springBoot整合shiro的(超级详细的)环境搭建,实现登录拦截,以及实现用户认证,整合mybatis

我们从项目中去理解集成的过程,这样更能加深印象
创建好工程之后,我们需要导入thymeleaf的依赖

<dependency>
<!--            我们都是基于3.x开发的-->
            <groupId>org.thymeleaf</groupId>
            <artifactId>thymeleaf-spring5</artifactId>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-java8time</artifactId>
        </dependency>

也可以参考官方给的案例中springbootweb’中的依赖

接下来就编写一个首页
接着写一个controller包,和MyController

先简单的写一个Controller保证项目能够正常启动

项目正常启动后,我们再来集成shiro,
整合shiro
shiro的三大对象:
Subject:用户
securityManager:管理所有用户
Realm:连接数据
导入shiro,springboot整合shiro的包:

  <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.5.3</version>
        </dependency>

编写配置类:ShiroConfig

package com.qiu.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
    //第三步:ShiroFilterFactoryBean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    //设置安全管理器,需要放置在Bean里面
    
    bean.setSecurityManager(defaultWebSecurityManager);
    return bean;
}
    //第二步:DefaultWebSecurityManager
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联Realm
        //通过传参,在加上@Qualifier进行realm和securityManager的绑定
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    //第一步://创建realm对象,需要自定义类
    //把类放进配置里面,再加上@bean,这样我们这个类就被spring托管了
    @Bean(name = "userRealm")
    public UserRealm userRealm(){
        return new UserRealm();
    }
}

注意这里是重下往上写的

UserRealm类:

package com.qiu.config;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

//自定义的一个realm,需要继承一个
public class UserRealm  extends AuthorizingRealm {
    @Override
    //授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了授权==>doGetAuthorizationInfo");
        return null;
    }

    @Override
    //认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行了认证==>doGetAuthenticationInfo");
        return null;
    }
}

新建两个网页,一个是update,一个是add

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>
    add
</h1>
</body>
</html>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<h1>
    update
</h1>
</body>
</html>

然后在添加controller
首页添加代码:

<hr>
<a th:href="@{/user/add}"></a> | <a th:href="@{/user/update}"></a>

然后启动项目:

检验这两个页面都能跑的时候我们来实现登录验证
这是我们需要在ShiroConfig中添加shiro的内置过滤器.

/**
* anon:无需认证,即可访问
* authc:必须认证了才能访问
* user:必须拥有记住我的功能才能用
* perms:拥有对某个资源的权限才能访问
* role:拥有某个觉得权限才能访问
*/
设置安全管理器,需要放置在Bean里面
看下这些关键字:
//这是我们需要在UserRealm中添加shiro的内置过滤器.
//anon:无需认证,即可访问
// authc:必须认证了才能访问
// user:必须拥有记住我的功能才能用
// perms:拥有对某个资源的权限才能访问
//role:拥有某个觉得权限才能访问

所以我们可以在map中put进去:
完整的shiroConfig:

package com.qiu.config;


import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    //第三步:ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();

        //设置安全管理器,需要放置在Bean里面
        bean.setSecurityManager(defaultWebSecurityManager);
        //这是我们需要在UserRealm中添加shiro的内置过滤器.
          //anon:无需认证,即可访问
          // authc:必须认证了才能访问
          // user:必须拥有记住我的功能才能用
          // perms:拥有对某个资源的权限才能访问
          //role:拥有某个觉得权限才能访问
        Map<String, String> filterMap = new LinkedHashMap<>();
//        filterMap.put("user/add","authc");
//        filterMap.put("user/update","authc");
        filterMap.put("/user/*","authc");
        bean.setFilterChainDefinitionMap(filterMap);
        //设置登录的请求
        //关于登录拦截
        bean.setLoginUrl("/toLogin");
        return bean;
    }


    //第二步:DefaultWebSecurityManager
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联Realm
        //通过传参,在加上@Qualifier进行realm和securityManager的绑定
        securityManager.setRealm(userRealm);
        return securityManager;
    }
    //第一步://创建realm对象,需要自定义类

    //把类放进配置里面,再加上@bean,这样我们这个类就被spring托管了
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }

}

同样的整合mybatis,即可以将用户认证的用户数据与数据库相连接.
所以第一步我们需要导入数据库的连接包,这里我们可以使用druid,log4j,lombok,mysql-connector.依赖:

 <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>
<!--        lombok-->
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.16.10</version>
        </dependency>
<!--日志-->
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.17</version>
        </dependency>
<!--druid数据源-->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.1.22</version>
        </dependency>
<!--        mybatis-spring-->
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.1.2</version>
        </dependency>

然后编写配置文件application.yaml

spring:
  datasource:
    username: root
    password: 123456
    # 假如时区报错了,那么就在url增加一个配置serverTimezone=UTC就行
    url: jdbc:mysql://localhost:3306/mybatis?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
    driver-class-name: com.mysql.cj.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource

    #Spring Boot 默认是不注入这些属性值的，需要自己绑定
    #druid 数据源专有配置
    initialSize: 5
    minIdle: 5
    maxActive: 20
    maxWait: 60000
    timeBetweenEvictionRunsMillis: 60000
    minEvictableIdleTimeMillis: 300000
    validationQuery: SELECT 1 FROM DUAL
    testWhileIdle: true
    testOnBorrow: false
    testOnReturn: false
    poolPreparedStatements: true

    #配置监控统计拦截的filters，stat:监控统计、log4j：日志记录、wall：防御sql注入
    #如果允许时报错  java.lang.ClassNotFoundException: org.apache.log4j.Priority
    #则导入 log4j 依赖即可，Maven 地址：https://mvnrepository.com/artifact/log4j/log4j
    filters: stat,wall,log4j
    maxPoolPreparedStatementPerConnectionSize: 20
    useGlobalDataSourceStat: true
    connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500


mybatis:
  type-aliases-package: com.qiu.pojo
  mapper-locations: classpath:mapper/*.xml

我们需要注意yaml文件中需要配置mybatis的别名和XXXmapper.xml的位置.

接着看结构:
配置好后,进行测试.
到这一步,则数据查询成功了.