2021-10-31自己上课看

下面展示一些 内联代码片。

package com.threegroup.video.config;

import com.threegroup.video.domain.User;
import com.threegroup.video.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

//自定义的realm
public class UserRealm extends AuthorizingRealm {
    @Autowired
    UserService userService;


    @Override//授权
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            System.out.println("认证");
        SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
        //授权字段,拿到当前登录的这个对象
        Subject subject= SecurityUtils.getSubject();
        User principal=(User) subject.getPrincipal();
       //设置权限字段,获取数据库字段信息
        simpleAuthorizationInfo.addStringPermission(principal.getVip());
        //一定要返回
        return simpleAuthorizationInfo;
    }

    @Override//认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("授权");


        UsernamePasswordToken userToken=(UsernamePasswordToken) authenticationToken;
        User user=  userService.findUserByAccount(userToken.getUsername());
        if(user==null){
            return null;//自动报异常
        }
        ByteSource salt = ByteSource.Util.bytes(user.getAccount());
        //MD5加密,但是可以破解所以用盐值,密码+用户
        //密码认证shiro做
        //三个参数:用户的资源为了使上面的授权拿到数据库的信息,用户的密码
        return new SimpleAuthenticationInfo(user,user.getPassword(),salt,this.getName());
    }
}

package com.threegroup.video.config;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    //    ShiroFilterFactoryBean  过滤
    //    DefaultWebSecurityManager
    //    创建Realm对象
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);

        //添加shiro的内置过滤器
        /**
         * anon:无需认证就能访问
         * authc:必须认证了才能访问
         * user:必须拥有记住我才能访问
         * perms:必须拥有某个资源的权限才能访问
         * role:拥有某个角色的权限才能访问
         *
         */
        //设置一个过滤器的链
       Map<String, String> filterChainDefinitionMap=new LinkedHashMap<>();

       filterChainDefinitionMap.put("/user/addUser","anon");
       filterChainDefinitionMap.put("/user/findAll","perms[2]");

       bean.setLoginUrl("/user/toLogin");
        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return  bean;

    }

    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
    //关联realm
        securityManager.setRealm(userRealm);
        return  securityManager;
    }



    @Bean
    public UserRealm userRealm(){
        UserRealm realm = new UserRealm();

        // 创建一个密码验证算法捕获器
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        // 设置密码验证为MD5加密验证
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");
        // 加密次数为 1024次
        hashedCredentialsMatcher.setHashIterations(1024);
        // 配置加密验证控制器
        realm.setCredentialsMatcher(hashedCredentialsMatcher);



        return realm;
    }

}

下面展示一些 内联代码片。

    @ApiOperation(value = "登录",notes = "账号密码")
    @ApiImplicitParams(
            {
                    @ApiImplicitParam(name = "account",value = "账户"),
                    @ApiImplicitParam(name = "password",value = "密码")
            }
    )
    @PostMapping("/toLogin")
    @ResponseBody
    public ResponseResult toLogin(String account, String password){
        //获取当前用户
        Subject subject= SecurityUtils.getSubject();
        //封装用户登录数据
        UsernamePasswordToken token=new UsernamePasswordToken(account,password);
        //可以设置记住我
        //token.setRememberMe(true);

        try{
            subject.login(token);//执行登陆的方法,没有异常就ok

            return ResponseResult.success("登录成功",token);
        }catch (UnknownAccountException e){
            return   ResponseResult.error("用户名或密码错误");   //用户名错误
        }catch (IncorrectCredentialsException e){
            return  ResponseResult.error("用户名或密码错误");     //密码错误
        }


    }


    @ApiOperation(value = "退出登录")
    @PostMapping("/logout")
    @ResponseBody
    public ResponseResult logout(){
        //获取当前用户
        Subject subject = SecurityUtils.getSubject();
        //判断用户是否登录
        if (subject.isAuthenticated()) {
            subject.logout();
            return ResponseResult.success("用户退出登录成功");

        }else {
            return ResponseResult.error("用户未登录");
        }


    }

// An highlighted block
var foo = 'bar';