在Springboot框架中整合shiro权限框架实现系统登录
##一、创建springboot项目
二、整合shiro
1、引入jar包
在创建springboot项目后在引入如下jar包
<!-- thymeleaf模板引擎和shiro框架的整合 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.1.0</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.2</version>
</dependency>
2、项目目录
三、代码
1、实体类(User)
@Data
public class User {
private Integer id;
private String username;
private String password;
private String salt;
private String rid;
}
2、控制器(UserController)
@Controller
public class UserController {
@GetMapping("/")
public String login(HttpServletRequest request, HttpServletResponse response, ModelMap mmap)
{
return "login";
}
@RequestMapping("/login")
public String login(String username,String password){
Map map=new HashMap<>();
map.put("msg","失败");
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
Subject subject = SecurityUtils.getSubject();
try
{
subject.login(token);
map.put("msg","成功");
return "index";
}catch (Exception e){
System.out.println(e);
}
return "login";
}
}
3、Service层(UserService)
1)接口
public interface UserService {
User getUser(String username, String password);
}
2)实现类
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserMapper userMapper;
@Override
public User getUser(String username, String password) {
User user=userMapper.getUserm(username,password);
return user;
}
}
4、Dao层(UserMapper)
public interface UserMapper {
User getUserm(String username, String password);
}
5、shiro
@Configuration
public class ShiroConfig {
@Bean
public UserRealm getRealm(){
UserRealm userRealm = new UserRealm();
return userRealm;
}
@Bean
public DefaultWebSecurityManager securityManager(UserRealm userRealm)
{
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置realm.
securityManager.setRealm(userRealm);
ThreadContext.bind(securityManager);//加上这句代码手动绑定
// session管理器
//securityManager.setSessionManager(sessionManager());
// 记住我
//securityManager.setRememberMeManager(rememberMe ? rememberMeManager() : null);
// 缓存管理器;
//securityManager.setCacheManager(getEhCacheManager());
return securityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager)
{
ShiroFilterFactoryBean filter=new ShiroFilterFactoryBean();
filter.setSecurityManager(securityManager);
//设置shiro的拦截规则
//anon 匿名用户可访问 authc 认证用户可访问
//user 使用RemeberMe的用户可访问 perms 对应权限可访问
//role 对应的角色可访问
LinkedHashMap<String,String> filterMap=new LinkedHashMap<>();
filterMap.put("/","anon");
filterMap.put("/login.html","anon");
filterMap.put("/login","anon");
filterMap.put("/static/**","anon");
filterMap.put("/**","authc");
filter.setFilterChainDefinitionMap(filterMap);
filter.setLoginUrl("/login.html");
//设置未授权页面跳转到登录页面
filter.setUnauthorizedUrl("/login.html");
return filter;
}
}
6、realm
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
//登录验证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
//根据token获取登录信息
String username = upToken.getUsername();
String password = "";
if (upToken.getPassword() != null)
{
password = new String(upToken.getPassword());
}
User user = null;
//根据用户名获取数据库中的信息
try{
user=userService.getUser(username, password);
}catch (Exception e){
throw new AuthenticationException(e.getMessage(), e);
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
return info;
}
}
7、html
1)登录页(login.html)
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
aaa
<form action="/login" method="post">
用户名:
<input type="text" id="username" name="username">
密码:
<input type="password" id="password" name="password">
<button type="submit">登录</button>
</form>
</body>
</html>
2)首页(index.html)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
Hello
</body>
</html>
8、配置文件
server.port=8080
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/shiro?serverTimezone=Asia/Shanghai&allowMultiQueries=true&useAffectedRows=true&rewriteBatchedStatements=true
spring.datasource.username=root
spring.datasource.password=123456
spring.thymeleaf.cache=false
mybatis.mapper-locations=classpath*:mapper/*.xml
9、mybatis
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.test.demo2.mapper.UserMapper">
<resultMap type="com.test.demo2.domain.User" id="SysConfigResult">
<id property="id" column="id" />
<result property="username" column="username" />
<result property="password" column="password" />
<result property="rid" column="rid" />
<result property="salt" column="salt" />
</resultMap>
<select id="getUserm" parameterType="com.test.demo2.domain.User" resultMap="SysConfigResult">
select *
from user
where username=#{username}
</select>
</mapper>
四、运行截图