springboot整合shiro基础版本
一、项目依赖
<!--shiro的相关依赖-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.5.3</version>
</dependency>
<!--jsp相关依赖-->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
二、application.properties配置文件的编写
#端口号
server.port=8888
#项目的访问路径
server.servlet.context-path=/shiro
#application的名称
spring.application.name=shiro
#视图解析器
spring.mvc.view.prefix=/
spring.mvc.view.suffix=.jsp
三、准备一个index.jsp和一个login.jsp页面
将这两个jsp放在mian下创建的wepapp目录下,因为idea访问jsp页面会报404找不到xxx.jsp的错误,这里需要去idea中按照下面的图片设置才能访问到,idea版本不同可能working directory的内容不一样,你只要选择带有module的那个就行
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>用户登录</h1>
<form action="${pageContext.request.contextPath}/user/login" method="post">
用户名:<input name="username" type="text"><br/>
密码:<input name="password" type="password"><br/>
<input type="submit" value="登录">
</form>
</body>
</html>
index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>系统主页</h1>
<a href="${pageContext.request.contextPath}/user/logout">退出用户</a>
<ul>
<li>用户管理</li>
<li>资源管理</li>
<li>商品订单</li>
</ul>
</body>
</html>
下面进入正题
四、创建shiro的配置类
这个配置类第一是用于拦截授权请求,第二是创建安全管理工具(SecurityManager),第三是获取Realm对象
package com.lcj.config;
import com.lcj.realm.CustomRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
/**
* @program: spring_shiro
* @description:
* @author: liu.chuanjiang
* @create: 2022-01-05 22:11
*/
@Configuration
public class ShiroConfig {
//1、创建shiroFilter
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//配置系统的受限资源
//配置系统的公共资源
Map<String, String> map = new HashMap<>();
map.put("/user/login","anon");//设置为授权资源
map.put("/**", "authc");//authc 请求这个资源需要认证和授权
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
//默认认证界面路径
shiroFilterFactoryBean.setLoginUrl("/login.jsp");
return shiroFilterFactoryBean;
}
//2、创建安全管理器
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getRealm") Realm realm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
//3、创建自定义的realm
@Bean
public Realm getRealm() {
CustomRealm customRealm = new CustomRealm();
return customRealm;
}
}
五、创建一个自定义的realm
package com.lcj.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* @program: spring_shiro
* @description:
* @author: liu.chuanjiang
* @create: 2022-01-05 22:20
*/
public class CustomRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("=======================");
String principal = token.getPrincipal().toString();
if ("xiaochen".equals(principal)) {
return new SimpleAuthenticationInfo(principal,"123",this.getName());
}
return null;
}
}
六创建controller类
此类用于测试shiro
package com.lcj.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @program: spring_shiro
* @description:
* @author: liu.chuanjiang
* @create: 2022-01-05 22:42
*/
@Controller
@RequestMapping("user")
public class UserController {
@RequestMapping("logout")
public String logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "redirect:/login.jsp";
}
/**
* 用于处理身份认证
*
* @param username
* @param password
* @return
*/
@RequestMapping("login")
public String login(String username, String password) {
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(username, password));
return "redirect:/index.jsp";
} catch (UnknownAccountException e) {
e.printStackTrace();
System.out.println("用户名错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
System.out.println("密码错误");
}
return "redirect:/login.jsp";
}
}