Springboot整合shiro

帆帆.

已于 2023-09-26 19:36:30 修改

阅读量121

点赞数

分类专栏： shiro 文章标签： java spring boot 后端

于 2023-09-13 16:04:02 首次发布

本文链接：https://blog.csdn.net/fsfsoavn/article/details/132856101

版权

shiro 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

1.简介

1.Apache Shiro 是一个Java的安全（权限）框架
2.Shiro 可以非常容易的开发出足够好的应用，其不仅可以用在JavaSe环境.
3.Shiro 可以完成：认证，授权，加密，会话管理，Web集成，缓存等

2、SpringBoot整合Shiro环境搭建

1.在pom里导入依赖

 <dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-spring</artifactId>
  <version>1.4.1</version>
</dependency>

2.核心配置
·ShiroConfig.java

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    //ShiroFilterFactoryBean  第三步  关联第二步
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);
        //添加shiro的内置过滤器
        /*
         * anon:无需认证就可以访问
         * authc:必须认证了才能访问
         * user:必须拥有 记住我 功能才能访问
         * perms:  拥有对某个资源的权限才能访问
         * role ：拥有某个角色权限才能访问
         * */
        Map<String, String> filterMap = new HashMap<>();
        filterMap.put("/demo/add", "anon");
        filterMap.put("/demo/update", "authc");
        //设置访问不了时跳转到登录页面
        bean.setLoginUrl("/demo/toLogin");
        bean.setFilterChainDefinitionMap(filterMap);
        return bean;
    }

    //DefaultWebSecurityManager  第二步  关联第一步
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联userRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }


    // 创建realm对象，需要自定义类 第一步
    @Bean
    public UserRealm userRealm() {
        return new UserRealm();
    }
}

UserRealm.java

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class UserRealm extends AuthorizingRealm {
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
        System.out.println("执行了=>授权doGetAuthorizationInfo");
        return null;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("执行了=>认证doGetAuthenticationInfo");
        //用户名和密码认证  数据库中取
        String name = "root";
        String password="123456";
        UsernamePasswordToken userToken = (UsernamePasswordToken)token;
        if (!userToken.getUsername().equals(name)){
            return null; //抛出异常，异常就是前面自定义的 UnknownAccountException e
        }
        //密码认证不需要我们做，shiro会自动做
        return new SimpleAuthenticationInfo("",password,"");
    }
}

3.写几个简单的页面，模拟项目
·index.html

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
</head>
<body>
	<h1>首页</h1>
	<p th:text="${msg}"></p>
<hr>
<a th:href="@{/demo/add}">add</a>  | <a th:href="@{/demo/update}">update</a>
</body>
</html>

·add.html

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
</head>
<body>
	<h1>增加页面</h1>
</body>
</html>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>登录</h1>
<p th:text="${msg}" style="color: red"></p>
<form  th:action="@{/demo/login}">
    <p>username:<input type="text" name="username"></p>
    <p>password:<input type="text" name="password"></p>
    <p><input type="submit"></p>
</form>
</body>
</html>

update.html

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
</head>
<body>
<h1>更新页面</h1>
</body>
</html>

controller

@Controller
@RequestMapping("demo")
public class StartDemo {

    @RequestMapping("index")
    public String demo(){
        return "index";
    }

    @RequestMapping("add")
    public String add(){
        return "add";
    }

    @RequestMapping("/update")
    public String update(){
        return "update";
    }

    @RequestMapping("/toLogin")
    public String toLogin(){
        return "login";
    }

    @RequestMapping("/login")
    public String login(String username, String password, Model model) {
        //获取当前的用户
        Subject subject = SecurityUtils.getSubject();
        //封装用户的登录数据
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            subject.login(token);//执行登录的方法，如果没有异常就可以了
            return "index";
        } catch (UnknownAccountException e) {//用户名不存在
            model.addAttribute("msg", "用户名错误");
            return "login";
        } catch (IncorrectCredentialsException e) {//密码不存在
            model.addAttribute("msg", "密码错误");
            return "login";
        }
    }