上一篇已经将环境搭建完毕,现在配置shiro的相关
新建自己的realm
public class MyRealm extends AuthorizingRealm {
@Autowired
private UsersService usersService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String username = (String)principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(usersService.findRoles(username));
authorizationInfo.setStringPermissions(usersService.findPermissions(username));
for(int i = 0; i<authorizationInfo.getRoles().size();i++){
System.out.println(authorizationInfo.getRoles());
}
for(int i = 0; i<authorizationInfo.getStringPermissions().size();i++){
System.out.println(authorizationInfo.getStringPermissions());
}
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String)token.getPrincipal();
Users user = usersService.findByUserName(username);
if(user == null) {
throw new UnknownAccountException();//没找到帐号
}
//交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
user.getUserName(), //用户名
user.getPassword(), //密码
getName() //realm name
);
return authenticationInfo;
}
public void setUsersService(UsersService usersService) {
this.usersService = usersService;
}
建立加盐的类
public class Salt {
public static final String salt = "abcde";
}
建立shiro配置类
@Configuration
public class ShiroConfiguration {
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
System.out.println("ShiroConfiguration.shiroFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置SecuritManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
/**
* 覆盖默认的user拦截器(默认拦截器解决不了ajax请求 session超时的问题,若有更好的办法请及时反馈作者)
*/
HashMap<String, Filter> myFilters = new HashMap<>();
//myFilters.put("query", new QueryLimitFiter(queryPermissionService));
shiroFilterFactoryBean.setFilters(myFilters);
// 拦截器
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/webLogin/*", "anon");
filterChainDefinitionMap.put("/student/add", "perms[/student/add]");
filterChainDefinitionMap.put("/student/delete", "perms[/student/delete]");
filterChainDefinitionMap.put("/student/update", "perms[/student/update]");
filterChainDefinitionMap.put("/student/select", "perms[/student/select]");
// 配置退出过滤器,其中的具体代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
// <!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边
// filterChainDefinitionMap.put("/users/*", "anon");
filterChainDefinitionMap.put("/**", "authc");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/");
// 登录成功后要跳转的链接
//shiroFilterFactoryBean.setSuccessUrl("");
// 未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
@Bean
public MyRealm myShiroRealm() {
MyRealm userRealm = new MyRealm();
return userRealm;
}
//开启shiro aop注解支持.
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
最后编写login controller 方法
//登录
@PostMapping(value = "/login")
public ModelAndView login(String userName, String password){
ModelAndView mav = new ModelAndView();
String newPassword = PasswordUtil.encodePwd(password);
UsernamePasswordToken token = new UsernamePasswordToken(userName,newPassword);
Subject subject = SecurityUtils.getSubject();
try{
subject.login(token);
//mav.addObject("currentUser",userName);
String loginToken = validateSucceed(null, new SsoUser(userName, newPassword), false);
mav.setViewName("main");
return mav;
}catch (Exception e){
e.printStackTrace();
mav.setViewName("index");
mav.addObject("error","用户名或密码错误!");
return mav;
}
}
其他的查询数据库的操作省略
(三) session设置 https://blog.csdn.net/money9sun/article/details/86605010