
maxActive: 20
maxWait: 60000
timeBetweenEvictionRunsMillis: 60000
minEvictableIdleTimeMillis: 300000
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
poolPreparedStatements: true
# Configure monitoring statistical interception filters: stat: statistical monitoring; log4j: log recording; wall: defense against SQL injection
# If an error like java.lang.ClassNotFoundException: org.apache.log4j.Priority occurs
# Import the log4j dependency, Maven address: https://mvnrepository.com/artifact/log4j/log4j
filters: stat,wall,log4j
maxPoolPreparedStatementPerConnectionSize: 20
useGlobalDataSourceStat: true
connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
mybatis:
# type-aliases-package: P40.pojo
mapper-locations: classpath:mapper/*.xml
# Pay attention to the indentation of the three lines above, which directly determines whether there is an error
15.6.3. Connect to the database
A new mybatis database has been created
CREATE DATABASE `mybatis`;
USE `mybatis`;
CREATE TABLE `user`(
`id` INT(20) NOT NULL,
`name` VARCHAR(30) DEFAULT NULL,
`pwd` VARCHAR(30) DEFAULT NULL,
PRIMARY KEY(`id`)
)ENGINE=INNODB DEFAULT CHARSET=utf8;
INSERT INTO `user`(`id`,`name`,`pwd`) VALUES
(1,'zhangsan','123456'),
(2,'lisi','2345678'),
(3,'wangwu','3456789');
15.6.4. Modify application.properties
spring.application.name=shiro-springboot
#mybatis.type-aliases-package=P40.pojo
mybatis.mapper-locations=classpath:mapper/*.xml
Note here!!! The aliases starting from the second line cannot be used here (it will cause an error), so it should be commented out to run successfully!
15.6.5. Create pojo folder and mapper folders (two places)
15.6.5.1. Create User.java
package com.P40.pojo;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {
private int id;
private String name;
private String pwd;
}
15.6.5.2. Create UserMapper.java
package com.P40.mapper;
import com.P40.pojo.User;
import org.apache.ibatis.annotations.Mapper;
import org.springframework.stereotype.Repository;
@Repository
@Mapper// Whether this mapper is commented or not doesn't matter
public interface UserMapper {
public User queryUserByName(String name);
}
15.6.5.3. Create UserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.P40.mapper.UserMapper">
<select id="queryUserByName" parameterType="String" resultType="com.P40.pojo.User">
SELECT * FROM mybatis.user WHERE name = #{name}
</select>
</mapper>
15.6.6. Create service folder
15.6.6.1. Create UserService.java
package com.P40.service;
import com.P40.pojo.User;
public interface UserService {
public User queryUserByName(String name);
}
15.6.6.2. Create UserServiceImpl.java
package com.P40.service;
import com.P40.mapper.UserMapper;
import com.P40.pojo.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class UserServiceImpl implements UserService {
@Autowired
UserMapper userMapper;
@Override
public User queryUserByName(String name) {
return userMapper.queryUserByName(name);
}
}
15.6.6.3. Unit Test
Modify ShiroSpringbootApplicationTests.java
package com.P40;
import com.P40.service.UserServiceImpl;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
class ShiroSpringbootApplicationTests {
@Autowired
UserServiceImpl userService;
@Test
void contextLoads() {
System.out.println(userService.queryUserByName("lisi"));
}
}
However, the test here cannot run 【Solved】Modified the yaml configuration file and UserMapper.xml file (the key is to remove the file aliases)
15.6.7. Connect to a real database
15.6.7.1. Modify UserRealm.java
package com.P40.config;
import com.P40.pojo.User;
import com.P40.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
// UserRealm is a bean
// Custom UserRealm, must inherit AuthorizingRealm method, and then implement methods (alt+insert)
public class UserRealm extends AuthorizingRealm {
@Autowired
UserService userService;
// Authorization
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("do doGetAuthorizationInfo Authorization");
return null;
}
// Authentication
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("do doGetAuthorizationInfo Authentication");
// Username, password -- Data reading. The following two lines are the user data obtained by simulating connecting to the database in the early stage of programming
// String name = "root";
// String password = "1";
UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
// if (!userToken.getUsername().equals(name)){
// return null; //Throw UnknownAccountException exception (automatically)
// }
// Change to connect to a real database
User user = userService.queryUserByName(userToken.getUsername());
if(user == null){ // This user does not exist
return null; // UnknownAccountException
}
// Password authentication, Shiro operation
// return new SimpleAuthenticationInfo("",password,"");
return new SimpleAuthenticationInfo("",user.getPwd(),"");
}
}
15.6.7.2. Modify the User table
Add a new row of data
15.6.7.3. Restart ShiroSpringbootApplication.java
http://localhost:8080/toLogin
Login test according to the username and password in the User table
Login successful
Directly change the username in the URL to root, since the password is also 123456, the login status can be maintained:
If changing the username to lisi, because the password for lisi is 2345678, it shows password error and cannot log in:
Trying to log in with wangwu’s account, but entering the wrong username, it shows username error and cannot log in either:
15.6.7.4. Currently using general encryption
CredentialsMatcher.java
Set breakpoints in MyController.java to check the execution process
Or set breakpoints in UserRealm.java
At this point, the password entered by the user on the web page is not encrypted in CredentialsMatcher, so the password appears explicitly in the URL (plaintext password).
Click the green “I” in the left sidebar to expand ten encryption methods, among which the default is SimpleCredentialsMatcher.
In practical use, MD5 encryption results in the same ciphertext for the same plaintext password, a more secure method is MD5 salt encryption (the username is also appended to the end of the password encrypted with MD5).
1315
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
