本Demo是用SpringBoot+Mybatis+Shiro
省略创建SpringBoot的截图流程
导入jar包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
整个项目结构
shiro一般都在service(业务层)内
CredentialMatcher类是自定义登陆验证规则
AuthRealm类是每次登陆授权时需要使用的类
shiroConfiguration类是shiro的总配置文件
从大到小的顺序是 shiroConfiguration→AuthRealm→CredentialMatcher
CredentialMatcher
package com.hjy.serivce;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
/**
* 自定义登陆检验规则
*/
public class CredentialMatcher extends SimpleCredentialsMatcher {
//自定义验证规则
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
UsernamePasswordToken usernamePasswordToken=(UsernamePasswordToken) token;
//session的密码
String password =new String(usernamePasswordToken.getPassword());
//数据库对应的密码
String dePassword=info.getCredentials().toString();
//返回对比结果
return this.equals(password,dePassword);
}
}
AuthRealm
PS:我的dao和service只写一个方法就是通过传用户名来查找对应用户角色权限信息
package com.hjy.serivce;
import com.hjy.entity.Permission;
import com.hjy.entity.Role;
import com.hjy.entity.Users;
import org.apache.commons.collections.CollectionUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.Author