UserRealm.java
package com.edu.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import com.edu.entity.Role;
import com.edu.service.UserService;
/**
* 自定义的
* @author yjl
*
*/
public class UserRealm extends AuthorizingRealm {
/**
* 执行授权逻辑
*
*
*/
@Autowired
private UserService userservice;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
// TODO Auto-generated method stub
System.out.println("执行授权逻辑");
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
Subject subject=SecurityUtils.getSubject();
Role role=(Role)subject.getPrincipal();
Role dbRole=userservice.findById(role.getId());
info.addStringPermission(dbRole.getPerms());
return info;
}
/**
* 执行认证逻辑
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
// TODO Auto-generated method stub
System.out.println("执行认证逻辑");
UsernamePasswordToken token=(UsernamePasswordToken)arg0;
Role role=userservice.findName(token.getUsername());
if(role==null) {
return null;
}
return new SimpleAuthenticationInfo(role,role.getpassword(),"");
}
}
ShiroConfig.java
package com.edu.shiro;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* 配置类
* @author yjl
*
*/
@Configuration
public class ShiroConfig {
/**
* 创建ShiroFilterFactoryBean
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
/**
* 添加内置过滤器
* anon:无需认证只要登录就能访问
* anthc:必须认证才可以访问
* user
* perms 该资源必须等到资源权限才可以访问
* role 该资源必须得到角色的权限才可以访问
*/
Map<String,String> filterMap=new LinkedHashMap<String,String>();
// filterMap.put("/Test ", "anon");
filterMap.put("/submit", "anon");//过滤器允许submit的通过
filterMap.put("/sub", "anon");
// filterMap.put("/submit1", "anon");
//当前授权拦截后,shiro会自动跳转到未授权的页面
filterMap.put("/add", "perms[admin]");//用户必须为perms必须为admin的才有权限进入
filterMap.put("/update", "perms[user]");//用户必须为perms必须为user的才有权限进入
filterMap.put("/* ", "authc");
System.out.println(filterMap);
shiroFilterFactoryBean.setLoginUrl("/sub");
//设置未授权的提示页面
shiroFilterFactoryBean.setUnauthorizedUrl("/unAuth");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/**
* 创建DefaultSecurityManager
* @param userRealm
* @return
*/
@Bean(name="securityManager")
public DefaultWebSecurityManager gertDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
//关联Realm
securityManager.setRealm(userRealm);
return securityManager;
}
/**
* 创建Realm
*/
@Bean(name="userRealm")
public UserRealm getRealm() {
return new UserRealm();
}
}
Role.java
package com.edu.entity;
public class Role {
private int id;
private String username;
private String password;
private String perms;
public String getPerms() {
return perms;
}
public void setPerms(String perms) {
this.perms = perms;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getpassword() {
return password;
}
public void setpassword(String password) {
this.password = password;
}
@Override
public String toString() {
return "Role [id=" + id + ", username=" + username + ", password=" + password + ", perms=" + perms + "]";
}
}
UserMapper.java
package com.edu.Mapper;
import org.apache.ibatis.annotations.Param;
import com.edu.entity.Role;
public interface UserMapper {
public Role findById(@Param("id") Integer id);
public Role findName(@Param("name") String name);
}
UserService .java
package com.edu.service;
import com.edu.entity.Role;
public interface UserService {
public Role findName(String name);
public Role findById(Integer id);
}
UserMapper.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.edu.Mapper.UserMapper">
<select id="findName" parameterType="String" resultType="com.edu.entity.Role">
SELECT id,username,password,perms FROM role where username=#{name}
</select>
<select id="findById" parameterType="int" resultType="com.edu.entity.Role">
SELECT id,username,password,perms FROM role where id=#{id}
</select>
</mapper>
Test.xml
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>测试</title>
</head>
<body>
<!--在这里碰到了一个坑,就是没有使用shiro标签执行授权逻辑的方法不执行,可以执行认证的方法-->
<h3 th:text="${name}"></h3>
<hr/>
<div shiro:hasPermission="admin">
进入用户添加: <a href="add">用户添加</a>
</div>
<div shiro:hasPermission="user">
进入用户更新: <a href="update">用户更新</a>
</div>
<a href="/sub">登录</a>
</body>
</html>
HtmlController.java
package com.edu.Controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import com.edu.entity.Role;
@Controller
public class HtmlController {
/**
* @ResponseBody的坑,我说我怎么没有返回页面而是只返回一个数组,
* 原来我这里原本复制了@ResponseBody,
* 没有删掉,所以一直返回一个json类型的数据
* @param role
* @param model
* @return
*/
@PostMapping("/submit")
public String submit(Role role,Model model) {
/**
* 使用shiro的编写认证操作
*/
Subject subject=SecurityUtils.getSubject();
/**
* 封装用户的数据
*/
UsernamePasswordToken token=new UsernamePasswordToken(role.getUsername(),role.getpassword());
try {
subject.login(token);
return "Test";
}catch(UnknownAccountException e) {
model.addAttribute("mes","用户名不存在");
return "submit1";
}catch(IncorrectCredentialsException e) {
model.addAttribute("mes","密码错误");
return "submit1";
}
}
/**
* 用作test的测试
* @param model
* @return
*/
@GetMapping("/Test")
public String Test(Model model) {
model.addAttribute("name", "某某某");
return "Test";
}
@GetMapping("/unAuth")
public String unAuth() {
return "error";
}
@GetMapping("/sub")
public String sub() {
return "submit1";
}
@GetMapping("/add")
public String add() {
return "add";
}
@GetMapping("/update")
public String update() {
return "update";
}
}
依赖的添加
<!--模板类的添加-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!--shiro需要的依赖添加-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>