springboot集成shiro以及thymeleaf静态页面

引入依赖:

<!--shiro-->
<dependency>
	<groupId>org.apache.shiro</groupId>
	<artifactId>shiro-spring</artifactId>
	<version>1.4.0</version>
</dependency>
<!--thymeleaf扩展包shiro-->
<dependency>
	<groupId>com.github.theborakompanioni</groupId>
	<artifactId>thymeleaf-extras-shiro</artifactId>
	<version>2.0.0</version>
</dependency>
<!--thymeleaf-->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>

配置properties文件:

spring:
  datasource:
    url: jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&useSSL=false
    username: root
    password: ldhlyf
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource
  thymeleaf:
    prefix: classpath:/templates/
    suffix: .html
    encoding: UTF-8
    content-type: text/html
    cache: false
    mode: HTML
mybatis:
  type-aliases-package: com.lyf.shiro.entity
  mapper-locations: classpath:mapper/*.xml

编写realm类:

public class PersonRealm extends AuthorizingRealm {
    @Autowired
    private PersonService personServiceImpl;
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行授权");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        Subject subject = SecurityUtils.getSubject();
        Person person = (Person)subject.getPrincipal();
        person = personServiceImpl.getPerson(person.getName());
        //添加授权字符串
        info.addStringPermission(person.getPerms());
        return info;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行认证");
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String username = token.getUsername();
        Person person = personServiceImpl.getPerson(username);
        if(null==person){
            return  null;
        }
        //principle,密码,realm名称
        return new SimpleAuthenticationInfo(person,person.getPassword(),"");
    }
}

编码shiroconfiger:

@Configuration
public class ShiroConfiguration {

    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager securityManager ){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //shiro内置过滤器
        /**
         * anon 无需认证
         * authc 必须认证
         * user 如果使用remerberme可以直接访问
         * perms必须得到该资源的权限
         * role必须得到角色的权限
         */
        Map<String,String> filterChain = new LinkedHashMap<>();
        filterChain.put("/shiro/thymeleaf","anon");
        filterChain.put("/shiro/login","anon");
        //授权拦截
        filterChain.put("/shiro/add","perms[user:add]");
        filterChain.put("/shiro/update","authc");

       // filterChain.put("/**","authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChain);
        //登录页面
        shiroFilterFactoryBean.setLoginUrl("/shiro/tologin");
        //未授权提示
        shiroFilterFactoryBean.setUnauthorizedUrl("/shiro/unrole");
        return shiroFilterFactoryBean;
    }
//安全管理器
    @Bean("securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("personRealm") PersonRealm realm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm);
        return securityManager;
    }
//realm类
    @Bean("personRealm")
    public PersonRealm getRealm(){
        return new PersonRealm();
    }

    //配置shirodialect 用于thymeleaf和shiro配合使用
    @Bean("shiroDialect")
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }
}

 controller控制层:

RequestMapping("/shiro")
@Controller
public class PersonController {
    @Autowired
    private PersonService personServiceImpl;

    @RequestMapping("thymeleaf")
    public String thymeleaf(Model model){
        model.addAttribute("title","test");
        model.addAttribute("body","hello world");
        return "index";
    }
    @RequestMapping("/update")
    public String update(Model model){
        return "person/update";
    }
    @RequestMapping("/add")
    public String add(Model model){
        return "person/add";
    }
    @RequestMapping("/tologin")
    public String tologin(Model model){
        return "login";
    }
    @RequestMapping("/login")
    public String login(String name,String password,Model model){
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken();
        token.setUsername(name);
        token.setPassword(password.toCharArray());
        try {
            subject.login(token);
            return "test";
        }catch (UnknownAccountException e){
            e.printStackTrace();
            model.addAttribute("msg","用户不存在");
        }catch (IncorrectCredentialsException e){
            e.printStackTrace();
            model.addAttribute("msg","密码错误");
        }
        System.out.println(name);
        return "login";
    }
    @RequestMapping("/unrole")
    public String unrole(Model model){
        model.addAttribute("msg","没有权限");
        return "unrole";
    }
}

登录页面:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>登录页面</title>
</head>
<body>
<h3 style="color: red" th:text="${msg}"></h3>
<form action="/shiro/login" method="post">
    <input type="text" name="name" value=""><br/>
    <input type="password" name="password" value=""><br/>
    <input type="submit" name="登录">
</form>
</body>
</html>

shiro和thymeleaf页面权限控制:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title ></title>
</head>
<body>
<h3 th:text="${body}"></h3>
<div shiro:hasPermission="user:add">
添加: <a href="/shiro/add">添加</a><br>
</div>
<div shiro:hasPermission="user:update">
    修改: <a href="/shiro/update">修改</a><br>
</div>
</body>
</html>

 

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值