1: shiro加密登录验证
1:项目目录结构
2:Config层
package com.kaifa.shiro.Config;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.Hashtable;
import java.util.Map;
@Configuration
public class ShiroConfig {
//过滤器
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean factoryBean=new ShiroFilterFactoryBean();
//引入安全框架,所有的请求都要经过defaultWebSecurityManager
factoryBean.setSecurityManager(defaultWebSecurityManager);
//报错去的页面
factoryBean.setUnauthorizedUrl("/error/unAuth");
//没有经过认证的请求都去login页面
factoryBean.setLoginUrl("/User/loginUser");
Map<String,String> map=new Hashtable<>();
//不拦截的页面
map.put("/User/login","anon");
map.put("/User/loginUser","anon");
//拦截的页面
map.put("/**","authc");
factoryBean.setFilterChainDefinitionMap(map);
return factoryBean;
}
//定义安全管理器
@Bean
public DefaultWebSecurityManager securityManager(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher hashedCredentialsMatcher){
//获得加密方式
DefaultWebSecurityManager defaultWebSecurityManager=new DefaultWebSecurityManager();
//自己写的查询,需要自己定义,获得我们的加密数据
defaultWebSecurityManager.setRealm(userRealm(hashedCredentialsMatcher));
return defaultWebSecurityManager;
}
@Bean
public UserRealm userRealm(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher hashedCredentialsMatcher){
UserRealm userRealm=new UserRealm();
userRealm.setCredentialsMatcher(hashedCredentialsMatcher);
return userRealm;
}
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher();
//设置加密方式
hashedCredentialsMatcher.setHashAlgorithmName("MD5");
//设置加密的次数
hashedCredentialsMatcher.setHashIterations(1024);
//以散列的方式进行加密,也就是说将加密方式为MD5的方式以散列的形式进行加密,加密次数为1024
hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
return hashedCredentialsMatcher;
}
/*
shiro和我们的thgmleoft加一个方法 对话框
thgmleoft结合我们的shiro一起使用的回调方法
//thgmleoft和我们shiro交互的话需要一个对话框
*/
@Bean
public ShiroDialect shiroDialect(){
return new ShiroDialect();
}
//如果注解未生效。自动执行下面两个
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager, SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor=new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator app=new DefaultAdvisorAutoProxyCreator();
app.setProxyTargetClass(true);
return app;
}
}
3:Controller层
1:登录提交的数据会进入Controller层,然后讲数据存在token内提交给安全框架
@RequestMapping("login")
public Object login2(HttpServletRequest request,@RequestParam("username") String username,@RequestParam("password") String password){
HttpSession session=request.getSession();
// User byName = userService.findByName("张三");
// List list = (List) byName;
if (username==null||password==null){
return "login";
}
//创建安全框架
Subject subject = SecurityUtils.getSubject();
//封装用户数据,存在UsernamePassword