1.添加依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.9.0</version>
</dependency>
2.创建Realm对象
package com.zzy.shiro.realm;
import com.zzy.shiro.entity.SysUser;
import com.zzy.shiro.service.SysUserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
/**
* @author yangl
* @version 1.0
* @date 2022/11/22 14:44
*/
@Component
public class LoginRealm extends AuthorizingRealm {
@Autowired
private SysUserService sysUserService;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
//自定义登录认证方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//声明变量来接收
String usercode = null;
String password = null;
//获取前端传过来的身份信息
Object principal = token.getPrincipal();
//判断
if(principal != null){
usercode = principal.toString();
}
//和获取前端传过来的凭证信息
Object credentials = token.getCredentials();
//判断
if(credentials != null){
password = new String((char[])credentials);
}
//去数据库查询用户
SysUser db_user = sysUserService.login(usercode);
//判断
if(db_user != null){
SimpleAuthenticationInfo simpleAuthenticationInfo =
new SimpleAuthenticationInfo(token.getPrincipal(), db_user.getPassword(), ByteSource.Util.bytes("LoginRealm"),usercode);
return simpleAuthenticationInfo;
}
throw new RuntimeException("认证失败");
}
}
3.构建环境,创建defaultWebSecurityManager对象以及shrio内置过滤器
package com.zzy.shiro.config;
import com.zzy.shiro.realm.LoginRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
/**
* @author yangl
* @version 1.0
* @date 2022/11/22 15:47
*/
@Configuration
public class ShiroConfig {
@Bean
public WebSecurityManager getSecurityManager(LoginRealm loginRealm){
//构建环境,创建defaultWebSecurityManager对象
DefaultWebSecurityManager defaultWebSecurityManager =
new DefaultWebSecurityManager();
//创建加密对象设置相关属性
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
//采用MD5加密
matcher.setHashAlgorithmName("md5");
//迭代加密次数
matcher.setHashIterations(3);
//将对象存储到loginRealm中
loginRealm.setCredentialsMatcher(matcher);
//将loginRealm对象注入到defaultWebSecurityManager
defaultWebSecurityManager.setRealm(loginRealm);
//返回
return defaultWebSecurityManager;
}
//shrio内置过滤器
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(WebSecurityManager securityManager){
//shiro过滤器
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//配置相关信息
//认证成功之后跳转的页面,如果不配置,在哪个页面认证就跳转到哪个页面
//shiroFilterFactoryBean.setSuccessUrl("/user/toIndex");
//没有认证跳转的页面
shiroFilterFactoryBean.setLoginUrl("/sysUser/toLogin");
//没有授权跳转的页面
shiroFilterFactoryBean.setUnauthorizedUrl("/sysUser/toRefuse");
//创建一个Map集合,顺序很重要
LinkedHashMap<String, String> map = new LinkedHashMap<>();
//先设置可以匿名访问的资源
map.put("/css/**","anon");
map.put("/js/**","anon");
map.put("/img/**","anon");
//放行登录
map.put("/sysUser/login","anon");
map.put("/sysUser/toLogin","anon");
//设置必须拥有权限才能访问
map.put("/product/add","perms[product:add]");
map.put("/product/update","perms[product:update]");
//配置退出
map.put("/sysUser/logout","logout");
//记住我
map.put("/sysUser/toIndex","user");
//再设置需要认证后才能访问的资源
map.put("/**","authc");
//配置Map
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
}
}
controller层代码
@RequestMapping("login")
public String login(String usercode,String password){
//封装用户名和密码
AuthenticationToken token =
new UsernamePasswordToken(usercode, password);
//获取主体
Subject subject = SecurityUtils.getSubject();
//登录
try {
subject.login(token);
}catch (Exception e){
log.info("异常信息:{}",e.getMessage());
//跳转到登录页面
return "redirect:/sysuser/toLogin";
}
目前只有认证,大致思路首先数据库创建用户表,让后写一个根据身份信息写一个接口,然后创建Realm对象,重写里面的方法,然后创建defaultWebSecurityManager对象这是shiro所需要的环境,然后shiro内置过滤器,放行一些不需要认证就可访问的资源。