-
导入相关依赖
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.1</version> </dependency> <!-- https://mvnrepository.com/artifact/com.github.theborakompanioni/thymeleaf-extras-shiro --> <dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version> </dependency>
-
在controller中封装UsernamePasswordToken对象
@RequestMapping("/login") public String login(String username, String password, Model model){ System.out.println("用户名:"+username+"密码为:"+password); //获取当前用户 Subject subject = SecurityUtils.getSubject(); //封装用户登录的数据 UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { //登录时,用户名或密码错误会抛出异常,需捕获 subject.login(token); return "index"; }catch (UnknownAccountException e){ //用户名错误 UnknownAccountException异常 model.addAttribute("fail", "用户名错误"); return "login"; }catch (IncorrectCredentialsException e){ //密码错误 IncorrectCredentialsException异常 model.addAttribute("fail", "密码错误"); return "login"; } }
-
定义Realm类继承自AuthorizingRealm,在此类中进行授权和认证操作
import com.guo.bean.User; import com.guo.service.UserService; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.session.Session; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; public class UserRealm extends AuthorizingRealm { @Autowired UserService userService; //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); Subject subject = SecurityUtils.getSubject(); //获取认证的用户 User user = (User) subject.getPrincipal(); //获取认证用户的权限 info.addStringPermission(user.getPerms()); return info; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //获取controller类中封装的UsernamePasswordToken对象 UsernamePasswordToken usertoken = (UsernamePasswordToken) token; //通过登录的用户名进行查询 User user = userService.selectUserByName(usertoken.getUsername()); Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(); session.setAttribute("loginUser", user); if (user==null){ return null; } return new SimpleAuthenticationInfo(/*传入登录用户,以便授权方法中可获取认证用户的权限*/ user, /*SimpleAuthenticationInfo会自动判断密码是否正确*/user.getPassword(), ""); } }
-
定义ShiroConfig配置类
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig { //3.注册ShiroFilterFactoryBean对象 @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); bean.setSecurityManager(securityManager); /* * anon: 允许所有人访问 * authc: 需认证后访问 * users: 必须设置记住我后才能访问 * perms: 对某个资源有权限才能访问 * roles: 设置相应的权限 * */ Map<String, String> filterMap = new LinkedHashMap<>(); //指定url请求需要认证后才能访问 filterMap.put("/add", "authc"); filterMap.put("/update", "authc"); //给指定url请求授权 filterMap.put("/add", "perms[user:add]"); filterMap.put("/update", "perms[user:update]"); bean.setFilterChainDefinitionMap(filterMap); //若没用户未认证,则到指定url请求的页面 bean.setLoginUrl("/toLogin"); //未授权,跳转到指定url请求页面 bean.setUnauthorizedUrl("/unauthorized"); return bean; } //2.注册DefaultWebSecurityManager对象,注册默认的web安全管理器 @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } //1.注册realm对象,需要先定义realm类,继承自AuthorizingRealm类 @Bean public UserRealm userRealm(){ return new UserRealm(); } @Bean //整合shiro跟thymeleaf public ShiroDialect getShiroDialect(){ return new ShiroDialect(); } }
在SpringBoot中简单使用Shiro(随笔)
最新推荐文章于 2024-06-18 10:17:47 发布