springboot整合shiro

最新推荐文章于 2024-07-12 09:16:51 发布

Kwqin

最新推荐文章于 2024-07-12 09:16:51 发布

阅读量80

点赞数 1

分类专栏： springboot 文章标签： spring spring boot

本文链接：https://blog.csdn.net/weixin_49849351/article/details/120844170

版权

springboot 专栏收录该内容

9 篇文章 0 订阅

订阅专栏

第一步：导入依赖

 <!--Shiro依赖-->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.2</version>
        </dependency>
        <!--Shiro和Thymeleaf集成的扩展以来，为了能在页面上使用xsln:shiro的标签-->
        <dependency>
            <groupId>com.github.theborakompanioni</groupId>
            <artifactId>thymeleaf-extras-shiro</artifactId>
            <version>2.0.0</version>
        </dependency>

2.编写权限控制类(除了第一个bean都是死代码)

package com.kw.drug.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * 权限控制Shiro配置类
 */
@Configuration
public class ShiroFilterConfiguration {
    @Bean
    //ShiroFilerFactoryBean：3
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);
        //添加内置过滤器
        /*
         * anon：无需认证就可以访问
         * authc：必须认证了才能访问
         * user：必须拥有 记住我 功能才能用
         * perms： 拥有对某个资源的权限才能访问
         */
        Map<String, String> filterMap = new LinkedHashMap<>();
        filterMap.put("/static/**", "anon");
        filterMap.put("/login", "anon");
        filterMap.put("/toLogin", "anon");
        filterMap.put("/**", "authc");

        bean.setFilterChainDefinitionMap(filterMap);


        //不登录自动转向的页面
        bean.setLoginUrl("/login");
//登录后自动转向的页面
        bean.setSuccessUrl("/index");
        return bean;
    }





    //DafaultWebSecurityManager:2
    @Bean(name="securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联UserRealm
        securityManager.setRealm(userRealm);
        return securityManager;

    }

    //创建realm对象，需要自定义类:1
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }

    //整合ShiroDialect
    @Bean
    public ShiroDialect getShiroDialect(){
        return  new ShiroDialect();
    }

}

3编写权限认证类

package com.kw.drug.config;


import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.kw.drug.entity.User;
import com.kw.drug.mapper.UserMapper;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * 权限认证
 */
public class UserRealm extends AuthorizingRealm {
    @Autowired
    private UserMapper userMapper;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    /**
     * 登录认证
     *
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String username = token.getUsername();
        User queryUser = new User();
        queryUser.setUsername(username);
        //根据用户名查询用户是否存在
        QueryWrapper<User> wrapper = new QueryWrapper<>();
        wrapper.eq("username", queryUser.getUsername());
        User user = userMapper.selectOne(wrapper);

        if (user == null) {
            return null;
        }
        Subject currentSubject = SecurityUtils.getSubject();
        Session session = currentSubject.getSession();
        session.setAttribute("user",user);


        //密码认证，shiro帮我们做
        return new SimpleAuthenticationInfo(user,user.getPassword(),"");


    }
}

4.编写controller


    /**
    * 判断登录是否成功
    * */

    @PostMapping("/toLogin")
    @ResponseBody
    public Map judge(@RequestParam String username, @RequestParam String password, HttpSession session){

        //获取当前的用户
        Subject subject = SecurityUtils.getSubject();
        //封装用户的登录数据
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            subject.login(token); //执行登录方法 如果没有异常就说明ok了



            return ResultMapUtil.getHashMapLogin("登录成功","1");
        }catch (UnknownAccountException e){


            return ResultMapUtil.getHashMapLogin("用户名或者密码错", "2");
        }catch (IncorrectCredentialsException e){

            return ResultMapUtil.getHashMapLogin("用户名或者密码错误", "2");
        }
    }

这样就实现了登录拦截！！！

Kwqin

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
springboot整合shiro

第一步：导入依赖  <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.2</version> </dependency&g
复制链接

扫一扫