一、Springboot2.3加Mybatis-plus集成Apache Shiro实现权限管理(原生集成)

最新推荐文章于 2022-11-11 11:39:55 发布
最新推荐文章于 2022-11-11 11:39:55 发布
阅读量780 收藏 5
点赞数 1
分类专栏: shiro springboot 文章标签: shiro
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/fangchao2011/article/details/106499906
版权

0、项目结构图

在这里插入图片描述

1、pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.3.0.RELEASE</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.jack</groupId>
	<artifactId>demo</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>war</packaging>
	<name>shiro</name>
	<description>Demo project for Spring shiro</description>

	<properties>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<!-- mybatis -->
		<!--<dependency>
			<groupId>org.mybatis.spring.boot</groupId>
			<artifactId>mybatis-spring-boot-starter</artifactId>
			<version>2.1.2</version>
		</dependency>-->

		<!-- mybatis plus -->
		<dependency>
			<groupId>com.baomidou</groupId>
			<artifactId>mybatis-plus-boot-starter</artifactId>
			<version>3.1.0</version>
		</dependency>

		<!-- mybatis plus 代码生成器依赖 -->
		<dependency>
			<groupId>com.baomidou</groupId>
			<artifactId>mybatis-plus-generator</artifactId>
			<version>3.1.0</version>
		</dependency>

		<!-- 代码生成器模板 -->
		<dependency>
			<groupId>org.freemarker</groupId>
			<artifactId>freemarker</artifactId>
		</dependency>

		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
			<optional>true</optional>
		</dependency>

		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-tomcat</artifactId>
			<scope>provided</scope>
		</dependency>

		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-core</artifactId>
			<version>1.5.3</version>
		</dependency>

		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>1.5.3</version>
		</dependency>

		<dependency>
			<groupId>com.alibaba</groupId>
			<artifactId>druid</artifactId>
			<version>1.1.22</version>
		</dependency>

		<dependency>
			<groupId>org.apache.commons</groupId>
			<artifactId>commons-lang3</artifactId>
			<version>3.10</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context-support</artifactId>
			<version>5.2.6.RELEASE</version>
		</dependency>

		<dependency>
			<groupId>org.apache.tomcat.embed</groupId>
			<artifactId>tomcat-embed-jasper</artifactId>
		</dependency>

		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>jstl</artifactId>
		</dependency>


		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
			<exclusions>
				<exclusion>
					<groupId>org.junit.vintage</groupId>
					<artifactId>junit-vintage-engine</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

2、application.properties

## database ##
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/db_shiro?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=Asia/Shanghai
spring.datasource.username=root
spring.datasource.password=123456

## mybatis plus ##
mybatis-plus.mapper-locations=mapper/*.xml
mybatis-plus.typeAliasesPackage=com.jack.demo.entity
mybatis-plus.global-config.db-config.logic-delete-value=9
mybatis-plus.global-config.db-config.logic-not-delete-value=1

## jsp ##
spring.mvc.view.prefix=/WEB-INF/jsp/
spring.mvc.view.suffix=.jsp
spring.mvc.throw-exception-if-no-handler-found=true
spring.mvc.static-path-pattern=/**

3、AuthRealm(授权、认证登录)

package com.jack.demo;

import com.jack.demo.entity.Permission;
import com.jack.demo.entity.Role;
import com.jack.demo.entity.User;
import com.jack.demo.service.UserService;
import org.apache.commons.collections.CollectionUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;

/**
 * @program: demo
 * @description: 认证登录
 * @author: Jack.Fang
 * @date:2020-06-02 1432
 **/
public class AuthRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        User user = (User)principalCollection.fromRealm(this.getClass().getName()).iterator().next();
        List<String> permissionList = new ArrayList<>();
        List<String> roleNameList = new ArrayList<>();
        Set<Role> roleSet = user.getRoles();
        if(CollectionUtils.isNotEmpty(roleSet)){
            for(Role role:roleSet){
                roleNameList.add(role.getRname());
                Set<Permission> permissionSet = role.getPermissions();
                if(CollectionUtils.isNotEmpty(permissionSet)){
                    for(Permission permission:permissionSet){
                        permissionList.add(permission.getName());
                    }
                }
            }
        }
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addStringPermissions(permissionList);
        info.addRoles(roleNameList);
        return info;
    }

    //认证登录
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        String username = usernamePasswordToken.getUsername();
        User user = userService.findByUserName(username);
        return new SimpleAuthenticationInfo(user==null?new User():user,user==null?null:user.getPassword(),this.getClass().getName());
    }
}

4、CredentialMatcher(重写密码校验)

package com.jack.demo;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;

/**
 * @program: demo
 * @description: 密码校验规则重写(自定义MD5验证等)
 * @author: Jack.Fang
 * @date:2020-06-02 1445
 **/
public class CredentialMatcher extends SimpleCredentialsMatcher {

    // 密码校验规则重写
    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        String password = new String(usernamePasswordToken.getPassword());
        String dbPassword = (String)info.getCredentials();
        return this.equals(password,dbPassword);
    }
}

4、ShiroConfiguration(shiro配置)

package com.jack.demo;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

/**
 * @program: demo
 * @description: Shiro 配置
 * @author: Jack.Fang
 * @date:2020-06-02 1451
 **/

@Configuration
public class ShiroConfiguration {

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(manager);

        bean.setLoginUrl("/login");
        bean.setSuccessUrl("/index");
        bean.setUnauthorizedUrl("/unauthorized");

        //取决于DefaultFilter枚举中的值(满足条件后所调用的拦截器)
        LinkedHashMap<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/index","authc");//需要验证
        filterChainDefinitionMap.put("/login","anon");//无需验证
        filterChainDefinitionMap.put("/loginUser", "anon");//无需验证
        filterChainDefinitionMap.put("/admin", "roles[admin]");//需要管理员登录
        filterChainDefinitionMap.put("/edit", "perms[edit]");//需要编辑权限
        filterChainDefinitionMap.put("/druid/**", "anon");//无需验证
        filterChainDefinitionMap.put("/**", "user");//用户级别(只验证是否登录)
        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return bean;
    }

    @Bean("securityManager")
    public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm){
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(authRealm);
        return manager;
    }

    @Bean("authRealm")
    public AuthRealm authRealm(@Qualifier("credentialMatcher") CredentialMatcher credentialMatcher){
        AuthRealm authRealm = new AuthRealm();
        authRealm.setCredentialsMatcher(credentialMatcher);
        return authRealm;
    }

    @Bean("credentialMatcher")
    public CredentialMatcher credentialMatcher(){
        return new CredentialMatcher();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager manager){
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(manager);
        return advisor;
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }
}

5、表设计

5.1 图:数据库表

在这里插入图片描述

5.2 建表语句

/*
Navicat MySQL Data Transfer

Source Server         : localhost
Source Server Version : 80019
Source Host           : localhost:3306
Source Database       : db_shiro

Target Server Type    : MYSQL
Target Server Version : 80019
File Encoding         : 65001

Date: 2020-06-01 17:30:22
*/

SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------
-- Table structure for permission
-- ----------------------------
DROP TABLE IF EXISTS `permission`;
CREATE TABLE `permission` (
  `pid` int NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL DEFAULT '',
  `url` varchar(255) DEFAULT '',
  PRIMARY KEY (`pid`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of permission
-- ----------------------------
INSERT INTO `permission` VALUES ('1', 'add', '');
INSERT INTO `permission` VALUES ('2', 'delete', '');
INSERT INTO `permission` VALUES ('3', 'edit', '');
INSERT INTO `permission` VALUES ('4', 'query', '');

-- ----------------------------
-- Table structure for permission_role
-- ----------------------------
DROP TABLE IF EXISTS `permission_role`;
CREATE TABLE `permission_role` (
  `rid` int NOT NULL,
  `pid` int NOT NULL,
  KEY `idx_rid` (`rid`),
  KEY `idx_pid` (`pid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of permission_role
-- ----------------------------
INSERT INTO `permission_role` VALUES ('1', '1');
INSERT INTO `permission_role` VALUES ('1', '2');
INSERT INTO `permission_role` VALUES ('1', '3');
INSERT INTO `permission_role` VALUES ('1', '4');
INSERT INTO `permission_role` VALUES ('2', '1');
INSERT INTO `permission_role` VALUES ('2', '4');

-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (
  `rid` int NOT NULL AUTO_INCREMENT,
  `rname` varchar(255) NOT NULL DEFAULT '',
  PRIMARY KEY (`rid`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES ('1', 'admin');
INSERT INTO `role` VALUES ('2', 'customer');

-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
  `uid` int NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL DEFAULT '',
  `password` varchar(255) NOT NULL DEFAULT '',
  PRIMARY KEY (`uid`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES ('1', 'admin', '123');
INSERT INTO `user` VALUES ('2', 'demo', '123');

-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
  `uid` int NOT NULL,
  `rid` int NOT NULL,
  KEY `idx_uid` (`uid`),
  KEY `idx_rid` (`rid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES ('1', '1');
INSERT INTO `user_role` VALUES ('2', '2');

6、登录业务

6.1 实体类

Permission.java
package com.jack.demo.entity;

import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.extension.activerecord.Model;
import com.baomidou.mybatisplus.annotation.TableId;
import java.io.Serializable;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;

/**
 * <p>
 * 
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
public class Permission extends Model<Permission> {

    private static final long serialVersionUID = 1L;

    @TableId(value = "pid", type = IdType.AUTO)
    private Integer pid;

    private String name;

    private String url;


    @Override
    protected Serializable pkVal() {
        return this.pid;
    }

}
PermissionRole.java
package com.jack.demo.entity;

import com.baomidou.mybatisplus.extension.activerecord.Model;
import java.io.Serializable;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;

/**
 * <p>
 * 
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
public class PermissionRole extends Model<PermissionRole> {

    private static final long serialVersionUID = 1L;

    private Integer rid;

    private Integer pid;


    @Override
    protected Serializable pkVal() {
        return null;
    }

}
Role.java
package com.jack.demo.entity;

import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.extension.activerecord.Model;
import com.baomidou.mybatisplus.annotation.TableId;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;

import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;

/**
 * <p>
 * 
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
public class Role extends Model<Role> {

    private static final long serialVersionUID = 1L;

    @TableId(value = "rid", type = IdType.AUTO)
    private Integer rid;

    private String rname;

    private Set<Permission> permissions = new HashSet<>();

    private Set<User> users = new HashSet<>();


    @Override
    protected Serializable pkVal() {
        return this.rid;
    }

}
User .java
package com.jack.demo.entity;

import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.extension.activerecord.Model;
import com.baomidou.mybatisplus.annotation.TableId;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;

import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;

/**
 * <p>
 * 
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
public class User extends Model<User> {

    private static final long serialVersionUID = 1L;

    @TableId(value = "uid", type = IdType.AUTO)
    private Integer uid;

    private String username;

    private String password;

    private Set<Role> roles = new HashSet<>();


    @Override
    protected Serializable pkVal() {
        return this.uid;
    }

}
UserRole.java
package com.jack.demo.entity;

import com.baomidou.mybatisplus.extension.activerecord.Model;
import java.io.Serializable;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;

/**
 * <p>
 * 
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
public class UserRole extends Model<UserRole> {

    private static final long serialVersionUID = 1L;

    private Integer uid;

    private Integer rid;


    @Override
    protected Serializable pkVal() {
        return null;
    }

}

6.2 接口 与实现

UserService.java
package com.jack.demo.service;

import com.jack.demo.entity.User;
import com.baomidou.mybatisplus.extension.service.IService;

/**
 * <p>
 *  服务类
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
public interface UserService extends IService<User> {

    User findByUserName(String username);
}
UserServiceImpl.java
package com.jack.demo.service.impl;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.jack.demo.entity.User;
import com.jack.demo.mapper.UserMapper;
import com.jack.demo.service.UserService;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.springframework.stereotype.Service;

/**
 * <p>
 *  服务实现类
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {

    @Override
    public User findByUserName(String username) {
        /*QueryWrapper<User> queryWrapper = new QueryWrapper();
        queryWrapper.eq("username",username);
        return baseMapper.selectOne(queryWrapper);*/

        return baseMapper.findByUserName(username);
    }
}
UserMapper.java
package com.jack.demo.mapper;

import com.jack.demo.entity.User;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;

/**
 * <p>
 *  Mapper 接口
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
public interface UserMapper extends BaseMapper<User> {

    User findByUserName(String username);
}
UserMapper.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.jack.demo.mapper.UserMapper">

    <!-- 通用查询映射结果 -->
    <resultMap id="BaseResultMap" type="com.jack.demo.entity.User">
        <id column="uid" property="uid" />
        <result column="username" property="username" />
        <result column="password" property="password" />
    </resultMap>

    <resultMap id="userMap" type="com.jack.demo.entity.User">
        <id property="uid" column="uid" />
        <result property="username" column="username" />
        <result property="password" column="password" />
        <collection property="roles" ofType="com.jack.demo.entity.Role">
            <id property="rid" column="rid" />
            <result property="rname" column="rname" />
            <collection property="permissions" ofType="com.jack.demo.entity.Permission">
                <id property="pid" column="pid" />
                <result property="name" column="name"/>
                <result property="url" column="url" />
            </collection>
        </collection>
    </resultMap>

    <select id="findByUserName" parameterType="string" resultMap="userMap">
        select u.*,r.*,p.*
        from `user` u
        inner join user_role ur on u.uid=ur.uid
        inner join role r on ur.rid=r.rid
        inner join permission_role pr on r.rid=pr.rid
        inner join permission p on pr.pid=p.pid
        where u.username=#{username}
    </select>

</mapper>

7、测试

7.1 测试页面

在这里插入图片描述

index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Home</title>
</head>
<body>

<h1> 欢迎登录, ${user.username} </h1>
</body>
</html>
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Home</title>
</head>
<body>

<h1> 欢迎登录, ${user.username} </h1>
</body>
</html>
unauthorized.jsp (无权限)
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Unauthorized</title>
</head>
<body>
Unauthorized!
</body>
</html>

7.2 测试接口

UserController.java
package com.jack.demo.controller;


import com.jack.demo.entity.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;

/**
 * <p>
 *  前端控制器
 * </p>
 *
 * @author jack
 * @since 2020-06-01
 */
@Controller
public class UserController {

    /**
     * 跳转登录页
     * @return
     */
    @RequestMapping("/login")
    public String login(){
        return "login";
    }

    /**
     * 跳转首页(需要登录验证,未登录跳转登录页)
     * @return
     */
    @RequestMapping("/index")
    public String index(){
        return "index";
    }

    /**
     * 登出接口(成功后跳转登录页面)
     * @return
     */
    @RequestMapping("/logout")
    public String logout() {
        Subject subject = SecurityUtils.getSubject();
        if (subject != null) {
            subject.logout();
        }
        return "login";
    }

    /**
     * 定义未授权页面
     * @return
     */
    @RequestMapping("unauthorized")
    public String unauthorized() {
        return "unauthorized";
    }

    /**
     * 只允许admin访问的接口(非admin跳转未授权接口)
     * @return
     */
    @RequestMapping("/admin")
    @ResponseBody
    public String admin() {
        return "admin success";
    }

    /**
     * 拥有edit权限的用户才能访问
     * @return
     */
    @RequestMapping("/edit")
    @ResponseBody
    public String edit() {
        return "edit success";
    }

    @RequestMapping("/loginUser")
    public String loginUser(@RequestParam("username")String username,
                            @RequestParam("password")String password,
                                                    HttpSession session){
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(token);
            User user = (User)subject.getPrincipal();
            session.setAttribute("user",user);
            return "/index";
        } catch (AuthenticationException e) {
            return "/login";
        }
    }

}

7.3 测试效果图

首页

在这里插入图片描述

登录 (admin 123)

在这里插入图片描述

登出

在这里插入图片描述

无权限 (登录demo 123 ,访问admin接口)

在这里插入图片描述
在这里插入图片描述

admin权限(登录admin 123,访问admin接口)

在这里插入图片描述

edit权限(登录admin 123成功访问,登录demo 123 提示无权限)

在这里插入图片描述
在这里插入图片描述

druid 监控数据库

输入 http://localhost:8080/druid/index.html 跳转登录页 http://localhost:8080/druid/login.html
登录DruidConfiguration中配置的账号密码:druid 123456
在这里插入图片描述
在这里插入图片描述

总结

以上是springboot2.3 版本加mybatis-plus 实现与apache shiro 集成的项目,
完成了基本的权限登录与管理功能。

shiro优点:

易用、灵活、Web能力强,容易集成其他框架spring。

shiro缺点:

学习资料少、除了自己实现RBAC外,操作界面也需要自己实现。

结论:

总体来说shiro是一款值得使用的框架,相比spring security更好用一点!

Jack方
关注
专栏目录
springboot-mybatisplus集成Shiro
weixin_42549400的博客
09-14 428
Apache Shiro 是一款 Java 安全框架,不依赖任何容器,可以运行在 Java SE 和 Java EE 项目中,它的主要作用是用来做身份认证、授权、会话管理和密等操作。 ​
【ZeyFraのWeb开发经验11】不要使用Mybatis原生的SqlSessionFactory,而应使用MybatisSqlSessionFactory
ZeyFraの博客
02-24 1920
MyBatis-Plus【踩坑记录01】 1、SqlSessionFactory不要使用原生的,使用MybatisSqlSessionFactory。 @Bean("sqlSessionFactory") @Primary public SqlSessionFactory sqlSessionFactory(@Autowired @Qualifier("dataSource") DataSource dataSource) throws Exception { // Myba
SpringBoot+MybatisPlus+Shiro整合
04-26
该项目是SpringBoot+MybatisPlus+Shiro的整合,实现了身份认证和授权,授权可以动态从数据库载权限拦截的URL,解决了在ShiroConfig中注入Service失败的问题。
springboot 2.3 shiro 也是最新的
04-08
springboot 2.3 shiro 也是最新的
Shiro笔记三:SpringBoot2.x整合Shiro
公子&小白的博客
05-10 316
Shiro笔记三:SpringBoot2.x整合Shiro springBoot2.x整合shiro 引入依赖 <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency&g
(二十三)Spring Boot 整合 Shiro
哟,你又在偷偷写bug!
02-09 539
1.Shiro 简介         Apache Shiro 是一个开源的轻量级的 Java 安全框架,它提供身份验证、授权、密码管理以及会话管理等功能。 相对 Spring Security, Shiro 框架更直观、易用,同时也能提供健壮的安全性。在传统的 SSM 框架中,手动整合 Shiro 的配置步骤还是比较多的,针对 Spring Boot, Shiro 官方提供了 shiro-spring-boot-web-st
Springboot2.x整合 Apache Shiro快速上手测试
MagicChild的博客
01-25 340
Springboot2.x整合 Apache Shiro快速上手实战
毕业设计基于springboot+layui实现的课程管理系统源码+数据库
最新发布
09-21
总的来说,这个课程管理系统利用SpringBoot的微服务特性,Shiro的安全管理,Mybatis-Plus的便捷ORM,以及Layui的美观前端,构建了一个功能完善、操作简便的在线教学管理平台。无论是课程发布、学生选课,还是教师...
Spring MVC+MyBatis 水果销售平台工程优化版
05-07
4. **安全增强**:可能集成了Spring Security或Apache Shiro进行权限管理,保障用户数据安全。 5. **日志记录**:利用Spring的Logback或Log4j记录系统日志,便于追踪和排查问题。 6. **单元测试**:增了对关键...
基于spring boot+mybatis的个人博客(前端+后台管理系统).zip
08-14
【标题】:“基于Spring Boot+Mybatis的个人博客(前端+后台管理系统)”是一个完整的Web应用项目,结合了Spring Boot的高效开发能力和Mybatis的灵活数据访问层设计,旨在为开发者提供一个快速构建个人博客平台的...
springBoot2.0+mybatis支持多数据源+shiro
06-05
springboot整合shiro目前只配置了一个数据源 按照方式再上一个再主从标识就OK了,shiro的权限有流程还需完善
springboot2+mybatis-plus3+shiro1.4+layui细颗粒度网站后台用户权限管理系统
12-30
springboot2 + mybatis-plus3 +shiro1.4 +layui细颗粒度网站后台用户权限管理系统 项目描述 springboot2 + mybatis-plus3 +shiro1.4 +layui 细颗粒度后台权限管理mybatisplus的AutoGenerator简单代码生成,修改yml数据库密码,执行comadmin.sql 即可运行项目 运行环境 jdk8+mysql+IntelliJ IDEA+maven (springboot内嵌tomcat) 项目技术 springboot2+mybatis-plus3+shiro1.4+layui 数据库文件 链接: https://pan.baidu.com/s/1LjLiNDPly67B_FsDczCNVg 密码: f777 jar包文件 maven搭建 链接: https://pan.baidu.com/s/1Bw5IbO5yV3Ws-Jf7nQycAg 密码: nb6s
SpringBoot2整合shiro
11-05
SpringBoot2整合
springboot整合MyBatisPlus和Shiro
baidu_40924406的博客
10-08 915
创建项目的时候勾选两个模块。
spring-boot集成shiro的步骤及代码解析
hl_start的博客
09-14 223
spring-boot集成shiro的步骤及代码解析
Dependency ‘XXX:‘ not found,三步解决
m0_56375025的博客
11-11 7697
Dependency ‘XXX:‘ not found,三步解决
SpringBoot2.3.4整合Shiro实现权限管理
liu320yj的博客
10-23 993
概述 Shiro是一个功能强大且灵活的开源Java安全框架,相比于SpringSecurity更简单,Shiro可以执行身份验证、授权、密和会话管理等 Shiro的主要功能如下图: Authentication:身份认证/登录,验证用户是不是拥有相应的身份; Authorization:授权,即权限验证,验证某个已认证的用户是否拥有某个权限;即判断用户是否能进行什么操作,如:验证某个用户是否拥有某个角色。或者细粒度的验证某个用户对某个资源是否具有某个权限; SessionManager:会话管理,即
maven项目中,添依赖后,出现"Dependency 'xxxx‘ not found"解决过程
热门推荐
ytfrdfiw的专栏
10-18 6万+
在idea中修改pom.xml文件,添各种工程依赖的jar,一直没有问题,但有一天突然添了一个jbpm3的依赖,发现一直报“Dependency 'xxx' not found",但在maven的仓库中可以找到的,就觉得奇怪了。 经过一段时间的了解后,主要和几个文件有关: (1)、maven的settings.xml文件 如果你设置了镜像代理,但不巧的是设置成了如下内容(网上有帖子就要求...
SpringBoot2与Shiro的二三事
心月梦天的博客
03-31 300
用的技术:SpringBoot2+MySql8+Mybatis Generator+Mybatis+Redis+Druid+Maven多模块+Swagger tips: 1.可以把Util模块作为依赖写进主模块里面 这样打包的时候util模块会被打包成一个jar包进web_inf里面,这样发生修改的时候,只要替换对应的jar包就可以了. 2.在Swagger最新的版本中,已经有swagg...
SpringBoot2.3整合Mybatis-Plus:高级功能实战指南
SpringBoot 2.3版本中集成Mybatis-Plus,可以极大地简化数据库操作,提供更丰富的功能。首先,我们需要在项目中引入Mybatis-Plus的依赖,如以下代码所示: ```xml <groupId>com.baomidou</groupId> ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值