springboot整合shiro环境搭建

sheepbotany

已于 2022-03-21 17:03:04 修改

阅读量566

点赞数 3

于 2022-03-21 16:56:58 首次发布

本文链接：https://blog.csdn.net/lllwky/article/details/123640070

版权

文章目录

一：创建项目

导入thymeleaf依赖

<dependency>
    <groupId>org.thymeleaf</groupId>
    <artifactId>thymeleaf-spring5</artifactId>
</dependency>
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-java8time</artifactId>
</dependency>

shiro三大部件：Subject（用户） SecurityManager（管理所有用户） Realm（连接数据）

在上一篇博客中下载的shiro包中找到pom.xml

导入相应的包并配置版本

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.3.2</version>
</dependency>

基本配置：

ShiroConfig

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
    //过滤对象ShiroFilterFactoryBean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager ){
            ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
            //设置安全管理器
            bean.setSecurityManager(defaultWebSecurityManager);
            return bean;
        }
    @Bean(name="securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm);
        return securityManager;
    }
    //创建realm对象，需要自定义

    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }



}

UserRealm

package com.example.springshiro.config;


import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class UserRealm extends AuthorizingRealm {
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行授权");
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行认证");
        return null;
    }
    //授权

}

MyController

@Controller
public class MyController {
    @RequestMapping({"/","index"})
    public String toIndex(Model model){
        model.addAttribute("msg","hello,Shiro");
        return "index";
    }

    @RequestMapping("/user/add")
    public String add(){
        return "User/add";
    }
    @RequestMapping("/user/update")
    public String update(){
        return "user/update";
    }

}

二：Shiro实现登录拦截

在ShiroConfig中的ShiroFilterFactoryBean添加过滤器

/*
* anon：无需认证即可访问
* anthc：必须认证了才能访问
* user:必须拥有记住我功能才能使用
* perms:拥有对某个资源的权限才能访问
* role:拥有某个角色权限才能访问
* */
Map<String,String> filterMap = new LinkedHashMap<>();

filterMap.put("/user/add","authc");
filterMap.put("/user/update","authc");
bean.setFilterChainDefinitionMap(filterMap);

此时add与update访问会报错，如果希望访问时跳到登录页面则增加：

//设置登录的请求
bean.setLoginUrl("/login");

（需要写好login页面哦😀）

三：Shiro实现用户认证

在MyController

@RequestMapping("/login")
public String login(String username,String password,Model model){
    //获取当前的用户
    Subject subject = SecurityUtils.getSubject();
    //封装用户的登录数据
    //在此处使用整个类都会使用
    UsernamePasswordToken token = new UsernamePasswordToken(username,password);
    try{
        subject.login(token);//执行登录方法
        return "index";
    }catch (UnknownAccountException e){
        model.addAttribute("msg","用户名错误");
        return "login";

    }catch (IncorrectCredentialsException e){
        model.addAttribute("msg","密码错误");
        return "login";

    }

}

在UserRealm执行认证：

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    //点击登录即会执行此方法
    System.out.println("执行认证");
    String name="root";
    String password="123456";
    UsernamePasswordToken userToken=(UsernamePasswordToken) token;
    if(!userToken.getUsername().equals(name)){
        return null;//在此处会抛出异常被controller捕获
    }
    //进行密码认证
    //参数为：获取当前用户的认证，获得密码的对象，认证名
    return new SimpleAuthenticationInfo("",password,"");
}
//授权

四：Shiro整合Mybatis

1:添加依赖连接mysql驱动

<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <version>5.1.44</version>
</dependency>
<dependency>
    <groupId>log4j</groupId>
    <artifactId>log4j</artifactId>
    <version>1.2.17</version>
</dependency>
<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>druid</artifactId>
    <version>1.1.12</version>
</dependency>
<dependency>
    <groupId>org.mybatis.spring.boot</groupId>
    <artifactId>mybatis-spring-boot-starter</artifactId>
    <version>2.2.1</version>
</dependency>
<dependency>
    <groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
    <version>1.16.10</version>
</dependency>

2：配置application.yml文件（记得格式的对齐😀）

spring:
  datasource:
    username: root
    password: 123456
    url: jdbc:mysql://localhost:3306/mybatis?severTimezone=UTC&useUnicode=true&characterEncoding=utf-8
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource
    #    配置数据源

    initialSize: 5
    minIdle: 5
    maxActive: 20
    maxWait: 60000
    timeBetweenEvictionRunsMillis: 60000
    minEvictableIdleTimeMillis: 300000
    validationQuery: SELECT 1 FROM DUAL
    testWhileIdle: true
    testOnBorrow: false
    testOnReturn: false
    poolPreparedStatements: true
    filters: stat,wall,log4j
    maxPoolPreparedStatementPerConnectionSize: 20
    useGlobalDataSourceStat: true
    connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
    #配置监控统计拦截的filters，stat：监控统计、log4j：日志记录、wall：防御sql注入
    #如果允许报错，java.lang.ClassNotFoundException: org.apache.Log4j.Properity
    #则导入log4j 依赖就行
    #SpringBoot默认是不注入这些的，需要自己绑定 #druid数据源专有配置

3：配置application.properties

根据目录配置：

mybatis.type-aliases-package=com.example.springshiro.pojo
mybatis.mapper-locations=classpath:mapper/*.xml

4：配置UserMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.springshiro.mapper.UserMapper">
    <select id="queryUserByName" parameterType="String" resultType="User">
        select * from mybatis.user where name= #{name}
    </select>
</mapper>

5：添加User，UserService，UserServiceImpl

@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {
    private int id;
    private String name;
    private String pwd;
}

@Service
public class UserServiceImpl implements UserService{

    @Autowired
    UserMapper userMapper;

    @Override
    public User queryUserByName(String name){
        return userMapper.queryUserByName(name);
    }
}

6:测试运行

@RunWith(SpringRunner.class)
@SpringBootTest
public class SpringshiroApplicationTests {

    @Autowired
   UserServiceImpl userService;

    @Test
    public void contextLoads() {
        System.out.println(userService.queryUserByName("botany"));
    }

}

6:测试运行

@RunWith(SpringRunner.class)
@SpringBootTest
public class SpringshiroApplicationTests {

    @Autowired
   UserServiceImpl userService;

    @Test
    public void contextLoads() {
        System.out.println(userService.queryUserByName("botany"));
    }

}