shiro篇：使用Shiro对一个SSM项目进行身份加密验证

最新推荐文章于 2023-07-11 20:42:20 发布

呱？！

最新推荐文章于 2023-07-11 20:42:20 发布

阅读量1.3k

点赞数 4

文章标签： shiro SSM 身份加密

本文链接：https://blog.csdn.net/qq_39773004/article/details/109074008

版权

Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理

1.配置环境

1.1pom依赖

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.example</groupId>
    <artifactId>1014_1_shirowebspring</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>war</packaging>

    <dependencies>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-all</artifactId>
            <version>1.4.0</version>
            <type>pom</type>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
            <version>1.7.12</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
            <version>1.7.12</version>
        </dependency>
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.16</version>
        </dependency>
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        <!--spring-->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>4.3.5.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>2.9.8</version>
        </dependency>
    </dependencies>
</project>

1.2web.xml配置spring+spingMVC+乱码过滤+shiroFilter过滤

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
    <!--spring-->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext*.xml</param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

<!--    springMVC-->
    <servlet>
        <servlet-name>springmvc</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:springmvc-servlet.xml</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>springmvc</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
<!--    乱码处理-->
    <!--3.处理乱码-->
    <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>utf-8</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

<!--    shiroFilter-->
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    
    
    
    
</web-app>

1.3 Spring的配置：applicationContext-shiro.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd">

    <!--shiro+spring整合的核心配置-->
    <!--1.SecurityManager-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!--配置realm-->
        <property name="realms" ref="myUerRealm"></property>
    </bean>
    <!--2.配置自定义realm，走数据库  不用默认的iniRealm shiro.ini,不利于后期维护-->
    <bean id="myUerRealm" class="realm.MyRealm"></bean>

    <!--3.shiroFilter,shiro拦截后会把请求，交给该过滤器处理,id需要和web.xml中配置的名字一致-->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!--        登录界面-->
        <property name="loginUrl" value="/login.jsp"></property>
<!--        没有权限的跳转-->
        <property name="unauthorizedUrl" value="/unauthorized.jsp"></property>

        <property name="securityManager" ref="securityManager"></property>
        <property name="filterChainDefinitions">
<!--
            1.顺序问题：  严格的（/** = authc）过滤器往后配置
            2.anon：     匿名访问，不登录就可以访问
            3.authc ：   认证后访问
-->
            <value>
                /doLogin = anon
                /js/** = anon
                /** = authc
            </value>
        </property>
    </bean>


</beans>

1.4SpringMVC的环境springmvc-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <context:component-scan base-package="controller"></context:component-scan>

    <mvc:annotation-driven></mvc:annotation-driven>

    <!--    静态资源放行问题1-->
    <mvc:default-servlet-handler></mvc:default-servlet-handler>

    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/"></property>
        <property name="suffix" value=".jsp"></property>
    </bean>
</beans>

2.创建一个自定义realm类

package realm;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * zt
 * 2020/10/14
 * 11:08
 */
public class MyRealm extends AuthorizingRealm {
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("---------->授权");
        return null;
    }

    /**
     *subject.login(token);  在controller中查找执行认证方法
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("---------->认证，登录");

        String username = (String) token.getPrincipal();
        String password = new String((char[])token.getCredentials());

        String u = "admin";//数据库的，写死
//        String p = "123";//数据库
        String p = "3cb336337a3bdceb3c0b65bdcc5f122c";
        int isLock = 1;
        if(!username.equals(u)) {//账号错误
            throw new UnknownAccountException("账号异常");
        }
        if(!password.equals(p)) {//密码错误
            throw new IncorrectCredentialsException("密码错误");
        }
        if(isLock!=1){
            throw new LockedAccountException("账户锁定");
        }

        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,this.getName());

        return info;
    }
}

3.创建controller

package controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * zt
 * 2020/10/14
 * 11:28
 */
@Controller
public class MyController {
    @RequestMapping("/doLogin")
    public String doLogin(String username,String password){
        System.out.println("登录");
        //1.shiro认证
        Subject subject = SecurityUtils.getSubject();
        //加密
        password = new Md5Hash(password, username, 2014).toString();
        System.out.println(password);
        //2.把用户输入的用户名和密码封装成一个usernamePasswordToken对象
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
        //3.登录  查找，执行认证方法
        subject.login(token);

        System.out.println(subject.isAuthenticated()?"登录成功":"登录失败");
        return "success";
    }

}

4.写一个页面测试

<%--
  Created by IntelliJ IDEA.
  User: 49841
  Date: 2020/10/14
  Time: 11:40
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>

<form action="/doLogin" method="post">
    <input type="text" name="username" id="id"><br>
    <input type="text" name="password"  id="name"><br>

    <input type="submit" value="提交" id="btn">
</form>
</body>
</html>

success.jsp

<%--
  Created by IntelliJ IDEA.
  User: 49841
  Date: 2020/10/14
  Time: 11:31
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%--shiro标签--%>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>
<html>
<head>
    <title>Title</title>
</head>
<body>
success
<shiro:principal></shiro:principal>,欢迎您！！！！！！
<shiro:authenticated>success</shiro:authenticated>
<shiro:guest>guest</shiro:guest>
</body>
</html>

呱？！

关注

4
点赞
踩
2

收藏

觉得还不错? 一键收藏
16
评论
shiro篇：使用Shiro对一个SSM项目进行身份加密验证

Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理1.配置环境1.1pom依赖<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="h
复制链接

扫一扫