【WEEK13】 【DAY5】Shiro Part 5【English Version】

于 2024-05-27 08:30:00 发布
阅读量360 收藏 10
点赞数 3
分类专栏: Spring Boot学习 文章标签: spring boot java 后端
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/2401_83329143/article/details/139207760
版权

2024.5.24 Friday
Continuation from 【WEEK13】 【DAY4】Shiro Part 4【English Version】

Contents

15.7. Implementation of Shiro Request Authorization

15.7.1. Modify ShiroConfig.java

15.7.1.1. Add a line of code for authorization verification

// Authorization. Normally, it should redirect to an unauthorized page, but at this time, due to only adding the following verification, it directly redirects to the 401 page
filterMap.put("/user/add","perms[user:add]");

15.7.1.2. Restart

Log in with any user and try to access the “add” page: because the user’s permissions are insufficient, access is denied.
Insert image description here

15.7.2. Modify MyController.java

package com.P40.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class MyController {

    @RequestMapping({"/", "/index"})
    public String toIndex(Model model){
        model.addAttribute("msg","hello, Shiro");
        return "index";
    }


    @RequestMapping("/user/add")
    public String add(){
        return "user/add";
    }

    @RequestMapping("/user/update")
    public String update(){
        return "user/update";
    }

    @RequestMapping("/toLogin")
    public String toLogin(){
        return "login";
    }


    @RequestMapping("/login")
    public String login(String username, String password, Model model){
        // Get the current user
        Subject subject = SecurityUtils.getSubject();

        // Encapsulate user login data
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);

        // Execute the login method, if there is no exception, it is successful. Select the code and press Ctrl+Alt+T to add try-catch
        try {
            subject.login(token);
            return "index";
        } catch (UnknownAccountException e) {   // Username does not exist
            model.addAttribute("msg","Incorrect username");
            return "login";
        } catch (IncorrectCredentialsException e) {   // Incorrect password
            model.addAttribute("msg","Incorrect password");
            return "login";
        }
    }

    @RequestMapping("/noauth")
    @ResponseBody
    public String unauthorized(){
        return "Unauthorized, access to this page is prohibited";
    }
}

15.7.3. Modify ShiroConfig.java

Add redirection to an unauthorized page

package com.P40.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    // ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        // Configuration: click to enter ShiroFilterFactoryBean source code for details
        // Set security manager
        bean.setSecurityManager(defaultWebSecurityManager);

        // Add Shiro's built-in filters
        /*
        anon: Accessible without authentication
        authc: Must be authenticated to access
        user: Must have remember me functionality to use
        perms: Must have permission for a specific resource to access
        role: Must have certain role permissions
         */
        // Login interception
        Map<String,String> filterMap = new LinkedHashMap<>();

        // Authorization. Normally, it should redirect to an unauthorized page, but at this time, due to only adding the following verification, it directly redirects to the 401 page
        filterMap.put("/user/add","perms[user:add]");

//        filterMap.put("/user/add","authc");
//        filterMap.put("/user/update","authc");
        // After modifying the access permissions for the add and update pages only here, restart the project. Clicking on add or update will be intercepted, showing a 404 error, hoping to redirect to the login page
        filterMap.put("/user/*","authc");   // Wildcards can also be used here (replace the above two lines of /user/add and /user/update)
        bean.setFilterChainDefinitionMap(filterMap);

        // If no permissions, need to redirect to the login page
        bean.setLoginUrl("/toLogin");   // Set the login request

        // Unauthorized page
        bean.setUnauthorizedUrl("/noauth");

        return bean;
    }

    // DefaultWebSecurityManager
    @Bean(name = "securityManager") // Alias this class to facilitate invocation by ShiroFilterFactoryBean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){    // Get UserRealm, but it seems that annotations are not needed here, it can be called directly
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // The default class name of DefaultWebSecurityManager is defaultWebSecurityManager, it is just changed to securityManager here

        // Associate UserRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    // Create realm object, need to customize class
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }

    // Creation order is reversed (from real->DefaultWebSecurityManager->ShiroFilterFactoryBean)
}

15.7.4. Restart

Similarly, when trying to access the add page without permission, the displayed URL and corresponding page are as follows:
Insert image description here

15.7.5. Modify UserRealm.java

15.7.5.1. Add permissions to all users

package com.P40.config;

import com.P40.pojo.User;
import com.P40.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

// UserRealm is a bean
// Customized UserRealm, it must inherit the AuthorizingRealm method, and then implement methods (alt+insert)
public class UserRealm extends AuthorizingRealm {

    @Autowired
    UserService userService;

    // Authorization
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("do doGetAuthorizationInfo Authorization");

        // Authorization
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();   // You can first write new SimpleAuthorizationInfo(); and then use Alt+Enter to quickly create the preceding framework
        info.addStringPermission("user:add");   // Add permission for all logged-in users to access User:add, at this time, any logged-in user can access the add page

        // Cannot return null
        return info;
    }

    // Authentication
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("do doGetAuthenticationInfo Authentication");

        UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;

        // Change to connect to the real database
        User user = userService.queryUserByName(userToken.getUsername());
        if(user == null){   // User does not exist
            return null;    // UnknownAccountException
        }

        // Password authentication, shiro operation
        return new SimpleAuthenticationInfo("",user.getPwd(),"");
    }
}

15.7.5.2. Restart Verification

Insert image description here

Implementation of Shiro Request Authorization This part is half done, see 【WEEK14】 【DAY1】Shiro Part 6【English Version】 for details.

ZzzZzzzZzzzz-
关注
  • 3
    点赞
  • 10
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
springboot+shiro+md5
07-23
这里详细记录一次springboot使用shiro进行登录验证操作,同时结合MD5加密技术,实现web后台的登录功能。
Shiro + Hibernate5 + Spring5 + SpringMVC5 的jar
12-22
Shiro + Hibernate5 + Spring5 + SpringMVC5 的jar 的架包!
springboot结合shiro的demo
龙泉诗
03-12 161
项目结构 如图所示,项目一共分为6层,分别是: common公共层:主要是放置一些公共的模块 controller层:数据的表示层,俗称vo dao层: 用于操作数据库,增删改查 Exception异常层:定义一些全局的异常,方便维护 model层: 数据库表的映射 shiro层:主要是配置shiro的授权和认证 认证过程 // LoginController.java @PostMappi...
SpringBoot+Shiro框架整合实现前后端分离的权限管理基础Demo
蚂蚁舞
03-29 2456
记录一下使用SpringBoot集成Shiro框架实现前后端分离Web项目的过程,后端使用SpringBoot整合Shiro,前端使用vue+elementUI,达到前后端使用token来进行交互的应用,这种方式通常叫做无状态,后端只需要使用Shiro框架根据前端传来的token信息授权访问相应资源。
springboot+shiro(学习demo的搭建)
萝卜坑
07-22 601
springboot+shirojava安全框架学习使用) 1、认识Shiro Apache Shiro提供了一个强大而灵活的安全框架,可以为任何应用提供安全保障。用于认证和访问授权:满足对用户、角色、权限(操作权限)、资源(url),即用户分配角色,角色定义权限,访问授权时支持角色或者权限,并且支持多级的权限定义。 Shiro主要有三个核心组件:Subject、SecurityManager、...
SpringBoot整合shiro——简单的demo
Lifetime的博客
08-10 370
第一步:导入依赖 <!-- 导入shiro整合spring的包 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.1</version> </dependency> <!-- thyme
spring整合shiro(含MD5加密)
weixin_34261739的博客
05-07 180
shiro简介: shiro是apache提供的一个强大易用的Java安全框架,用于身份验证、授权、密码学和会话管理。点我下载源码。 开发环境及技术: 1、mysql - 5.7.21 2、navicat(mysql客户端管理工具) 3、eclipse 4、jdk9 5、tomcat 8.5 6、spring...
Springboot整合Shiro之加盐MD5加密的方法
08-26
Spring Boot 整合 Shiro 之加盐 MD5 加密方法 在本文中,我们将介绍如何在 Spring Boot 项目中整合 Shiro 框架,并使用加盐 MD5 加密来实现身份认证。Shiro 是一个功能强大且灵活的安全框架,提供了身份认证、授权...
springboot+cas5.x+shiro+pac4j实现sso集成
05-18
springboot+cas5.x+shiro+pac4j实现sso集成,请先看我的博客,如果有问题再下载此源码学习,
ExtjsWeb:Spring+Spring+Shiro+MyBatis+Extjs5创建的信息管理系统,支持图片登陆验证功能
05-08
ExtjsWeb SpringMVC+Spring+Shiro+MyBatis+Extjs5创建的信息管理系统,支持图片登陆验证功能 由于Extjs包太大,上传是没有加进来,可以根据目录中的结构加上Extjs5的开发包。
spring boot shiro demo项目
04-03
springboot shiro 做的一个小demo ,方便快速入门shiro 会比security容易上手很多;
spring bootshiro集成demo
09-11
spring bootshiro集成demo,maven工程,简单的一个demo,文档请参考博文
单点登录cas服务器demo及springboot客户端demo
06-24
一个简单的集成了shiro+cas+pac4j的springboot项目,实现单点登录及单点退出。 包括一个cas-server服务器和一个demo客户端
Springboot+shiro简单登录案例
06-06
Shiro的简单登录,如若没有足够积分下载可留下邮箱或者私信我,直接发到你们邮箱,文章链接:https://blog.csdn.net/sutongxuevip/article/details/80584607
SpringBoot整合Shiro+JWT
05-15
本Demo案例为SpringBoot整合Shiro + JWT实现用户认证,代码注释全都有以及sql文件都已经打包,下载之后刷新pom依赖即可直接运行。
spring boot整合shiro(附带简单demo)
诗简默的博客
06-08 1万+
shiro是目前主流的java安全框架,主要用来更便捷的认证,授权,加密,会话管理。废话不多说,下面是一个简单的案例,Soring boot整合shiro;首先搭建一个spring boot框架,具体步骤请参考点击打开链接;然后配置shiro依赖(顺便整合mybatis)               &lt;dependency&gt; &lt;groupId&gt;org.springfra...
一.springbootshiro整合(示例)
热门推荐
u014203449的博客
02-16 4万+
地址: 演示地址:http://47.98.153.30:8080 账号:melo 密码:12345678 github地址:点击打开链接https://github.com/MeloFocus/focus 前端水平有限见谅 第一个整合目标: (1)用springboot整合shiro (2)完成简单的登录功能 (3)对url进行权限控制,当前登录用户拥有此ur...
spring-boot整合shiro
都是浮云
10-06 2万+
概述 权限体系在现代任何IT系统中都是很基础但又非常重要的部分,无论是传统MIS系统还是互联网系统,出于保护业务数据和应用自身的安全,都会设计自己的授权鉴权策略。 最近项目中也需要用到权限验证功能,项目为spring-boot工程,现成的权限验证框架有shirospring-security,shiro相对spring-security来说学习难度要低一点,也是老牌成熟的产品,因此选择shiro...
spring-boot集成shiro+jwt框架(下载项目能直接用,简单易懂,里面惊喜多多)
zhangtao_sb的博客
10-19 180
spring-boot集成shiro+jwt框架,有git源码地址项目大体框架shiro+jwt装饰器模式实现整体aop切面操作文件上传使用FastDFSswagger工具类项目地址 项目大体框架 项目整体框架使用springboot + mybatis-plus + shiro +jwt,实现了简单的htpp传输加密,日志,防止xss攻击(没啥用),令牌桶,参数验证,统一异常处理。 shiro+jwt 具体实现请看代码,这里就不做截图了: 1.唯一注意的是shiroRealm里面注入的对象要么使用spr
shiro.ini md5
最新发布
07-27
回答: 在Shiro中,shiro.ini是一个配置文件,用于配置Shiro的安全策略和认证授权规则。\[2\]而MD5是一种常用的加密算法,用于对密码进行加密。在Shiro中,可以使用MD5Utils类对密码进行MD5加密。\[3\] #### 引用[.reference_title] - *1* *3* [shiro使用ini 设置 MD5加密](https://blog.csdn.net/qq_35919264/article/details/99672929)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^insert_down28v1,239^v3^insert_chatgpt"}} ] [.reference_item] - *2* [【Shiro 框架总结】9 Shiro.ini详解](https://blog.csdn.net/FullStackDeveloper0/article/details/89354132)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^insert_down28v1,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值