SpringBoot相关文章
目录
1.导入依赖
此处需要建立一个SpringBoot工程,勾选web、thymeleaf(可选),以下除了shiro与Springboot的相关依赖必须外,其他可有选择地导入
<!-- thymeleaf 模板引擎 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-java8time</artifactId>
</dependency>
<!-- Web应用支持 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- shiro启动器 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.5.3</version>
</dependency>
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2.自定义Realm
@Component("authorizer")
public class CustomRealm extends AuthorizingRealm {
private static final Logger log= LoggerFactory.getLogger(CustomRealm.class);
@Autowired
private EntranceService entranceService;
/**
* 授权
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("————权限认证————");
String username = (String) SecurityUtils.getSubject().getPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//获得该用户角色
String role = userMapper.getRole(username);
Set<String> set = new HashSet<>();
//需要将 role 封装到 Set 作为 info.setRoles() 的参数
set.add(role);
//设置该用户拥有的角色
info.setRoles(set);
return info;
}
/**
* 认证
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
log.info("MyShiroRealm.doGetAuthenticationInfo()");
String username = (String)token.getPrincipal();
UserDO user = entranceService.getUserByUserName(username);
if (user==null) {
return null;
}
return new SimpleAuthenticationInfo(username, user.getPassword(), getName());
}
}
3.编写Shiro配置类
一般如果你用配置类配置了,就不需要再在application.yml或者application.properties文件中配置了,需要注意的是,做登录认证时,记得开放提交登录的url
@Configuration
public class ShiroConfiguration {
private static final Logger log= LoggerFactory.getLogger(ShiroConfiguration.class);
/**
* 注入过滤器工厂
* 在此处可以配置的认证路径
* @param securityManager
* @return
*/
@Bean(name="shiroFilterFactoryBean")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
log.info("ShiroConfiguration.shirFilter()");
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
// 配置不会被拦截的链接 顺序判断
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/login.do","anon");
//<!-- 过滤链定义,从上向下顺序执行,一般将/\*\*放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
//<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
filterChainDefinitionMap.put("/**", "authc");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index");
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* 注入自定义Realm
* @return
*/
@Bean(name = "customRealm")
CustomRealm customRealm() {
return new CustomRealm();
}
/**
* 注入安全管理器
* @param customRealm
* @return
*/
@Bean(name = "securityManager")
SessionsSecurityManager securityManager(@Qualifier("customRealm") CustomRealm customRealm) {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(customRealm);
return manager;
}
/**
* shiro整合thymeleaf
* @return
*/
@Bean(name = "shiroDialect")
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
}
4.编写登录Controller
@PostMapping("/login.do")
public String login(String username, String password, Model model) {
log.info("登录了");
if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
model.addAttribute("errMsg", "账号或密码不能为空");
return "login";
}
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username, password));
subject.getSession(true).setAttribute("user",username);
return "redirect:index";
} catch (UnknownAccountException | CredentialsException e) {
log.error("账号或密码错误!:"+e.getMessage());
model.addAttribute("errMsg", "账号或密码错误!");
}catch (Exception e){
model.addAttribute("errMsg", "登陆失败!请稍后重试");
log.error("登陆失败!"+e.getCause());
}
return "login";
}