shiro简介:https://blog.csdn.net/weixin_44635198/article/details/107701061
一、创建 maven项目
![](https://img-blog.csdnimg.cn/img_convert/46064ad733a4d7cd28a1cd3f375aaee6.png)
二、在pom.xml文件中导入shiro核心包、 druid连接池、(log4j以及 junit)
<!--shiro核心包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.5.3</version>
</dependency>
<!-- druid连接池 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.22</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
三、创建初始化内容,导入mybatisConfig,创建mapper文件夹,创建实体类
mybatis-config文件
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<settings>
<setting name="logImpl" value="STDOUT_LOGGING"/>
<setting name="mapUnderscoreToCamelCase" value="true"/>
</settings>
<typeAliases>
<package name="com.dfrz.pojo"/>
</typeAliases>
</configuration>
需要创建的包和类
![](https://img-blog.csdnimg.cn/img_convert/620fe94e9cfeb61178cfb9caf039698f.png)
四、创建CustomRealm(方法暂时不写)
![](https://img-blog.csdnimg.cn/img_convert/dc218d2ab6e9c7dad69907e151703f61.png)
五、创建ShiroConfig类
![](https://img-blog.csdnimg.cn/img_convert/7ef13c9f4994b9d4025505cdd91dee31.png)
@Configuration
public class ShiroConfig {
//1.创建realm
//将自己的验证方式加入容器
@Bean
public CustomRealm myShiroRealm() {
CustomRealm customRealm = new CustomRealm();
return customRealm;
}
//2.创建SecurityManager
//权限管理,配置主要是Realm的管理认证--管理我的realm
@Bean
public DefaultSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
// 3.Filter工厂,过滤器
// 设置shiro对应的过滤条件和跳转条件--set securityManager
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
return shiroFilterFactoryBean;
}
}
五、创建htm文件
hello.html和login.html
![](https://img-blog.csdnimg.cn/img_convert/a06d886ccb07e2b6bf79563cc0c86470.png)
其他html
![](https://img-blog.csdnimg.cn/img_convert/be476d6caf9037bff3b3184a474f402b.png)
六、编写controller类
![](https://img-blog.csdnimg.cn/img_convert/1e95ee73eb6411bc6b12e3f84af6e1b3.png)
七、在SiroConfig中添加过滤
* shiro内置过滤器
* anon:匿名用户可访问
* authc:认证用户可访问
* user:使用rememberMe可访问
* perms:对应权限可访问
* role:对应角色权限可访问
![](https://img-blog.csdnimg.cn/img_convert/7081757909324d98eb6adb780cdd7b46.png)
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String,String> filterMap = new HashMap<>();
filterMap.put("/user/add","authc");
filterMap.put("/user/update","authc");
filterMap.put("/user/delete","authc");
//如果不是认证用户,跳转去登录
shiroFilterFactoryBean.setLoginUrl("/toLogin");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
八、在helloController的登录方法中添加 用户认证
![](https://img-blog.csdnimg.cn/img_convert/3e1c9915b585abfe65bfcbeb30afbaa9.png)
//登录后到主页
@RequestMapping("/login")
public String login(String userName,String userPass,Model model) {
System.out.println(userName+" "+userPass);
//添加用户认证信息
Subject subject = SecurityUtils.getSubject();
//令牌加密
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(
userName, userPass);
try {
//登录 触发doGetAuthenticationInfo回调 -->传值到 AuthenticationToken authenticationToken
subject.login(usernamePasswordToken);
} catch (UnknownAccountException uae) {
model.addAttribute("msg","账户不存在");
return "login";
} catch (IncorrectCredentialsException ice) {
model.addAttribute("msg","密码错误");
return "login";
} catch (LockedAccountException lae) {
model.addAttribute("msg","账户被锁定");
return "login";
}
return "hello";
}
九、在CustomRealm编写认证方法
没有连接数据库的情况(单机模式)
![](https://img-blog.csdnimg.cn/img_convert/015068d53a4a9662a007602bb0a72880.png)
String userName = "11";
String userPwd = "11";
UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
//如果user对象不存在 说明无此用户
if(!userToken.getUsername().equals(userName)){
//如果用户名校验不通过 自动抛出UnknownAccountException 异常
return null;
}
//密码的判断不需要我们自己写 由shiro完成
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo("",userPwd,"");
return simpleAuthenticationInfo;
十、连接数据库进行权限认证
①编写userMapper
![](https://img-blog.csdnimg.cn/img_convert/66f6fc6361dfa15c66de9751beebfac6.png)
<mapper namespace="com.dfrz.mapper.UserMapper">
<sql id="Base_Column_List">
user_id,user_name,user_pwd,user_perms
</sql>
<select id="getUserByName" resultType="user">
select
<include refid="Base_Column_List"></include>
from `tbl_user_shiro`
where `user_name`=#{userName}
</select>
</mapper>
②编写userService
![](https://img-blog.csdnimg.cn/img_convert/6cd7e20467fd44a751245925bd180c92.png)
③修改CustomRealm的认证方法(相比较单机的认证方法)
![](https://img-blog.csdnimg.cn/img_convert/ec6d2d7010f008b16f83e47503638094.png)
十一、shiro授权
①CustomRealm的认证方法修改
![](https://img-blog.csdnimg.cn/img_convert/5ad3744c555a2e4346632fb6674f7bf9.png)
②CustomRealm的授权方法编写
![](https://img-blog.csdnimg.cn/img_convert/96a91bcfe58e1bdde161f4eb344785ea.png)
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("授权");
//获取登录用户名 通过SimpleAuthenticationInfo(参数A,xx,yy)参数A获取
String userName = (String) principalCollection.getPrimaryPrincipal();
//查询的用户 包含了角色和权限
User user = userService.queryUserByName(userName);
// 把角色和权限添加至shiro框架中
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//如果设置了角色,把角色添加至Shiro中
//simpleAuthorizationInfo.addRole(user.getRole());
//获取登录用户的权限,有可能是多个 user:add,user:update
String userPerms = user.getUserPerms();
//有多个权限的时候 进行字符串分割 数据库中用的是“,”进行分割
String[] permList = userPerms.split(",");
//把权限添加至Shiro中 .addStringPermission(xx);
for(String permission:permList){
simpleAuthorizationInfo.addStringPermission(permission);
}
return simpleAuthorizationInfo;
}
③ShiroConfig的shiroFilterFactoryBean方法修改
![](https://img-blog.csdnimg.cn/img_convert/938f25b6379018639404936fe94ffdfc.png)
“/unAuth”提示界面内容
![](https://img-blog.csdnimg.cn/img_convert/8ec6610066221bc43f68f2e4c7f1a1c2.png)
十二、界面屏蔽区
①在pom.xml中导包
<!-- 隐藏无权访问的界面 -->
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
②在ShiroConfig中添加getShiroDialect()方法
![](https://img-blog.csdnimg.cn/img_convert/ecda975643a67c5ff1d369bf0a866e3f.png)
/*
* 配置ShiroDialect,用于Thymeleaf和Shiro标签配合使用
*/
@Bean
public ShiroDialect getShiroDialect() {
return new ShiroDialect();
}
③修改my.html 注意:需要加入Shiro
![](https://img-blog.csdnimg.cn/img_convert/87e9a570cd6a39b5559aa6dc7f91a76f.png)