自定义一个角色类,验证授权用户
package com.zhao.springbootshiro.config;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String username="root";
String password="123456";
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
if(!token.getUsername().equals(username)){
return null;
}
return new SimpleAuthenticationInfo("",password,"");
}
}
写个配置类,设置安全管理的三项,交给spring管理
package com.zhao.springbootshiro.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class shiroConfig {
@Bean
public UserRealm getUserRealm(){
return new UserRealm();
}
@Bean
public DefaultWebSecurityManager getSecurityManager(@Qualifier("getUserRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("getSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
Map<String, String> map = new LinkedHashMap<>();
/*
anon:无需访问就可访问
authc:需要登录才可访问
user:需要点击记住我才可以访问
perms[权限名]:要有某些资源才可以访问
*/
map.put("/toAddUser","authc");//前面是请求路径,后面是进入条件
map.put("/toUpdateUser","authc");
bean.setFilterChainDefinitionMap(map) ;
bean.setLoginUrl("/toLogin");
return bean;
}
}
Controller:
@RequestMapping("/login")
public String login(Model model,String userName,String Password){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName,Password);
try {
subject.login(token);
}catch (UnknownAccountException e){
model.addAttribute("msg","用户名不存在");
return "login";
}catch (IncorrectCredentialsException e){
model.addAttribute("msg","密码错误");
return "login";
}
return "index";
}