导入依赖
pom.xml
<!--shiro-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
编写配置类
@Configuration
public class ShiroConfig {
/*FilterFactoryBean:3*/
@Bean
public ShiroFilterFactoryBean getFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
/*设置安全管理器*/
shiroFilterFactoryBean.setSecurityManager(securityManager);
/*添加Shiro内置过滤器,常用的有如下过滤器:
anon: 无需认证就可以访问(没有登录就可以访问)
authc: 必须认证才可以访问(登录之后才可以访问)
user: 如果使用了记住我功能就可以直接访问
perms: 拥有某个资源权限才可以访问
role: 拥有某个角色权限才可以访问
*/
Map<String,String> filterMap = new LinkedHashMap<String, String>();
/*设置 start*/
//拦截
filterMap.put("/page1/*","perms[bank:page1]");
filterMap.put("/page2/*","perms[bank:page2]");
//设置登录页面
shiroFilterFactoryBean.setLoginUrl("/login.html");
//设置未授权的页面 shiroFilterFactoryBean.setUnauthorizedUrl("/xxx");
/*设置 end*/
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/*DefaultWebSecurityManager:2*/
@Bean("securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
DefaultWebSecurityManager dwm = new DefaultWebSecurityManager();
/*关联UserRealm*/
dwm.setRealm(userRealm);
return dwm;
}
/*创建realm对象 需要自定义类对象:1*/
@Bean("userRealm")
public UserRealm userRealm(){
return new UserRealm();
}
}
验证与授权的类
public class UserRealm extends AuthorizingRealm{
@Autowired
BankService bankService;
/*授权*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
/*拿到当前登录的对象*/
Subject subject = SecurityUtils.getSubject();
Bank currentBank = (Bank) subject.getPreviousPrincipals();
/*验证*/
info.addStringPermission(currentBank.getPerms());
return info;
}
/*认证*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
/*拿到用户登录信息*/
UsernamePasswordToken bankToken=(UsernamePasswordToken)authenticationToken;
/*查询数据库*/
Bank bank = bankService.findByName(bankToken.getUsername());
if(bank == null){
return null;
}
return new SimpleAuthenticationInfo(bank,bank.getBank_password(),"");
}
}
测试
@Controller
public class HelloController {
@RequestMapping("/login")
@ResponseBody
public String login(String username,String password) {
/*获取当前用户*/
Subject subject = SecurityUtils.getSubject();
/*封装当前用户的数据*/
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
/*登录*/
subject.login(token);
return "成功";
} catch (UnknownAccountException e) { //用户名不存在
System.out.println("用户名错误");
} catch (IncorrectCredentialsException e) { //密码错误
System.out.println("密码名错误");
}
return "失败";
}
}