2、shiro需要引用的jar包
@Configuration
public class ShiroConfig {
/**
* 配置加密方式
* @return
*/
@Bean
//用来声明bean 相当于在spring配置文件中配置<bean>标签
HashedCredentialsMatcher credentialsMatcher(){
HashedCredentialsMatcher matcher =
new HashedCredentialsMatcher();
//设置属性值
//设置加密算法
matcher.setHashAlgorithmName("MD5");
//设置加密次数
matcher.setHashIterations(1024);
return matcher;
}
//配置Realm
@Bean
MyRealm myRealm(){
MyRealm myRealm = new MyRealm();
//设置加密方式
myRealm.setCredentialsMatcher(credentialsMatcher());
return myRealm;
}
//配置安全管理器
@Bean
DefaultWebSecurityManager securityManager(){
DefaultWebSecurityManager securityManager =
new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
// securityManager.setSessionManager(redisSessionManager());
// securityManager.setCacheManager(redisCacheManager());
return securityManager;
}
@Bean
ShiroFilterChainDefinition shiroFilterChainDefinition(){
DefaultShiroFilterChainDefinition filters =
new DefaultShiroFilterChainDefinition();
//设置不需要登录的请求地址
filters.addPathDefinition("/login","anon");
filters.addPathDefinition("/register","anon");
filters.addPathDefinition("/toRegister","anon");
filters.addPathDefinition("/toLogin","anon");
filters.addPathDefinition("/text","anon");
// 静态资源
filters.addPathDefinition("/images/**","anon");
filters.addPathDefinition("/js/**","anon");
filters.addPathDefinition("/css/**","anon");
//退出
filters.addPathDefinition("/logout","logout");
filters.addPathDefinition("/**","authc");
return filters;
}
//配置shiro方言,整合thymeleaf时使用,使其支持shiro标签
@Bean
public ShiroDialect shiroDialect(){
return new ShiroDialect();
}
/**
* shiro 注解在springmvc中生效
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
@Bean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
return defaultAdvisorAutoProxyCreator;
}
3、配置类引用jar包
3、配置类
/**
* 描述:
* 权限认证类,验证权限信息及用户身份信息
* @author bigpeng
* @create 2019-07-16 17:26
*/
public class MyRealm extends AuthorizingRealm{
@Resource
@Lazy// 让shiro先于service加载
private UserRepositoty adminService;
/**
* 权限认证 ,告知shiro当前登录用户拥有的权限及角色信息
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取登录的用户信息
users admin = (users)
principalCollection.getPrimaryPrincipal();
//1 创建权限信息对象
SimpleAuthorizationInfo info =
new SimpleAuthorizationInfo();
//2 设置用户拥有的角色信息
HashSet<String> roles = new HashSet<>();
roles.add("admin");
info.setRoles(roles);
//权限编码集合
Set<String> permissions=new HashSet<>();
permissions.add("admin:list");
permissions.add("admin:update");
info.setStringPermissions(permissions);
// if(admin.getRole()!=null)
// roles.add(admin.getRole().getRolename());
// info.setRoles(roles);
// //3 设置用户权限信息
// Set<String> permissions=new HashSet<>();
// for (OMenu oMenu : admin.getMenuList()) {
// permissions.add(oMenu.getUrl());
// }
// info.setStringPermissions(permissions);
return info;
}
/**
* 身份认证 登陆时判定用户身份信息
* @param authenticationToken 身份令牌
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1.authenticationToken 中保存了用户的登陆信息,
// 即前台登陆页面用户输入的用户名密码
String email = (String) authenticationToken.getPrincipal();
//2.根据用户名查询用户信息
users oAdmin = adminService.selectbyName(email);
//如果用户不存在,返回null 登陆验证不通过
if(oAdmin==null){
return null;
}
//3.如果存在,则返回一个AuthenticationInfo对象,
// shiro会根据返回对象进行身份认证
/**
* 身份认证对象构造
* 参数1:指定需要保存到session中的对象
* 参数2:数据库中存储的密码
* 参数3:盐值 md5加密中使用的盐(一个字符串),该值需要保存到数据库
* 参数4:realm的名称
*/
SimpleAuthenticationInfo info=
new SimpleAuthenticationInfo(oAdmin,
oAdmin.getPassword(),
new SimpleByteSource(
oAdmin.getEmail()+""),
getName());
return info;
}
/**
* 设置realm名称
* @param name
*/
@Override
public void setName(String name) {
super.setName("myRealm");
}
4、用户注册时采用的md5加密方式
5、登录方式时用户获得令牌验证登录