Shiro
package cn.liuweiwei.config;
import cn.liuweiwei.shiro.realms.CustomerRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(WebSecurityManager securityManager){
ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
filterFactoryBean.setSecurityManager(securityManager);
HashMap<String, String> map = new HashMap<>();
map.put("/user/login","anon");
map.put("/register.jsp","anon");
map.put("/user/register","anon");
map.put("/**","authc");
filterFactoryBean.setFilterChainDefinitionMap(map);
return filterFactoryBean;
}
@Bean
public DefaultWebSecurityManager webSecurityManager(Realm realm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
@Bean
public Realm realm(){
CustomerRealm realm = new CustomerRealm();
return realm;
}
}
Realm
package cn.liuweiwei.shiro.realms;
import cn.liuweiwei.domain.Role;
import cn.liuweiwei.domain.User;
import cn.liuweiwei.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.List;
public class CustomerRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String principal = (String) principalCollection.getPrimaryPrincipal();
List<Role> roleList = userService.selectUserRole(principal);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
if (roleList != null){
for (Role role : roleList) {
info.addRole(role.getRoleName());
}
return info;
}
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
User user = userService.selectOneUser((String) token.getPrincipal());
if (user != null) {
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), this.getName());
}
return null;
}
}
Controller
package cn.liuweiwei.controller;
import cn.liuweiwei.domain.User;
import cn.liuweiwei.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/register")
public String register(User user){
try {
userService.saveOneUser(user);
return "redirect:/login.jsp";
} catch (Exception e) {
e.printStackTrace();
}
return "redirect:/register.jsp";
}
@RequestMapping("/logout")
@RequiresRoles("admin")
public String logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "redirect:/login.jsp";
}
@RequestMapping("/login")
public String login(String username,String password){
Subject subject = SecurityUtils.getSubject();
try {
User user = userService.selectOneUser(username);
Md5Hash md5Hash = new Md5Hash(password,user.getSalt(),1024);
subject.login(new UsernamePasswordToken(username,md5Hash.toHex()));
return "redirect:/index.jsp";
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名错误");
}catch (IncorrectCredentialsException e){
e.printStackTrace();
System.out.println("密码错误");
}catch (Exception e){
e.printStackTrace();
System.out.println("用户不存在");
}
return "redirect:/login.jsp";
}
}
Shiro_jsp
<%@page isELIgnored="false" contentType="text/html; UTF-8" pageEncoding="UTF-8" %>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>主页</title>
</head>
<body>
<h1>系统主页V1.0</h1>
<a href="${pageContext.request.contextPath}/user/logout">退出登录</a>
<div>
<shiro:hasRole name="admin">
<a href=""><li>订单管理</li></a>
<a href=""><li>商品管理</li></a>
<a href=""><li>物流管理</li></a>
</shiro:hasRole>
<shiro:hasRole name="user">
<a href=""><li>用户管理</li></a>
</shiro:hasRole>
</div>
</body>
</html>
原生Shiro
Realm
package cn.liuweiwei.config.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.Arrays;
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo("vivi",
"d10c7fba3f036e02b459d59bed88f8f5",
ByteSource.Util.bytes("&tuinjowqe"),
this.getName());
return simpleAuthenticationInfo;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String principal = (String) principalCollection.getPrimaryPrincipal();
System.out.println("当前用户的身份信息:" + principal);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(Arrays.asList("admin","user"));
return info;
}
}
Config
package cn.liuweiwei.config;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
public class TestAuthenticator {
public static void main(String[] args) {
DefaultSecurityManager securityManager = new DefaultSecurityManager();
securityManager.setRealm(new IniRealm("classpath:shiro.ini"));
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("vivid","123");
try {
subject.login(token);
}catch (Exception e){
e.printStackTrace();
}
System.out.println("用户名错误!!!");
}
}
MD5
package cn.liuweiwei.config;
import org.apache.shiro.crypto.hash.Md5Hash;
public class TestMD5 {
public static void main(String[] args) {
Md5Hash hash = new Md5Hash("123");
System.out.println(hash.toHex());
System.out.println(hash);
Md5Hash md5Hash = new Md5Hash("123","&tuinjowqe",1024);
System.out.println(md5Hash);
System.out.println(md5Hash.toHex());
}
}