本章目标:
1、shiro认证
2、盐加密
请先参考我的另一篇博客 Shiro 入门使用 ,能更好的理解本章内容,Shiro 入门使用:https://blog.csdn.net/qq_44641053/article/details/102527260
Shiro认证
1、Pom依赖:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
2、web.xml配置:
<!-- shiro过滤器定义 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
通过 逆向工程 将五张表生成对应的 model、mapper(ShiroUser,ShiroUserMapper,ShiroUserMapper.xml)
3、自定义 Realm
MyRealm.java
package com.dj.ssm.shiro;
import com.dj.ssm.model.ShiroUser;
import com.dj.ssm.model.User;
import com.dj.ssm.service.ShiroUserService;
import com.dj.ssm.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.stereotype.Service;
public class MyRealm extends AuthorizingRealm {
private ShiroUserService shiroUserService;
public ShiroUserService getShiroUserService() {
return shiroUserService;
}
public void setShiroUserService(ShiroUserService shiroUserService) {
this.shiroUserService = shiroUserService;
}
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
/**
* 认证
* @param token 从jsp传递过来的用户名密码组合成的一个token对象
* @return
* @throws AuthenticationException
*
* 认证过程:
* 1.数据源(ini--》数据库)
* 2.AuthenticationInfo将数据库的用户信息给subject主题做shiro认证的
* 2.1.需要在当前的realm中调用service来验证,当前用户是否在数据库中存在
* 2.2.盐加密
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("身份认证...");
String username = token.getPrincipal().toString();
String password = token.getCredentials().toString();
ShiroUser user = shiroUserService.queryByName(username);
// 拿到数据库中的用户信息,放入token凭证中,用于controler进行对比
AuthenticationInfo info = new SimpleAuthenticationInfo(
user.getUsername(),
user.getPassword(),
ByteSource.Util.bytes(user.getSalt()),
this.getName()
);
return info;
}
}
ShiroUserMapper和ShiroUserMapper.xml中加入:
ShiroUser queryByName(String uname);
Mapper 中新增
<select id="queryByName" resultType="com.dj.ssm.model.ShiroUser" parameterType="java.lang.String">
select
<include refid="Base_Column_List" />
from t_shiro_user
where userName = #{userName}
</select>
Service层
ShiroUserService.java
package com.dj.ssm.service;
import com.dj.ssm.model.ShiroUser;
import java.util.Set;
public interface ShiroUserService {
public Set<String> getRolesByUserId(Integer userId);
public Set<String> getPersByUserId(Integer userId);
public ShiroUser queryByName(String userName);
public int insert(ShiroUser shiroUser);
}
ShiroUserServiceImpl.java
package com.dj.ssm.service.impl;
import com.dj.ssm.mapper.ShiroUserMapper;
import com.dj.ssm.model.ShiroUser;
import com.dj.ssm.service.ShiroUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.Set;
@Service("shiroUserService")
public class ShiroUserServiceImpl implements ShiroUserService {
@Autowired