实现目标:登录不同的权限,显示不同的内容。
接
https://blog.csdn.net/qq_44116526/article/details/122032092?spm=1001.2014.3001.5501
1、引入依赖
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2、ShiroConfig.java
//整合ShiroDialet:用来整合shiro thymeleaf
@Bean
public ShiroDialect getShiroDialect() {
return new ShiroDialect();
}
package com.li.config;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
//从下往上写
@Configuration
public class ShiroConfig {
@Bean
//shiroFilterFactoryBean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
// 设置安全管理器
bean.setSecurityManager(defaultWebSecurityManager);
// 添加shiro的内置过滤器
/* anon:无需认证就可以访问
authc:必须认证了才可以访问
user:拥有了对某个资源的权限才可以访问
role:拥有某个角色权限才能访问
* */
//拦截
Map<String, String> filterMap = new LinkedHashMap<>();
// filterMap.put("/User/add","authc");
// filterMap.put("/User/update","authc");
//授权,正常情况下,没有授权会跳转到未授权页面
filterMap.put("/User/add", "perms[User:add]");
filterMap.put("/User/update", "perms[User:update]");
filterMap.put("/User/*", "authc");
bean.setFilterChainDefinitionMap(filterMap);
// 设置登录请求
bean.setLoginUrl("/toLogin");
//未授权页面
bean.setUnauthorizedUrl("/noauth");
return bean;
}
// DafaultwebSecuityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 关联UserRealm
securityManager.setRealm(userRealm);
return securityManager;
}
// 创建realm对象,需要自定义;第一步
//@Bean(name = "userRealm")
@Bean
public UserRealm userRealm() {
return new UserRealm();
}
//整合ShiroDialet:用来整合shiro thymeleaf
@Bean
public ShiroDialect getShiroDialect() {
return new ShiroDialect();
}
}
3、将用户信息放到Session中,UserRealm.java
//将用户信息放到Session中
Subject currentSubject=SecurityUtils.getSubject();
Session session=currentSubject.getSession();
session.setAttribute("loginUser",admin);
package com.li.config;
import com.li.Service.adminServiceImpl;
import com.li.pojo.admin;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
//自定义的UserRealm
public class UserRealm extends AuthorizingRealm {
@Autowired
adminServiceImpl adminService;
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了=》授权doGetAuthorizationInfo");
// 不是 SimpleAuthenticationInfo,是SimpleAuthorizationInfo
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
//info.addStringPermission("User:add");
// 拿到当前登录的这个对象
Subject subject= SecurityUtils.getSubject();
admin currentUser=(admin) subject.getPrincipal();//拿到User对象
// 设置当前用户权限
info.addStringPermission(currentUser.getPerms());
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行了=》doGetAuthenticationInfo");
// 用户名密码
// String name="root";
// String password="123456";
UsernamePasswordToken userToken=(UsernamePasswordToken) token;
// 连接真实数据库
admin admin = adminService.queryByname(userToken.getUsername());
// if (!userToken.getUsername().equals(name))
// {
// return null;//抛出异常UnknownAccountException
// }
if(admin==null){
return null;
}
//将用户信息放到Session中
Subject currentSubject=SecurityUtils.getSubject();
Session session=currentSubject.getSession();
session.setAttribute("loginUser",admin);
// 密码认证,shiro做
// return new SimpleAuthenticationInfo("",password,"");
return new SimpleAuthenticationInfo(admin,admin.getPwd(),"");
//return new SimpleAuthenticationInfo("",admin.getPwd(),"");
}
}
4、index.hrml
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
<head>
<meta charset="UTF-8">
<title>首页</title>
</head>
<body>
首页
<p th:text="${msg}"></p>
<div th:if="session.loginUser==null">
<p><a th:href="@{/toLogin}">登录</a></p>
</div>
<div shiro:hasPermission="user:add">
<a th:href="@{/User/add}">add</a>
</div>
<div shiro:hasPermission="user:update">
<a th:href="@{/User/update}">update</a>
</div>
</body>
</html>