SpringBoot+shiro 实现登录缓存和验证码

最新推荐文章于 2021-04-02 14:33:19 发布
最新推荐文章于 2021-04-02 14:33:19 发布
阅读量700 收藏 3
点赞数 1
分类专栏: springboot ssm
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_37950416/article/details/107403499
版权

在这里插入图片描述
登录后
在这里插入图片描述
登录缓存
退出浏览器后再重新进入 http://localhost:8080/south/index.html不需要登录 便可进入index.html页面
在这里插入图片描述
pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.2.6.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <packaging>war</packaging>
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.nany</groupId>
    <artifactId>south</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>south</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>

    <!-- ******************************* 常用依赖库 ********************************** -->
        <commons.io.version>2.4</commons.io.version>
        <commons.fileupload.version>1.3.1</commons.fileupload.version>
        <commons.collections.version>3.2</commons.collections.version>
        <commons.beanutils.version>1.9.2</commons.beanutils.version>
        <commons.codec.version>1.10</commons.codec.version>
        <commons.lang3.version>3.6</commons.lang3.version>
        <guava.version>23.0</guava.version>
    </properties>
    <!-- 针对开发IO流功能的工具类库 -->
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
        </dependency>


        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <!--jdbc -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jdbc</artifactId>
        </dependency>
        <!--mybatis依赖-->
        <!--mybatis通用Mapper -->
        <dependency>
            <groupId>tk.mybatis</groupId>
            <artifactId>mapper-spring-boot-starter</artifactId>
            <version>2.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus</artifactId>
            <version>2.1.2</version>
        </dependency>
        <!--mybatis分页插件 -->
        <dependency>
            <groupId>com.github.pagehelper</groupId>
            <artifactId>pagehelper-spring-boot-starter</artifactId>
            <version>1.2.7</version>
        </dependency>
        <!--logback 日志-->
        <!--<dependency>-->
            <!--<groupId>org.codehaus.janino</groupId>-->
            <!--<artifactId>janino</artifactId>-->
            <!--<version>2.6.1</version>-->
        <!--</dependency>-->
        <dependency>
            <groupId>org.codehaus.janino</groupId>
            <artifactId>commons-compiler</artifactId>
            <version>3.0.9</version>
        </dependency>
        <!-- druid阿里巴巴数据库连接池 -->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.1.10</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/com.alibaba/druid-spring-boot-starter -->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid-spring-boot-starter</artifactId>
            <version>1.1.9</version>
        </dependency>
        <!--MYSQL -->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>
        <dependency>
            <groupId>com.microsoft.sqlserver</groupId>
            <artifactId>sqljdbc4</artifactId>
            <version>4.0</version>
        </dependency>
        <dependency>
            <groupId>com.microsoft.sqlserver</groupId>
            <artifactId>mssql-jdbc</artifactId>
            <version>6.1.0.jre8</version>
        </dependency>

        <!-- redis缓存 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>



        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
            <version>${commons.io.version}</version>
        </dependency>
        <!-- 文件上传 -->
        <dependency>
            <groupId>commons-fileupload</groupId>
            <artifactId>commons-fileupload</artifactId>
            <version>${commons.fileupload.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>commons-io</groupId>
                    <artifactId>commons-io</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <!-- 常用的集合操作,丰富的工具类 -->
        <dependency>
            <groupId>commons-collections</groupId>
            <artifactId>commons-collections</artifactId>
            <version>${commons.collections.version}</version>
        </dependency>
        <!-- 操作javabean的工具包 -->
        <dependency>
            <groupId>commons-beanutils</groupId>
            <artifactId>commons-beanutils</artifactId>
            <version>${commons.beanutils.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>commons-collections</groupId>
                    <artifactId>commons-collections</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <!-- 包含一些通用的编码解码算法. 如:MD5、SHA1、Base64等 -->
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
            <version>${commons.codec.version}</version>
        </dependency>
        <!-- 包含丰富的工具类如 StringUtils -->
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>${commons.lang3.version}</version>
        </dependency>
        <!--
            Guava工程包含了若干被Google的Java项目广泛依赖的核心库. 集合[collections] 、缓存[caching] 、原生类型支持[primitives support] 、
            并发库[concurrency libraries] 、通用注解[common annotations] 、字符串处理[string processing] 、I/O 等等。
        -->
        <dependency>
            <groupId>com.google.guava</groupId>
            <artifactId>guava</artifactId>
            <version>${guava.version}</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-annotations</artifactId>
            <version>2.9.0</version>
        </dependency>

        <dependency>
            <groupId>javax.persistence</groupId>
            <artifactId>javax.persistence-api</artifactId>
            <version>2.2</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-tomcat</artifactId>
            <scope>provided</scope>
        </dependency>


        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>


        <!-- shiro-->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.2.2</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.16.20</version>
        </dependency>


    </dependencies>
    <repositories>
        <repository>
            <id>clojars</id>
            <url>http://clojars.org/repo/</url>
        </repository>
    </repositories>

    <build>
        <finalName>south</finalName>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <version>3.2.0</version>
            </plugin>
        </plugins>
    </build>

</project>

package com.nanty.core.system.entity;

import com.fasterxml.jackson.annotation.JsonFormat;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.nanty.core.base.BaseDTO;
import com.nanty.core.util.Dates;

import javax.persistence.*;
import java.util.Date;

/**
 * 系统用户
 *
 * @name User
 * @version 1.0
 * @author ling 2020-05-06
 */
@JsonInclude(JsonInclude.Include.NON_NULL)
@Table(name = "SYS_USER")
public class User {
    private static final long serialVersionUID = -7395431342743009038L;

    /**
     * 用户ID
     */
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @OrderBy("DESC")
    private Long userId;
    /**
     * 用户名
     */
    private String username;
    /**
     * 密码
     */
    private String password;
    /**
     * 昵称
     */
    private String nickname;
    /**
     * 生日
     */
    @JsonFormat(pattern = Dates.Pattern.DATE)
    private Date birthday;
    /**
     * 性别:1-男/0-女
     */
    private Integer sex;
    /**
     * 是否启用:1/0
     */
    private Integer enabled;

    private String salt;//加密密码的盐

    private byte state;//用户状态,0:创建未认证(比如没有激活,没有输入验证码等等)--等待验证的用户 , 1:正常状态,2:用户被锁定.



    public Long getUserId() {
        return userId;
    }

    public void setUserId(Long userId) {
        this.userId = userId;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getNickname() {
        return nickname;
    }

    public void setNickname(String nickname) {
        this.nickname = nickname;
    }

    public Date getBirthday() {
        return birthday;
    }

    public void setBirthday(Date birthday) {
        this.birthday = birthday;
    }

    public Integer getSex() {
        return sex;
    }

    public void setSex(Integer sex) {
        this.sex = sex;
    }

    public Integer getEnabled() {
        return enabled;
    }

    public void setEnabled(Integer enabled) {
        this.enabled = enabled;
    }

    public String getSalt() {
        return salt;
    }

    public void setSalt(String salt) {
        this.salt = salt;
    }

    public byte getState() {
        return state;
    }

    public void setState(byte state) {
        this.state = state;
    }

    /**
     * 密码盐.
     * @return
     */
    public String getCredentialsSalt(){
        return this.username+this.salt;
    }

    @Override
    public String toString() {
        return "UserInfo [userId=" + userId + ", username=" + username + ", nickname=" + nickname + ", password=" + password
                + ", salt=" + salt + ", state=" + state + "]";
    }

}

Service

package com.nanty.core.system.service;

import com.nanty.core.base.Service;
import com.nanty.core.system.entity.User;

/**
 * 用户Service接口
 *
 * @version 1.0
 * @author ling 2020-04-28
 */
public interface UserService {

    User selectName(String username);
}

ServiceImpl

package com.nanty.core.system.service.impl;

import com.nanty.core.system.mapper.db1.UserMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.nanty.core.base.BaseService;
import com.nanty.core.system.entity.User;
import com.nanty.core.system.service.UserService;

/**
 * 用户Service实现类
 *
 * @version 1.0
 * @author ling 2020-04-28
 */
@Service
public class UserServiceImpl implements UserService {

    @Autowired
    private UserMapper userMapper;

    @Override
    public User selectName(String username) {
        return userMapper.selectName(username);
    }
}

Mapper

package com.nanty.core.system.mapper.db1;

import com.nanty.core.base.Mapper;
import com.nanty.core.system.entity.User;
import org.apache.ibatis.annotations.Param;

/**
 *
 * @name UserMapper
 * @version 1.0
 * @author ling 2020-05-06
 */
@org.apache.ibatis.annotations.Mapper
public interface UserMapper{

    User selectName(@Param("username")String username);
}

Mapper.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.nanty.core.system.mapper.db1.UserMapper">

    <!-- 通用查询映射结果 -->
    <resultMap id="BaseResultMap" type="com.nanty.core.system.entity.User">
        <id column="USER_ID" property="userId" />
        <result column="USERNAME" property="username" />
        <result column="PASSWORD" property="password" />
        <result column="NICKNAME" property="nickname" />
        <result column="BIRTHDAY" property="birthday" />
        <result column="SEX" property="sex" />
        <result column="ENABLED" property="enabled" />
        <result column="salt" property="salt" />
        <result column="state" property="state" />
       
    </resultMap>

    <!-- 通用查询结果列 -->
    <sql id="Base_Column_List">
        USER_ID AS userId, USERNAME AS username, PASSWORD AS password, NICKNAME AS nickname, BIRTHDAY AS birthday, SEX AS sex, ENABLED AS enabled,salt AS salt,state AS state
    </sql>
    <select id="selectName" resultMap="BaseResultMap">
        select * from SYS_USER
        where USERNAME=#{username}
    </select>

</mapper>

项目目录
在这里插入图片描述
MyShiroRealm 用户身份验证,判断登录的账号密码

package com.nanty.core.shiro;

import com.nanty.core.system.entity.User;
import com.nanty.core.system.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

public class MyShiroRealm extends AuthorizingRealm {
    @Autowired
    private UserService userService;

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("开始身份验证");
        String username = (String) token.getPrincipal(); //获取用户名,默认和login.html中的username对应。
        System.out.println("---0-------------"+username);
        User userInfo = userService.selectName(username);
        if (userInfo == null) {
            //没有返回登录用户名对应的SimpleAuthenticationInfo对象时,就会在LoginController中抛出UnknownAccountException异常
            throw new UnknownAccountException("用户名不存在!");
        }
        if ("1".equals(userInfo.getState())) {
            throw new LockedAccountException("账号已被锁定,请联系管理员!");
        }
        //验证通过返回一个封装了用户信息的AuthenticationInfo实例即可。
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                userInfo, //用户信息
                userInfo.getPassword(), //密码
                getName() //realm name
        );
        authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(userInfo.getCredentialsSalt())); //设置盐

        return authenticationInfo;
    }
    //当访问到页面的时候,链接配置了相应的权限或者shiro标签才会执行此方法否则不会执行
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("开始权限配置");

        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        User userInfo = (User) principalCollection.getPrimaryPrincipal();

//        for (SysRole role: userInfo.getRoleList()) {
//            authorizationInfo.addRole(role.getRole());
//            for (SysPermission p: role.getPermissions()) {
//                authorizationInfo.addStringPermission(p.getPermission());
//            }
//        }

        return authorizationInfo;
    }
}

ShiroConfiguration.java

package com.nanty.core.shiro;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;


@Configuration
public class ShiroConfiguration {

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/logout", "logout"); //退出登录
        filterChainDefinitionMap.put("/index", "user");
        filterChainDefinitionMap.put("/", "user");
        filterChainDefinitionMap.put("/favicon.ico", "anon");
//        filterChainDefinitionMap.put("/kaptcha.jpg", "anon");//图片验证码(kaptcha框架)
        filterChainDefinitionMap.put("/Captcha.jpg", "anon");//图片验证码(kaptcha框架)
        filterChainDefinitionMap.put("/register", "anon");
        filterChainDefinitionMap.put("/logina", "anon");
        filterChainDefinitionMap.put("/css/**", "anon");
        filterChainDefinitionMap.put("/js/**","anon");
//        filterChainDefinitionMap.put("/login.html", "kaptchaFilter");
        filterChainDefinitionMap.put("/**", "authc");

        shiroFilterFactoryBean.setLoginUrl("/login.html");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }


    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        securityManager.setCacheManager(ehCacheManager());
        securityManager.setRememberMeManager(cookieRememberMeManager());
        return securityManager;
    }

    @Bean
    public MyShiroRealm myShiroRealm() {
        MyShiroRealm myShiroRealm = new MyShiroRealm();
        myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return myShiroRealm;
    }

    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法;
        hashedCredentialsMatcher.setHashIterations(2);//散列的次数,比如散列两次,相当于 md5(md5(""));
        return hashedCredentialsMatcher;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

    @Bean
    public EhCacheManager ehCacheManager() {
        System.out.println("ShiroConfiguration.getEhCacheManager()");
        EhCacheManager ehCacheManager = new EhCacheManager();
        ehCacheManager.setCacheManagerConfigFile("classpath:config/ehcache-shiro.xml");
        return ehCacheManager;
    }

    //cookie对象;
    @Bean
    public SimpleCookie rememberMeCookie() {
        System.out.println("ShiroConfiguration.rememberMeCookie()");
        //这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");

        //<!-- 记住我cookie生效时间30,单位秒;-->
        simpleCookie.setMaxAge(259200);
        return simpleCookie;
    }

    //cookie管理对象;
    @Bean
    public CookieRememberMeManager cookieRememberMeManager() {
        System.out.println("ShiroConfiguration.rememberMeManager()");
        CookieRememberMeManager manager = new CookieRememberMeManager();
        manager.setCookie(rememberMeCookie());
        return manager;
    }
}

ehcache-shiro.xml 账号登录缓存

<?xml version="1.0" encoding="UTF-8"?>
<ehcache name="es">

    <diskStore path="java.io.tmpdir"/>

    <defaultCache
            maxElementsInMemory="10000"
            eternal="false"
            timeToIdleSeconds="120"
            timeToLiveSeconds="120"
            overflowToDisk="false"
            diskPersistent="false"
            diskExpiryThreadIntervalSeconds="120"
    />


    <!-- 登录记录缓存锁定10分钟 -->
    <cache name="passwordRetryCache"
           maxEntriesLocalHeap="2000"
           eternal="false"
           timeToIdleSeconds="3600"
           timeToLiveSeconds="0"
           overflowToDisk="false"
           statistics="true">
    </cache>

</ehcache>

验证码
CaptchaUtil 生成验证码工具类

package com.nanty.core.shiro.kaptcha;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.FileOutputStream;
import java.util.Random;

import javax.imageio.ImageIO;

/**
 * 验证码工具类
 */
public class CaptchaUtil {

    // 随机产生的字符串
    private static final String RANDOM_STRS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

    private static final String FONT_NAME = "Fixedsys";
    private static final int FONT_SIZE = 18;

    private Random random = new Random();

    private int width = 80;// 图片宽
    private int height = 25;// 图片高
    private int lineNum = 50;// 干扰线数量
    private int strNum = 4;// 随机产生字符数量

    /**
     * 生成随机图片
     */
    public BufferedImage genRandomCodeImage(StringBuffer randomCode) {
        // BufferedImage类是具有缓冲区的Image类
        BufferedImage image = new BufferedImage(width, height,
                BufferedImage.TYPE_INT_BGR);
        // 获取Graphics对象,便于对图像进行各种绘制操作
        Graphics g = image.getGraphics();
        // 设置背景色
        g.setColor(getRandColor(200, 250));
        g.fillRect(0, 0, width, height);

        // 设置干扰线的颜色
        g.setColor(getRandColor(110, 120));

        // 绘制干扰线
        for (int i = 0; i <= lineNum; i++) {
            drowLine(g);
        }
        // 绘制随机字符
        g.setFont(new Font(FONT_NAME, Font.ROMAN_BASELINE, FONT_SIZE));
        for (int i = 1; i <= strNum; i++) {
            randomCode.append(drowString(g, i));
        }
        g.dispose();
        return image;
    }

    /**
     * 给定范围获得随机颜色
     */
    private Color getRandColor(int fc, int bc) {
        if (fc > 255){
            fc = 255;
        }
        if (bc > 255){
            bc = 255;
        }
        int r = fc + random.nextInt(bc - fc);
        int g = fc + random.nextInt(bc - fc);
        int b = fc + random.nextInt(bc - fc);
        return new Color(r, g, b);
    }

    /**
     * 绘制字符串
     */
    private String drowString(Graphics g, int i) {
        g.setColor(new Color(random.nextInt(101), random.nextInt(111), random
                .nextInt(121)));
        String rand = String.valueOf(getRandomString(random.nextInt(RANDOM_STRS
                .length())));
        g.translate(random.nextInt(3), random.nextInt(3));
        g.drawString(rand, 13 * i, 16);
        return rand;
    }

    /**
     * 绘制干扰线
     */
    private void drowLine(Graphics g) {
        int x = random.nextInt(width);
        int y = random.nextInt(height);
        int x0 = random.nextInt(16);
        int y0 = random.nextInt(16);
        g.drawLine(x, y, x + x0, y + y0);
    }

    /**
     * 获取随机的字符
     */
    private String getRandomString(int num) {
        return String.valueOf(RANDOM_STRS.charAt(num));
    }

    public static void main(String[] args) {
        CaptchaUtil tool = new CaptchaUtil();
        StringBuffer code = new StringBuffer();
        BufferedImage image = tool.genRandomCodeImage(code);
        System.out.println("random code = " + code);
        try {
            // 将内存中的图片通过流动形式输出到客户端
            ImageIO.write(image, "JPEG", new FileOutputStream(new File(
                    "/Users/wangsaichao/Desktop/random-code.jpg")));
        } catch (Exception e) {
            e.printStackTrace();
        }

    }
}


package com.nanty.core.shiro.kaptcha;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.awt.image.BufferedImage;
import java.io.IOException;

/**
 * @author: wangsaichao
 * @date: 2018/5/26
 * @description:
 */
@Controller
public class CaptchaController {

    public static final String KEY_CAPTCHA = "KEY_CAPTCHA";

    @RequestMapping("/Captcha.jpg")
    public void getCaptcha(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {
        // 设置相应类型,告诉浏览器输出的内容为图片
        response.setContentType("image/jpeg");
        // 不缓存此内容
        response.setHeader("Pragma", "No-cache");
        response.setHeader("Cache-Control", "no-cache");
        response.setDateHeader("Expire", 0);
        try {

            HttpSession session = request.getSession();

            CaptchaUtil tool = new CaptchaUtil();
            StringBuffer code = new StringBuffer();
            BufferedImage image = tool.genRandomCodeImage(code);
            session.removeAttribute(KEY_CAPTCHA);
            System.out.println("-------------------------");
            System.out.println(code);
            session.setAttribute(KEY_CAPTCHA, code.toString());

            // 将内存中的图片通过流动形式输出到客户端
            ImageIO.write(image, "JPEG", response.getOutputStream());

        } catch (Exception e) {
            e.printStackTrace();
        }

    }

}


package com.nanty.core.system.controller;

import com.nanty.core.base.Result;
import com.nanty.core.exception.BaseEnums;
import com.nanty.core.shiro.kaptcha.CaptchaController;
import com.nanty.core.shiro.kaptcha.IncorrectCaptchaException;
import com.nanty.core.system.entity.User;
import com.nanty.core.system.service.UserService;
import com.nanty.core.util.Results;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.apache.ibatis.annotations.Param;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.validation.Valid;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * 用户Controller
 *
 * @version 1.0
 * @author ling 2020-05-10
 */
@RestController
public class UserController {

    @Autowired
    private UserService userService;


    @PostMapping(value = "/logina")
    public Result logina(String username,String password,String captcha) throws Exception {
        //session中的验证码
        String msg = "";
        System.out.println("11111111111111");
        String sessionCaptcha = (String) SecurityUtils.getSubject().getSession().getAttribute(CaptchaController.KEY_CAPTCHA);
        System.out.println(sessionCaptcha);
        if (null == captcha || !captcha.equalsIgnoreCase(sessionCaptcha)) {
            System.out.println("验证码不正确");
            msg = "验证码不正确";
        }else {
            // 从SecurityUtils里边创建一个 subject
            Subject subject = SecurityUtils.getSubject();
            // 在认证提交前准备 token(令牌)
            UsernamePasswordToken token = new UsernamePasswordToken(username, password);

            System.out.println(token);
            try {
                subject.login(token);
            } catch (UnknownAccountException uae) {//UsernamePasswordToken
                msg = "用户名不存在";
            } catch (IncorrectCredentialsException ice) {
                msg = "密码不正确";
            } catch (LockedAccountException lae) {
                msg = "账户已锁定";
            } catch (ExcessiveAttemptsException eae) {
                msg = "用户名或密码错误次数过多";
            } catch (AuthenticationException ae) {
                msg = "用户名或密码不正确";
            }
            if (subject.isAuthenticated()) {
                msg = "登录成功";
            } else {
                token.clear();
                msg = "登录失败";
            }
        }
       }

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
错误信息:<h4 style="color: red;" ></h4>
<form >
    <p>账号:<input type="text" name="username" id="username" value="admin"/></p>
    <p>密码:<input type="password" name="password" id="password" value="123456"/></p>
    <div><label> 验证码 : <input type="text" name="captcha" id="captcha" placeholder="验证码"/> </label></div>
    <div><img src="/south/Captcha.jpg" class="pull-right" id="captcha_img" style="cursor: pointer;" onclick="this.src=this.src+'?d='+Math.random();" title="点击刷新" alt="captcha"></div>
    <P><input type="checkbox" name="rememberMe" />记住我</P>
    <p><input type="button" onclick="lonin()" value="登录"/></p>
</form>
<script type="text/javascript" src="/south/js/jquery.min.js"></script>
<script>
   
    function lonin() {
        var username = document.getElementById('username').value;
        var password = document.getElementById('password').value;
        var captcha = document.getElementById('captcha').value;
        alert(username)
        $.ajax({
            url:"/south/logina",
            data:{username:username,password:password,captcha:captcha},
            dataType:'json',
            type:'post',
            success:function (data) {
                alert(data.msg)
                     window.location.href = "/south/index.html";

            }
        })
    }
</script>
</body>
</html>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
....index
<li class="layui-nav-item"><a href="/south/logout"><i class="fa fa-sign-out" aria-hidden="true"></i> 注销</a></li>
</body>
</html>

密码加密方式

  String name="123";
        String salt="e10adc3949ba59abbe56e057f20f883e";
        String passworaaa= new Md5Hash("123456",name+salt,2).toHex();
qq_37950416
关注
  • 1
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
springboot整合shiro实现登录验证授权
灰太狼
01-25 670
springboot整合shiro实现登录验证授权 1.添加依赖: <!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.1</version&gt
SpringBoot + Shiro实现登陆认证(实现过程 + 源码解析 + 代码展示)
m0_67402914的博客
04-25 1891
文章目录 1.概述 1.1 SpringBoot 1.2 Shiro 2.Shiro实现登录认证 导入pom依赖 配置核心方法 3.Shiro登录认证源码解析 代码地址 1.概述 1.1 SpringBoot 今天要做的是使用SpringBoot配合Shiro实现登陆的认证,所以SpringBoot是必不可少的,相信大家能用到Shiro了,SpringBoot一定不差,那就不做过多赘述,我们主要来介绍Shiro。 1.2 Shiro Shiro是java的一个安全框架,
SpringBoot+Shiro登录验证码制作
12-21
用户登录常常要做防机器验证,所以使用到了随机验证码,防止机器刷 1.直接java内部自带的就行啦,也不需要用外部生成的api 生成验证码的工具类的写法: import javax.imageio.ImageIO; import java.awt.*; import java.awt.image.BufferedImage; import java.io.*; import java.util.Random; /** * @author lrx * @description: TODO 验证码生成工具类 * @date 2020/4/24 14:51 */ public class C
Spring Boot整合Shiro + JSP教程(用户认证,权限管理,图片验证码
Coding for freedom
11-02 1011
在此首先感谢**编程不良人**up主提供的视频教程 代码都是跟着up的视频敲的,遇到的一些问题也是通过CSDN博主提供的教程解决的,在此也感谢那些提供bug解决方案的前辈们~ 项目完整代码已经发布到github上面,有需要的朋友可以自取 1.权限管理 1.1 什么是权限管理 ​ 涉及到用户参与的系统都要涉及权限管理,权限管理属于系统安全范畴。权限管理实现的是对用户访问系统的控制,按照安全规则或者安全策略控制用户可以访问而且只能访问自己被授权的资源。 ​ 权限管理包括 用户身份认证 和 授权 两部分.
springboot集成shiro,使用token登陆,使用redis缓存
myth_g的博客
08-27 1万+
1.准备用户数据,这里我将数据写死存储; public class Constant implements Serializable { public static final String USERNAME = "gaoyang"; public static final String PASSWORD = "123456"; public static final ...
SpringBoot+Shiro权限管理系统脚手架.zip
最新发布
12-26
7. **Shiro缓存管理** 为了提高性能,Shiro支持缓存机制,可以将用户权限信息缓存起来,减少数据库查询次数。可以通过集成Redis或EhCache等缓存服务实现。 8. **安全最佳实践** - 使用HTTPS进行通信,增加数据...
基于SpringBoot+Layui+Shiro登录注册模板源码+数据库(邮箱短信验证)
04-17
java发邮件 这是一个基于SpringBoot+Layui+Shiro+Thymeleaf的登录...注意:本来登录成功会跳转到后台首页,后台首页有退出登录,但是我没加上去,有些同学可能记住密码就自动登录了,你只要清以下浏览器Cookie缓存即可
springboot_shiro.zip
11-06
6. **状态感知**:在页面和API接口中,利用Shiro提供的工具判断用户是否已登录实现权限控制。 7. **测试**:进行充分的功能和性能测试,确保Shiro的各个功能正常且系统稳定。 通过以上内容,我们可以了解到...
springboot整合shiro
11-27
8. **ShiroSpringBoot的集成**:Shiro的事件监听、缓存管理等功能都可以通过SpringBoot的自动配置进行定制。例如,你可以自定义`ShiroFilterFactoryBean`,并设置拦截规则。 以上就是SpringBoot整合Shiro的基本...
SpringBoot2.7整合SpringSecurity+Jwt+Redis+MySQL+MyBatis完整项目代码
10-30
在本项目中,我们主要关注的是SpringBoot 2.7版本与多个技术的深度整合,包括Spring Security、JWT(JSON Web Token)、Redis缓存以及MySQL数据库,并利用MyBatis作为持久层框架。以下是对这些技术及其整合应用的...
springboot集成shiro实现验证码校验
weixin_33725272的博客
08-10 315
github:https://github.com/peterowang/shiro/ 这里实现验证码校验的思路是自己添加一个Filter继承FormAuthenticationFilter,FormAuthenticationFilter负责表单验证,shiro会先在FormAuthenticationFilter子类去校验验证码,然后再去做身份验证。 生成验证码这里使用Google...
springboot②最正确的集成shiro并使用ehcache缓存
热门推荐
tanleijin的博客
07-19 2万+
  springboot集成shiro和ehcache的时候,要先集成ehcache然后再集成shiro,这样当shiro配置cacheManager的时候就可以直接使用了。下面是正确的集成步骤: 第一步集成ehcache: 1.在pom.xml文件中引入以下依赖 &lt;!--开启 cache 缓存--&gt; &lt;dependency&gt; ...
springboot项目前后端分离使用shiro的情况解决sessionid不同问题
chenyidong521的博客
08-12 1万+
遇到的问题 开发中遇到开发app或者前后端分离的项目时候,使用ajax等方式向后台访问的时候session每次都不同,这样使用shiro验证全是不能通过.原来我们使用的是token的方式,可以自己通过验证token来实现权限判断问题,但是使用shiro我们还需要自己重写权限判断.那么如何实现shiro中通过token来进行sessionid不变呢. 我们通过配置shiro的session管理器来解...
springboot整合shiro-实现验证码认证
cx1006784951的博客
08-05 320
https://blog.csdn.net/qq_34021712/article/details/80470738
SpringBoot整合Shiro框架实现加密、登录、授权
pan_junbiao的博客
05-30 7573
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 下面将使用SpringBoot整合Shiro框架实现加密、登录、授权。 1、创建数据表 使用MySQL数据库,创建实例所需的数据表,用户信息表、角色信息表、权限信息表等。 1.1 数据表结构 1.2 数据表脚本 (1)创建数据表脚本。 -- 创建数据表:us.
Springboot2.0整合Shiro框架系列-简单登录认证(一)
子云的博客
10-27 4275
Shiro简介 Apache Shiro 是 Java 的一个安全框架。Shiro 可以非常容易的开发出足够好的应用,其不仅可以用在 JavaSE 环境,也可以用在JavaEE 环境。Shiro 可以帮助我们完成,认证、授权、加密、会话管理、与Web集成、缓存等。 ...
springboot生成验证码,保存在cache中
qq_16171815的博客
04-02 1213
1、maven依赖 <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>18.0</version> </dependency> <dependency>
springboot shiro 使用redis存储登录信息 实现单点登录sso
u012954380的博客
10-06 7913
shiro 默认使用的是session 存储登录信息的,这对于单体应用来讲是没有什么问题的,但是对于分布式应用或者集群应用就行不通了,因为集群或者分布式系统 应用部署在不同的jvm 上,session不能共享。如果使用redis存储登录信息则可以解决这个问题,这里简单使用shiro-redis框架来实现这个功能 具体流程如下 首先我们创建一个springboot 父子工程 父工...
springboot整合shiro-关于登出时,redis中缓存没有清理干净的问题
cristianoxm的博客
12-15 1376
原文地址,转载请注明出处: https://blog.csdn.net/qq_34021712/article/details/84722724 ©王赛超 如果是跟着我的shiro系列博客敲下来的,其实还有一个bug,这是一个网友遇到的,他在登出的时候,发现redis中当前用户身份认证缓存没有清理掉,之前在 springboot整合shiro-ehcache缓存(五) 中测试添加权限之后,清理的是所有用户的缓存,所以没有发现这个问题。 还记得上一篇博客: springboot整合shiro-实现自己
springboot+shiro+redis实现单点登录源码
09-17
在Spring Boot中使用Shiro来处理认证和授权,可以通过配置Shiro的Realm来实现用户的登录认证和权限控制。将用户的信息存储在Redis中,利用Redis的持久化特性来实现用户登录状态的共享和存储。 首先,在Spring Boot...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值