下面展示一些 内联代码片
。
package com.threegroup.video.config;
import com.threegroup.video.domain.User;
import com.threegroup.video.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
//自定义的realm
public class UserRealm extends AuthorizingRealm {
@Autowired
UserService userService;
@Override//授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("认证");
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
//授权字段,拿到当前登录的这个对象
Subject subject= SecurityUtils.getSubject();
User principal=(User) subject.getPrincipal();
//设置权限字段,获取数据库字段信息
simpleAuthorizationInfo.addStringPermission(principal.getVip());
//一定要返回
return simpleAuthorizationInfo;
}
@Override//认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("授权");
UsernamePasswordToken userToken=(UsernamePasswordToken) authenticationToken;
User user= userService.findUserByAccount(userToken.getUsername());
if(user==null){
return null;//自动报异常
}
ByteSource salt = ByteSource.Util.bytes(user.getAccount());
//MD5加密,但是可以破解所以用盐值,密码+用户
//密码认证shiro做
//三个参数:用户的资源为了使上面的授权拿到数据库的信息,用户的密码
return new SimpleAuthenticationInfo(user,user.getPassword(),salt,this.getName());
}
}
package com.threegroup.video.config;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
// ShiroFilterFactoryBean 过滤
// DefaultWebSecurityManager
// 创建Realm对象
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
//设置安全管理器
bean.setSecurityManager(defaultWebSecurityManager);
//添加shiro的内置过滤器
/**
* anon:无需认证就能访问
* authc:必须认证了才能访问
* user:必须拥有记住我才能访问
* perms:必须拥有某个资源的权限才能访问
* role:拥有某个角色的权限才能访问
*
*/
//设置一个过滤器的链
Map<String, String> filterChainDefinitionMap=new LinkedHashMap<>();
filterChainDefinitionMap.put("/user/addUser","anon");
filterChainDefinitionMap.put("/user/findAll","perms[2]");
bean.setLoginUrl("/user/toLogin");
bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return bean;
}
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
//关联realm
securityManager.setRealm(userRealm);
return securityManager;
}
@Bean
public UserRealm userRealm(){
UserRealm realm = new UserRealm();
// 创建一个密码验证算法捕获器
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
// 设置密码验证为MD5加密验证
hashedCredentialsMatcher.setHashAlgorithmName("MD5");
// 加密次数为 1024次
hashedCredentialsMatcher.setHashIterations(1024);
// 配置加密验证控制器
realm.setCredentialsMatcher(hashedCredentialsMatcher);
return realm;
}
}
下面展示一些 内联代码片
。
@ApiOperation(value = "登录",notes = "账号密码")
@ApiImplicitParams(
{
@ApiImplicitParam(name = "account",value = "账户"),
@ApiImplicitParam(name = "password",value = "密码")
}
)
@PostMapping("/toLogin")
@ResponseBody
public ResponseResult toLogin(String account, String password){
//获取当前用户
Subject subject= SecurityUtils.getSubject();
//封装用户登录数据
UsernamePasswordToken token=new UsernamePasswordToken(account,password);
//可以设置记住我
//token.setRememberMe(true);
try{
subject.login(token);//执行登陆的方法,没有异常就ok
return ResponseResult.success("登录成功",token);
}catch (UnknownAccountException e){
return ResponseResult.error("用户名或密码错误"); //用户名错误
}catch (IncorrectCredentialsException e){
return ResponseResult.error("用户名或密码错误"); //密码错误
}
}
@ApiOperation(value = "退出登录")
@PostMapping("/logout")
@ResponseBody
public ResponseResult logout(){
//获取当前用户
Subject subject = SecurityUtils.getSubject();
//判断用户是否登录
if (subject.isAuthenticated()) {
subject.logout();
return ResponseResult.success("用户退出登录成功");
}else {
return ResponseResult.error("用户未登录");
}
}
// An highlighted block
var foo = 'bar';