SpringBoot配置Shiro

最新推荐文章于 2024-03-26 20:53:15 发布
最新推荐文章于 2024-03-26 20:53:15 发布
阅读量1.3k 收藏 2
点赞数 4
分类专栏: java 文章标签: spring boot shiro
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_49605969/article/details/109032902
版权

SpringBoot配置shiro
1先导入jar包

<!--shiro-->
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.4.0</version>
</dependency>
<dependency>
    <groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
    <version>1.16.20</version>
    <scope>provided</scope>
</dependency>
<!--  html页面中加shiro标签所需依赖 -->
<dependency>
    <groupId>com.github.theborakompanioni</groupId>
    <artifactId>thymeleaf-extras-shiro</artifactId>
    <version>2.0.0</version>
</dependency>

2.写Controller,controller在调用shiro授权和认证

@RequestMapping("/checkLogin")
public String checkLogin(Users users) {
    System.out.println("进入Controller");
    //添加用户认证信息
    Subject subject= SecurityUtils.getSubject();
    UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken(users.getuName(),users.getuPwd());
    try{
        //进行验证,这里可以捕获异常,然后返回对应的信息
        subject.login(usernamePasswordToken);
    }catch(AuthorizationException e){
        e.printStackTrace();
        System.out.println("身份认证失败");
        return "login";
    }catch(AuthenticationException e){
        e.printStackTrace();
        return "login";
    }
    System.out.println("认证成功");
    return "index";
}

3.在config里面添加ShiroConfig以及ShiroProperties配置文件
在这里插入图片描述

package hospital.hospitalsystem.config;


import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.wu.hospitalsystem.realm.CustomRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    //从容器中拿去url配置规则
    @Autowired
    private ShiroProperties shiroProperties;

    @Bean
    @ConditionalOnMissingBean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
        defaultAAP.setProxyTargetClass(true);
        return defaultAAP;
    }
    
    //页面添加shiro标签以后,通过这个方法找到授权的方法
    @Bean
    public ShiroDialect shiroDialect() {
        return new ShiroDialect();
    }
    
    //将自己的验证方式加入容器
    @Bean
    public CustomRealm myShiroRealm() {
        CustomRealm customRealm = new CustomRealm();
        return customRealm;
    }

    //权限管理,配置主要是Realm的管理认证
    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myShiroRealm());
        return securityManager;
    }


    //Filter工厂,设置对应的过滤条件和跳转条件

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //以下注释部分,还可以将配置定义到yaml中
        Map<String, String> map = new HashMap<>();

        //表示可以匿名访问
        map.put("/login","anon"); //详细规则请见本目录下URL匹配规则.md文件
        //表示可以匿名访问
        map.put("/checkLogin","anon"); //详细规则请见本目录下URL匹配规则.md文件
        //登出
        map.put("/logout", "logout");
        //对所有用户认证
        map.put("/**", "authc");//authc表示需要认证才可以访问,anon表示可以匿名访问


        //登录
        shiroFilterFactoryBean.setLoginUrl("/login");
        //首页
        shiroFilterFactoryBean.setSuccessUrl("/index");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);


        return shiroFilterFactoryBean;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}

4.配置ShiroProperties

package hospital.hospitalsystem.config;

import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import java.util.Map;

/**
 * @author: create by wangmh
 * @projectName: Shiro_example   从yaml文件中获取url匹配规则
 * @packageName: com.shiro.configuration
 * @description:
 * @date: 2019/10/9
 **/
@Data
@Component
@ConfigurationProperties(prefix = "shiro")
public class ShiroProperties {
    private Map<String,String> filterChainDefinitionMap;

    public Map<String, String> getFilterChainDefinitionMap() {
        return filterChainDefinitionMap;
    }

    public void setFilterChainDefinitionMap(Map<String, String> filterChainDefinitionMap) {
        this.filterChainDefinitionMap = filterChainDefinitionMap;
    }
}

5.创建realm包 在创建CustomRealm继承AuthorizingRealm
在这里插入图片描述

package com.wu.hospitalsystem.realm;

import com.wu.hospitalsystem.Service.UserRoleService;
import com.wu.hospitalsystem.Service.UserService;
import com.wu.hospitalsystem.pojo.Users;
import com.wu.hospitalsystem.pojo.UsersRole;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

public class CustomRealm extends AuthorizingRealm {

    @Autowired
    UserService userService;

    @Autowired
    UserRoleService userRoleService;
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("开始授权");
        //获取登录用户名
        String name=(String) principalCollection.getPrimaryPrincipal();
        Set<String> roles=new HashSet<>();
        //根据用户名去数据库查询用户信息
        UsersRole usersRole=userRoleService.getUserRolebyName(name);
        //添加角色和权限
        System.out.println(usersRole.getRole().getrName());
        roles.add(usersRole.getRole().getrName());
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(roles);
        return info;
    }
    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("开始认证");
        //加这一步的目的是在post请求的时候会先进认证,然后在到请求
        if (authenticationToken.getPrincipal() == null) {
            return null;
        }
        //获取用户信息
        String name = authenticationToken.getPrincipal().toString();
        List<Users> list = userService.getUserbyName(name);
        if (list.size() == 0) {
            //这里返回会报出异常
            System.out.println("认证失败,暂无次用户");
            return null;
        } else {
            SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, list.get(0).getuPwd(), getName());
            return simpleAuthenticationInfo;
        }
    }
}

6.认证会通过用户名调用数据库,和以前的一样,通过用户名查询数据库
直接写serviceImpl调用数据库方法

//根据用户名查询
@Override
public List<Users> getUserbyName(String name) {
    Example example=new Example(Users.class);
    Example.Criteria criteria = example.createCriteria();
    criteria.andEqualTo("uName",name);
    List<Users> list= userMapper.selectByExample(example);
    return list;
}

7.授权的话,需要连表查询,使用的是通用mapper,所有需要自己写sql
service接口类

public interface UserRoleService {
    UsersRole getUserRolebyName(String name);
}

service实现类

@Override
public UsersRole getUserRolebyName(String name) {
    Users user=new Users();
    user.setuName(name);
    return userRoleMapper.getUserRoleByName(user);
}

dao层

public interface UserRoleMapper  {
    UsersRole getUserRoleByName(Users user);
}

8.下面开始写自定义sql
在这里插入图片描述
mybatis-config,xml中添加内容,扫描xml映射文件

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
        PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
    <mappers>
        <mapper resource="mybatis/mapper/UsersRoleMapper.xml"/>
    </mappers>
</configuration>

UsersRoleMapper.xml中写自定义sql

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.wu.hospitalsystem.mapper.UserRoleMapper">

    <resultMap id="usersRoleMapper" type="com.wu.hospitalsystem.pojo.UsersRole">
        <id column="ur_id" property="urId"/>
        <result column="u_id" property="uId"/>
        <result column="r_id" property="rId"/>
        <association property="users"  javaType="com.wu.hospitalsystem.pojo.Users">
            <id column="u_id" property="uId"/>
            <result column="u_name" property="uName"/>
            <result column="u_pwd" property="uPwd"/>
        </association>
        <association property="role" javaType="com.wu.hospitalsystem.pojo.Role">
            <id column="r_id" property="rId"/>
            <result column="r_name" property="rName"/>
        </association>
    </resultMap>

    <select id="getUserRoleByName" resultMap="usersRoleMapper" resultType="com.wu.hospitalsystem.pojo.Users">
   select u.u_name ,u.u_pwd,r.r_name from users_role ur
    LEFT JOIN users u ON ur.u_id=u.u_id
    LEFT JOIN role r on ur.r_id=r.r_id
    where u.u_name=#{uName}
     </select>

</mapper>

9.下面在写页面调用shiro标签


<!DOCTYPE HTML>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
      xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
<head>
    <title>xx市第二人民医院信息管理系统</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link href="assets/css/dpl-min.css" rel="stylesheet" type="text/css" />
    <link href="assets/css/bui-min.css" rel="stylesheet" type="text/css" />
    <link href="assets/css/main-min.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript" src="assets/js/jquery-1.6.js"></script>
    <script type="text/javascript" src="assets/js/bui.js"></script>
    <script type="text/javascript" src="assets/js/common/main-min.js"></script>
    <script type="text/javascript" src="assets/js/config-min.js"></script>
    <script>
        var isadmin=false;
        var ismanager=false;
    </script>
</head>
<body>

<shiro:hasRole name="admin">
    <script>
        isadmin=true;
        ismanager=false;
    </script>
</shiro:hasRole>
<shiro:hasRole name="manager">
    <script>
        isadmin=false;
        ismanager=true;
    </script>
</shiro:hasRole>

<div class="header">
    <div class="dl-title">
        <!--<img src="/chinapost/Public/assets/img/top.png">-->
    </div>


    <div class="dl-log">欢迎您,<span class="dl-log-user" th:text="${session.uName}"></span>
	
	<a href="logout" title="退出系统" class="dl-log-quit">[退出]</a>
    </div>
</div>
<div class="content">
    <div class="dl-main-nav">
        <div class="dl-inform">
            <div class="dl-inform-title">
                <s class="dl-inform-icon dl-up">
                </s>
            </div>
        </div>
        <ul id="J_Nav"  class="nav-list ks-clear">
            <li class="nav-item dl-selected">
                <div class="nav-item-inner nav-home">医院管理系统</div>
            </li>
		</ul>
    </div>
    <ul id="J_NavContent" class="dl-tab-conten">


    </ul>
</div>
<script>
    BUI.use('common/main',function(){
        var config = [
			{id:'1',menu:[		
		{text:'快速通道',items:[
		{id:'2',text:'挂号信息管理',href:'registration/index.html'},
		{id:'3',text:'门诊医生管理',href:'doctor/index.html'},
		{id:'4',text:'药品管理',href:'medicine/index.html'},
		{id:'5',text:'住院办理',href:'hospital/index.html'},
		{id:'6',text:'收费项目登记',href:'hospital/charge.html'},
		{id:'7',text:'在院发药',href:'hospital/dispensing.html'},
		{id:'8',text:'住院结算',href:'hospital/account.html'},
		{id:'11',text:'用户管理',href:'User/index.html'},
		{id:'12',text:'角色管理',href:'Role/index.html'},
		{id:'13',text:'资源管理',href:'Resource/index.html'},
		{id:'14',text:'密码设置	',href:'Resource/index.html'}
		]}
		]}
		];
        if (ismanager){
            config[0].menu[0].items.splice(7,3);
        }
        new PageUtil.MainPage({
            modulesConfig : config
        });
    });
</script>                                                                                   
</body>
</html>
Strive阿林
关注
  • 4
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
shiro学习笔记四:shiro拦截器与url匹配规则
chunlulin2540的博客
08-17 1903
综合实例:基于shiro的按钮级别的权限管理系统 一、使用场景举例 注:shiro过滤器与url匹配规则一般使用在定义的shiroFilter中,用于对指定的资源进行过滤 二、URL匹配规则 (1)“?”:匹配一个字符,如”/admin?”,将匹配“ /admin...
springboot-shiro
10-18
接下来,我们可以在SpringBoot启动类中配置Shiro Filter,设置过滤器链,以实现URL级别的权限控制。Shiro Filter支持多种过滤器,如 anon(匿名访问)、authc(身份验证)、roles(角色权限)和perms(权限许可)等...
springboot整合shiro 配置详解及原理分析
fl8545的博客
03-23 1739
springboot整合shiro+jwt实现前后端分离认证授权前言问题ShiroFilter什么是ShiroFilterSecurityManager什么是SecurityManager?ShiroConfig写在前面的话:ShiroConfig类:CustomRealm类:shiroConfig原理 前言 最近搞了下shiro安全框架,网上找了好多篇博客,感觉要么都是复制粘贴,要么就是错误百出。至于稍微讲解一下为什么要这么做,就更别说了。这篇文章就教大家如何将 Shiro 整合到 SpringBoot
ShiroSpringboot集成Shiro
专注于Java领域开发 关注我 带你玩转Java
06-22 1633
Springboot集成Shiro
spring-boot集成shiro步骤
kka1299的博客
09-15 219
shiro使用
springBoot整合Shiro(详细教程分析)
ggjklncffd的博客
04-18 2831
🚩1.1 什么是ShiroShiro是一个开源的Java安全框架,它提供了身份认证、授权、加密和会话管理等功能,可以帮助我们快速地构建安全可靠的应用程序。🚩1.2 为什么要用Shiro在开发Web应用程序时,安全性是一个非常重要的问题。使用Shiro可以帮助我们快速地构建安全可靠的应用程序,而且Shiro的使用非常灵活,可以根据我们的需求进行定制。
springboot+shiro.zip
05-08
此外,我们还需要配置ShiroFilter,设置过滤器链,以便在请求到达控制器之前执行Shiro的安全检查。 具体步骤可能如下: 1. 添加ShiroSpringBoot的依赖到项目中。 2. 创建Shiro配置类,设置SecurityManager,配置...
SpringBoot整合Shiro+JWT
05-15
2. **配置Shiro**:创建一个`ShiroConfig`类,配置Realm(领域),用于连接应用程序的用户数据源,通常是从数据库中获取。 Realm应包含身份验证和授权逻辑。 3. **创建过滤器链**:定义Shiro过滤器链,例如`authc`...
springboot+shiro+redis整合
03-12
在IT行业中,SpringBootShiro和Redis是三个非常重要的技术组件,它们分别在不同的领域发挥着关键作用。本文将详细讲解如何将这三个组件整合在一起,实现一个高效、安全的Web应用。 首先,SpringBootSpring框架...
springboot整合shiro
03-30
此外,我们还需要配置Shiro的Session管理,可以使用Spring Session来集成Shiro的会话管理,以便跨多个节点共享会话数据。 至于`ztree`,它是一个用于构建前端树形结构的JavaScript库,常用于展示权限节点。在权限...
springboot2.0整合Shiro
04-20
springboot2.0整合Shiro 。权限配置,user/permission/role
springboot 配置 shiro
weidong_y的博客
10-18 1960
目录 一、引入 shiro 的包 二、自定义 realm  三、shiro 配置 四、写一个 controller 测试 五、无权限的时候直接报错的错误方式 前提: 先准备一个 springboot+mybatis 的环境:https://blog.csdn.net/weidong_y/article/details/81709391 一、引入 shiro 的包 &lt;!--...
Springboot整合shiro(及yaml配置形式)
web13985085406的博客
04-26 959
1.shiro是什么 Shiro是Apache下的一个开源项目。shiro属于轻量级框架,相对于SpringSecurity简单的多,也没有SpringSecurity那么复杂。以下是我自己学习之后的记录。 官方架构图如下: 2.主要功能 shiro主要有三大功能模块: 1. Subject:主体,一般指用户。 2. SecurityManager:安全管理器,管理所有Subject,可以配合内部安全组件。(类似于SpringMVC中的DispatcherServlet) 3. Realms:用于进行权限
springboot shiro配置验证码登录 thyemeleaf
qq_29009973的博客
08-07 2230
1.pom.xml &lt;dependency&gt; &lt;groupId&gt;com.github.penggle&lt;/groupId&gt; &lt;artifactId&gt;kaptcha&lt;/artifactId&gt; &lt;version&gt;2.3.2&lt;/version&gt; &lt;/dependency&g
一.springbootshiro整合(示例)
热门推荐
u014203449的博客
02-16 4万+
地址: 演示地址:http://47.98.153.30:8080 账号:melo 密码:12345678 github地址:点击打开链接https://github.com/MeloFocus/focus 前端水平有限见谅 第一个整合目标: (1)用springboot整合shiro (2)完成简单的登录功能 (3)对url进行权限控制,当前登录用户拥有此ur...
Spring Boot整合Shiro详细配置
最新发布
毛豆的博客
03-26 275
创建你自己的Realm,用于用户的身份验证和授权。@Override// 授权逻辑@Override// 认证逻辑。
springBoot整合shiro访问不到静态资源踩坑分享
zmm0420的专栏
08-12 3199
一、先看问题 整合shiro后,访问不到js文件 访问路径:http://localhost:8081/static/js/jquery.min.js 查了好久都没查到问题原因,最终还是解决了 二、解决办法 简单: 修改路径去掉static,即http://localhost:8081/js/jquery.min.js 三、原因分析 springboot默认会将static目录...
SpringBoot整合Shiro配置详解
chujia1956的博客
12-27 1340
一.shiro基本介绍 1、Shiro是Apache下的一个开源项目,我们称之为Apache Shiro。它是一个很易用与Java项目的的安全框架,提供了认证、授权、加密、会话管理,与spring Security 一样都是做一个权限的安全框架,但是与Spring Security 相比,...
springboot配置shiro
09-06
5. 在application.properties或application.yml文件中配置Shiro的相关属性。您可以设置身份验证的URL、登录URL、注销URL等。例如,在application.yml文件中添加以下配置: ```yaml shiro: loginUrl: /login ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值