新建两个html文件:
add.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>添加</title>
</head>
<body>
用户添加成功
</body>
</html>
update.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>更新</title>
</head>
<body>
用户更新
</body>
</html>
新建登录页面login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
登录成功
</body>
</html>
在controller中添加
@RequestMapping("add")
public String add(){
return "add";
}
@RequestMapping("update")
public String update(){
return "update";
}
在test.html中设置两个超链接,对应add.html和update.html.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
成功访问!
<a href="add">用户添加</a>
<a href="update">用户更新</a>
</body>
</html>
重写启动项目:
点击用户添加:
点击用户更新:
以上都是直接跳转,而我们想实现的是不论添加或者更新,都需要经过认证。在这个程序中,操作后需要跳转到login.html.
一:添加shiro依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
二:建立Realm类(作用为shiro和数据库之间的一个中间层,帮助我们处理登录,权限等功能,但这些信息是shiro未知的,所以需要请求Realm,由其提供)
public class UserRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//认证逻辑
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//授权逻辑
return null;
}
}
三:建立配置类
package com.springboot.springboot_shiro.shiro;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
//添加shiro内置过滤器
Map<String, String> filterMap=new LinkedHashMap<>();
filterMap.put("/add","authc");//设置权限,authc为必须认真才能访问
filterMap.put("/update","authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
shiroFilterFactoryBean.setLoginUrl("/login");//设置登录页面
return shiroFilterFactoryBean;
}
@Bean(name = "securityManager")
public DefaultSecurityManager getSecurityManager(@Qualifier("realm") UserRealm realm){
DefaultWebSecurityManager securityManager= new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
@Bean(name = "realm")
public UserRealm getUserRealm(){
return new UserRealm();
}
}
至此一个简单的shiro认证程序完成了。此时通过test.html访问add.html和update.html,都需要通过login.html