springBoot 集成 shiro

已于 2023-11-13 15:33:59 修改
阅读量279 收藏 1
点赞数 1
分类专栏: shiro 文章标签: java
于 2021-05-11 17:46:08 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xhf852963/article/details/116661837
版权

一、背景

       这几天在看 shiro,用 springboot 集成了一下,下面的这个例子中主要介绍了 shiro 的认证和授权,以及盐值加密的功能。程序可以运行起来。这里只做一个简单的介绍,后续会针对各个功能做一个详细的介绍,这里不做过多的赘述。

二、项目整体介绍

       项目整体的结构如下图所示,项目整体采用 springboot + mybatis + jsp + mysql 来完成的,下面会详细介绍下:

三、数据库脚本

       先在数据库中创建 userrolepermission 这三张表,table.sql 的内容如下所示:

DROP DATABASE IF EXISTS shiro_test;
CREATE DATABASE shiro_test;
USE shiro_test;

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user`  (
  `ID` bigint(20) NOT NULL AUTO_INCREMENT,
  `USER_NAME` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL,
  `PASSWORD` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL,
  `ROLE_IDS` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL,
  `STATUS` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL,
  PRIMARY KEY (`ID`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_bin ROW_FORMAT = Dynamic;
-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role`  (
  `ID` bigint(20) NOT NULL AUTO_INCREMENT,
  `ROLE_NAME` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL,
  `PERMISSIONS_IDS` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL,
  PRIMARY KEY (`ID`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_bin ROW_FORMAT = Dynamic;

-- ----------------------------
-- Table structure for permission
-- ----------------------------
DROP TABLE IF EXISTS `permission`;
CREATE TABLE `permission`  (
  `ID` bigint(20) NOT NULL AUTO_INCREMENT,
  `PERMISSION_NAME` varchar(64) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL,
  PRIMARY KEY (`ID`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_bin ROW_FORMAT = Dynamic;

INSERT INTO `shiro_test`.`permission` (`ID`, `PERMISSION_NAME`) VALUES ('1', 'add');
INSERT INTO `shiro_test`.`permission` (`ID`, `PERMISSION_NAME`) VALUES ('2', 'delete');
INSERT INTO `shiro_test`.`permission` (`ID`, `PERMISSION_NAME`) VALUES ('3', 'update');
INSERT INTO `shiro_test`.`permission` (`ID`, `PERMISSION_NAME`) VALUES ('4', 'query');

INSERT INTO `shiro_test`.`role` (`ID`, `ROLE_NAME`, `PERMISSIONS_IDS`) VALUES ('1', 'administrator', '1,2,3,4');
INSERT INTO `shiro_test`.`role` (`ID`, `ROLE_NAME`, `PERMISSIONS_IDS`) VALUES ('2', 'normalUser', '4');

四、maven 依赖

       pom.xml 的内容如下所示:

    <parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.0.1.RELEASE</version>
		<relativePath />
	</parent>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-core</artifactId>
			<version>1.6.0</version>
		</dependency>
		<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-ehcache -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-ehcache</artifactId>
			<version>1.6.0</version>
		</dependency>
		<!-- shiro -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>1.6.0</version>
		</dependency>
		<!-- 添加shiro web支持 -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.6.0</version>
        </dependency>
		<!-- 简化model类的setter和getter -->
		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
			<scope>provided</scope>
		</dependency>
		<!--热部署依赖 -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-devtools</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.mybatis.spring.boot</groupId>
			<artifactId>mybatis-spring-boot-starter</artifactId>
			<version>1.3.2</version>
		</dependency>
		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<scope>priveded</scope>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>jstl</artifactId>
		</dependency>
		<dependency>
			<groupId>org.apache.tomcat.embed</groupId>
			<artifactId>tomcat-embed-jasper</artifactId>
			<scope>priveded</scope>
		</dependency>
	</dependencies>
	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>1.8</source>
					<target>1.8</target>
				</configuration>
			</plugin>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

五、配置文件

       application.properties 的内容如下所示:

spring.mvc.view.prefix=/page/
spring.mvc.view.suffix=.jsp
spring.resources.static-locations=classpath:/page/


spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/shiro_test?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=UTC&nullCatalogMeansCurrent=true
spring.datasource.username=root
spring.datasource.password=Rfid123456

mybatis.mapper-locations=classpath*:mapper/*Mapper.xml
mybatis.configuration.map-underscore-to-camel-case: true
mybatis.configuration.jdbc-type-for-null=null
mybatis.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
mybatis.configuration.call-setters-on-nulls=true

六、生成 pojo

       我这块使用的是 mybatis 的生成工具自动生成的 entitydao 和 mapper 文件,我这块就一并粘出来了,其中,我的 entity 里面的注解比较特殊,如果运行不起来,请参考我的 lombok 的那篇文章,也算是学习了一个新的知识点。

       entity 的代码如下所示:

import java.util.Set;

import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@NoArgsConstructor
public class User {
	private Long id;
	private String userName;
	private String password;
	private String roleIds;
	private Set<Role> roles;
	private String status;
}
import java.util.Set;

import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@NoArgsConstructor
public class Role {
	private Long id;
	private String roleName;
	private String permissionsIds;
	private Set<Permission> permissions;
}
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@NoArgsConstructor
public class Permission {
	public  Long id;
	public String permissionName;
}

       service 层以及其实现类的代码如下所示: 

public interface UserService {
	User selectByUserName(String userName);
	int insert(User record);
	int deleteAll();
}
@Service
public class UserServiceImpl implements UserService {

	@Autowired
	UserMapper mapper;
	@Autowired
	RoleMapper roleMapper;
	@Autowired
	PermissionMapper permissionsMapper;
	
	@Override
	public User selectByUserName(String userName) {
		User user = mapper.selectByUserName(userName);
		if(user != null) {
			Set<Role> roleSet = new HashSet<>();
			String [] roleIds = user.getRoleIds().split(",");
			for(int i=0;i<roleIds.length;i++) {
				Role role = roleMapper.selectByPrimaryKey(Long.valueOf(roleIds[i]));
				Set<Permission> permissionsSet = new HashSet<>();
				String [] permissionsIds = role.getPermissionsIds().split(",");
				for(int j=0;j<permissionsIds.length;j++) {
					Permission p = permissionsMapper.selectByPrimaryKey(Long.valueOf(permissionsIds[j]));
					permissionsSet.add(p);
				}
				role.setPermissions(permissionsSet);
				roleSet.add(role);
			}
			user.setRoles(roleSet);
			return user;
		}
		return null;
	}

	@Override
	public int insert(User record) {
		return mapper.insert(record);
	}

	@Override
	public int deleteAll() {
		return mapper.deleteAll();
	}
}
public interface RoleService {

}

@Service
public class RoleServiceImpl implements RoleService {

	@Autowired
	RoleMapper mapper;
}
public interface PermissionService {

}
@Service
public class PermissionServiceImpl implements PermissionService {

	@Autowired
	PermissionMapper mapper;
}

       dao 层的代码如下所示:

@Mapper
public interface UserMapper {
	
    int deleteByPrimaryKey(Long id);
    int insert(User record);
    User selectByPrimaryKey(Long id);
    List<User> selectAll();
    int updateByPrimaryKey(User record);
    User selectByUserName(String userName);
    int  deleteAll();
}
@Mapper
public interface RoleMapper {
	
    int deleteByPrimaryKey(Long id);
    int insert(Role record);
    Role selectByPrimaryKey(Long id);
    List<Role> selectAll();
    int updateByPrimaryKey(Role record);
}
@Mapper
public interface PermissionMapper {
	
    int deleteByPrimaryKey(Long id);
    int insert(Permission record);
    Permission selectByPrimaryKey(Long id);
    List<Permission> selectAll();
    int updateByPrimaryKey(Permission record);
}

        mapper.xlm 内容如下所示:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.dao.UserMapper">
  <resultMap id="BaseResultMap" type="com.entity.User">
    <id column="ID" jdbcType="BIGINT" property="id" />
    <result column="USER_NAME" jdbcType="VARCHAR" property="userName" />
    <result column="PASSWORD" jdbcType="VARCHAR" property="password" />
    <result column="ROLE_IDS" jdbcType="VARCHAR" property="roleIds" />
    <result column="STATUS" jdbcType="VARCHAR" property="status" />
  </resultMap>
  <delete id="deleteByPrimaryKey" parameterType="java.lang.Long">
    delete from user
    where ID = #{id,jdbcType=BIGINT}
  </delete>
  <insert id="insert" parameterType="com.entity.User">
    insert into user (ID, USER_NAME, PASSWORD, 
      ROLE_IDS, STATUS)
    values (#{id,jdbcType=BIGINT}, #{userName,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR}, 
      #{roleIds,jdbcType=VARCHAR}, #{status,jdbcType=VARCHAR})
  </insert>
  <update id="updateByPrimaryKey" parameterType="com.entity.User">
    update user
    set USER_NAME = #{userName,jdbcType=VARCHAR},
      PASSWORD = #{password,jdbcType=VARCHAR},
      ROLE_IDS = #{roleIds,jdbcType=VARCHAR},
      STATUS = #{status,jdbcType=VARCHAR}
    where ID = #{id,jdbcType=BIGINT}
  </update>
  <select id="selectByPrimaryKey" parameterType="java.lang.Long" resultMap="BaseResultMap">
    select ID, USER_NAME, PASSWORD, ROLE_IDS, STATUS
    from user
    where ID = #{id,jdbcType=BIGINT}
  </select>
  <select id="selectAll" resultMap="BaseResultMap">
    select ID, USER_NAME, PASSWORD, ROLE_IDS, STATUS
    from user
  </select>
   <delete id="deleteAll">
    delete from user
    where ID > 0
  </delete>
  <select id="selectByUserName" parameterType="String" resultMap="BaseResultMap">
    select ID, USER_NAME, PASSWORD, ROLE_IDS, STATUS
    from user
    where USER_NAME = #{userName,jdbcType=VARCHAR}
  </select>
</mapper>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.dao.RoleMapper">
  <resultMap id="BaseResultMap" type="com.entity.Role">
    <id column="ID" jdbcType="BIGINT" property="id" />
    <result column="ROLE_NAME" jdbcType="VARCHAR" property="roleName" />
    <result column="PERMISSIONS_IDS" jdbcType="VARCHAR" property="permissionsIds" />
  </resultMap>
  <delete id="deleteByPrimaryKey" parameterType="java.lang.Long">
    delete from role
    where ID = #{id,jdbcType=BIGINT}
  </delete>
  <insert id="insert" parameterType="com.entity.Role">
    insert into role (ID, ROLE_NAME,PERMISSIONS_IDS)
    values (#{id,jdbcType=BIGINT}, #{roleName,jdbcType=VARCHAR}, #{permissionsIds,jdbcType=VARCHAR})
  </insert>
  <update id="updateByPrimaryKey" parameterType="com.entity.Role">
    update role
    set ROLE_NAME = #{roleName,jdbcType=VARCHAR},
    PERMISSIONS_IDS = #{permissionsIds,jdbcType=VARCHAR},
    where ID = #{id,jdbcType=BIGINT}
  </update>
  <select id="selectByPrimaryKey" parameterType="java.lang.Long" resultMap="BaseResultMap">
    select ID, ROLE_NAME,PERMISSIONS_IDS
    from role
    where ID = #{id,jdbcType=BIGINT}
  </select>
  <select id="selectAll" resultMap="BaseResultMap">
    select ID, ROLE_NAME,PERMISSIONS_IDS
    from role
  </select>
</mapper>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.dao.PermissionMapper">
  <resultMap id="BaseResultMap" type="com.entity.Permission">
    <id column="ID" jdbcType="BIGINT" property="id" />
    <result column="PERMISSION_NAME" jdbcType="VARCHAR" property="permissionName" />
  </resultMap>
  <delete id="deleteByPrimaryKey" parameterType="java.lang.Long">
    delete from permission
    where ID = #{id,jdbcType=BIGINT}
  </delete>
  <insert id="insert" parameterType="com.entity.Permission">
    insert into permission (ID, PERMISSION_NAME)
    values (#{id,jdbcType=BIGINT}, #{permissionName,jdbcType=VARCHAR})
  </insert>
  <update id="updateByPrimaryKey" parameterType="com.entity.Permission">
    update permission
    set PERMISSION_NAME = #{permissionName,jdbcType=VARCHAR}
    where ID = #{id,jdbcType=BIGINT}
  </update>
  <select id="selectByPrimaryKey" parameterType="java.lang.Long" resultMap="BaseResultMap">
    select ID, PERMISSION_NAME
    from permission
    where ID = #{id,jdbcType=BIGINT}
  </select>
  <select id="selectAll" resultMap="BaseResultMap">
    select ID, PERMISSION_NAME
    from permission
  </select>
</mapper>

七、插入数据

       我们在初始化的 table.sql 中已经插入了权限和角色的数据,但是用户的数据的密码需要加密存储,所以这块我们我们采用代码来插入数据,InsertUser 类的内容如下所示,这段代码的意思是每次启动工程的时候先把数据库里面 user 表的数据清除掉,然后重新插入。

import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.entity.User;
import com.service.UserService;

@Component
public class InsertUser implements InitializingBean{

	@Autowired
	UserService userService;

	@Override
	public void afterPropertiesSet() throws Exception {

		userService.deleteAll();

		User user = new User();
		// 这里我们假设username+"salt"的值为盐值。
		String salt1 = "zhangsan";
		String password1 = "123456";
		String encryp_password1 = MD5Pwd(salt1,password1);
		
		user.setUserName(salt1);
		user.setPassword(encryp_password1);
		user.setRoleIds("1,2");
		user.setStatus("1");
		userService.insert(user);

		User user2 = new User();
		String salt2 = "lisi";
		String password2 = "123456";
		String encryp_password2 = MD5Pwd(salt2,password2);
		
		user2.setUserName(salt2);
		user2.setPassword(encryp_password2);
		user2.setRoleIds("2");
		user2.setStatus("1");
		userService.insert(user2);

		User user3 = new User();
		String salt3 = "wangwu";
		String password3 = "123456";
		String encryp_password3 = MD5Pwd(salt3,password3);
		
		user3.setUserName(salt3);
		user3.setPassword(encryp_password3);
		user3.setRoleIds("1");
		user3.setStatus("1");
		userService.insert(user3);
	}
	public static String MD5Pwd(String username, String pwd) {
        // 加密算法MD5
        // 盐值= username + "salt"
        // 迭代次数,这个地方的迭代次数要和后面自定义Relam里面的迭代此时一致
        String md5Pwd = new SimpleHash("MD5", pwd,
                ByteSource.Util.bytes(username + "salt"), 2).toHex();
        return md5Pwd;
    }

}

八、自定义 Realm

       这里我们自己实现了 CustomRealm,其代码内容如下所示:

import java.util.ArrayList;
import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;

import com.entity.Permission;
import com.entity.Role;
import com.entity.User;
import com.service.UserService;

public class CustomRealm extends AuthorizingRealm{

	@Autowired
	UserService  userService;
	/*
	 * 权限配置类
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
		// 获取登录用户名
		String name = (String)principalCollection.getPrimaryPrincipal();
		// 查询用户名称
		User user = userService.selectByUserName(name);
		// 添加角色和权限
		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
		List<String> roleNameList = new ArrayList<>();
		List<String> permissionNameList = new ArrayList<>();
		
		for (Role role : user.getRoles()) {
			roleNameList.add(role.getRoleName());
			for (Permission permission : role.getPermissions()) {
				permissionNameList.add(role.getRoleName()+":"+permission.getPermissionName());
			}
		}
		// 添加角色
		simpleAuthorizationInfo.addRoles(roleNameList);
		// 添加权限
		simpleAuthorizationInfo.addStringPermissions(permissionNameList);
		return simpleAuthorizationInfo;
	}

	/*
	 * 认证配置类
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
		if(StringUtils.isEmpty(authenticationToken.getPrincipal())) {
			return null;
		}
		// 获取用户信息
		String userName = authenticationToken.getPrincipal().toString();
		
		User user = userService.selectByUserName(userName);
		// 用户是否存在
		if(user == null) {
			throw new UnknownAccountException();
		}
		// 是否激活
		if(user !=null && user.getStatus().equals("0")){
			throw new  DisabledAccountException();
		}
		// 是否锁定
		if(user!=null && user.getStatus().equals("3")){
			throw new  LockedAccountException();
		}
		// 若存在将此用户存放到登录认证info中,shiro会为我们进行密码比对校验
		if(user !=null && user.getStatus().equals("1")){
			ByteSource credentialsSalt = ByteSource.Util.bytes(user.getUserName()+ "salt");
			/** 这里验证authenticationToken和simpleAuthenticationInfo的信息,构造方法支持三个或者四个参数,
			*	第一个参数传入userName或者是user对象都可以。
			*	第二个参数传入数据库中该用户的密码(记得是加密后的密码)
			*	第三个参数传入加密的盐值,若没有则可以不加
			*	第四个参数传入当前Relam的名字
			**/
			SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userName, user.getPassword().toString(),credentialsSalt, getName());
			return simpleAuthenticationInfo;
		}
		return null;
	}
}

九、配置 shiro

       编写 ShiroConfig 的配置类,内容如下所示:

import java.util.HashMap;
import java.util.Map;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.shiro.CustomRealm;

@Configuration
public class ShiroConfig {

	@Bean
	@ConditionalOnMissingBean
	public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
		DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
		defaultAAP.setProxyTargetClass(true);
		return defaultAAP;
	}

	// 将自己的验证方式加入容器
	@Bean
	public CustomRealm myShiroRealm() {
		CustomRealm customRealm = new CustomRealm();
		// 告诉realm,使用credentialsMatcher加密算法类来验证密文
		customRealm.setCredentialsMatcher(hashedCredentialsMatcher());
		return customRealm;
	}

	// 权限管理,配置主要是Realm的管理认证
	@Bean
	public SecurityManager securityManager() {
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setRealm(myShiroRealm());
		return securityManager;
	}
	// Filter工厂,设置对应的过滤条件和跳转条件
	@Bean
	public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		shiroFilterFactoryBean.setSecurityManager(securityManager);
		Map<String, String> map = new HashMap<>();
		//登出
		map.put("/logout", "logout");
		//对所有用户认证
		map.put("/**", "authc");
		//登录
		shiroFilterFactoryBean.setLoginUrl("/login");
		//首页
		shiroFilterFactoryBean.setSuccessUrl("/index");
		//错误页面,认证不通过跳转
		shiroFilterFactoryBean.setUnauthorizedUrl("/error");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
		return shiroFilterFactoryBean;
	}

	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
		return authorizationAttributeSourceAdvisor;
	}
	@Bean
	public HashedCredentialsMatcher hashedCredentialsMatcher() {
		HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
		// 散列算法:这里使用MD5算法;
		hashedCredentialsMatcher.setHashAlgorithmName("md5");
		// 散列的次数,比如散列两次,相当于 md5(md5(""));
		hashedCredentialsMatcher.setHashIterations(2);
		// storedCredentialsHexEncoded默认是true,此时用的是密码加密用的是Hex编码;false时用Base64编码
		hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
		return hashedCredentialsMatcher;
	}
}

十、登录拦截

       创建 LoginController 来拦截用户的前端请求,其代码内容如下所示:

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;

import com.entity.User;

import lombok.extern.slf4j.Slf4j;

@Controller
@Slf4j
public class LoginController {

	@RequestMapping("/login")
	public String login(User user) {
		if (StringUtils.isEmpty(user.getUserName()) || StringUtils.isEmpty(user.getPassword())) {
			return "error";
		}
		//用户认证信息
		Subject subject = SecurityUtils.getSubject();
		UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(
				user.getUserName(),
				user.getPassword());
		usernamePasswordToken.setRememberMe(true);
		try {
			//进行验证,这里可以捕获异常,然后返回对应信息
			subject.login(usernamePasswordToken);
		} catch (UnknownAccountException e) {
			log.error("用户名不存在!", e);
			return "error";
		} catch (AuthenticationException e) {
			log.error("账号或密码错误!", e);
			return "error";
		} catch (AuthorizationException e) {
			log.error("没有权限!", e);
			return "error";
		}
		return "shiro_index";
	}
}

十一、前端展示界面

       前端用户展示的 shiro_index.jsp 内容如下所示:

<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>

<shiro:guest>
	<h1>欢迎游客访问</h1>	
</shiro:guest>
</br>
<shiro:user>
	<h1>欢迎[<shiro:principal/>]登录</h1>
</shiro:user>
</br>
<shiro:authenticated>
	<h1>用户[<shiro:principal/>]身份已验证通过</h1>
</shiro:authenticated>
</br>
<shiro:hasAnyRoles name="administrator,normalUser">
	<h2>用户[<shiro:principal/>]拥有角色administrator或normalUser</h2>
</shiro:hasAnyRoles>
</br>
<shiro:lacksRole name="test">
   <h2> 用户[<shiro:principal/>] 没有角色test </h2>
</shiro:lacksRole>
</br>
<shiro:hasRole name="administrator">
    <h3>拥有administrator的角色才会显示这个标签</h3>
</shiro:hasRole>
</br>
<shiro:hasRole name="normalUser">
    <h3>拥有normalUser的角色才会显示这个标签</h3>
</shiro:hasRole>
</br>
<shiro:hasPermission name="normalUser:query">
	<h3>用户[<shiro:principal/>]拥有权限normalUser:query</h3>
</shiro:hasPermission>
</br>
<shiro:hasPermission name="normalUser:add">
	<h3>用户[<shiro:principal/>]拥有权限normalUser:add</h3>
</shiro:hasPermission>
</br>
<shiro:hasPermission name="administrator:add">
	<h3>用户[<shiro:principal/>]拥有权限administrator:add</h3>
</shiro:hasPermission>
</br>
<shiro:hasPermission name="administrator:delete">
	<h3>用户[<shiro:principal/>]拥有权限administrator:delete</h3>
</shiro:hasPermission>
</br>
<shiro:hasPermission name="administrator:update">
	<h3>用户[<shiro:principal/>]拥有权限administrator:update</h3>
</shiro:hasPermission>
</br>
<shiro:hasPermission name="administrator:query">
	<h3>用户[<shiro:principal/>]拥有权限administrator:query</h3>
</shiro:hasPermission>

</body>
</html>

       error.jsp 的内容如下所示:

<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>

<h1>账号或者密码错误!</h1>

</body>
</html>

十二、启动类

       启动类 App 的代码内容如下所示:

@SpringBootApplication
@MapperScan({"com.dao"}) 
public class App {
    public static void main( String[] args ){
        SpringApplication.run(App.class, args);
    }
}

十三、测试

       在浏览器输入:http://localhost:8080/login?userName=lisi&password=123456 展示内容如下所示:

       在浏览器输入:http://localhost:8080/login?userName=zhangsan&password=123456 内容如下所示:

快乐的小三菊
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 1
    评论
专栏目录
SpringBoot整合Shiro(认证+授权)
weixin_45967375的博客
04-23 144
Spring Boot整合shiro 1.创建Spring Boot应用,集成Shiro及相关组件,pom.xml pom.xml <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.1</version> </dependen
Spring Security OAuth2.0 认证协议【2】hello world(基于 SpringBoot
LawssssCat的博客
03-24 680
Hello World SpringBoot集成Spring Security入门体验 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </d...
springboot集成shiros自定义md5加密自定义token认证
最新发布
a360284634的博客
06-18 828
spring boot 集成 shiroshiro介绍,shiro与springSecurity区别,shiro优缺点
Springboot整合Shiro之认证
热门推荐
波波烤鸭的博客
11-30 2万+
  Shiro是我们常用的一个权限管理框架,我们之前已经详细的给大家介绍过了Shiro的基础知识,不太清楚的可以参考下 https://blog.csdn.net/qq_38526573/category_9284714.html 此文,本文的重点是来介绍下在SpringBoot环境下我们怎么来使用Shiro。 一、添加相关依赖 本案例中我们使用SpringDataJPA和Thymeleaf来配合...
springboot整合shiro数据库认证
菜鸡的博客
11-16 1487
创建项目 1、开发数据库注册 1、开发注册界面 <h1>用户注册</h1> <form action="/user/register" method="post"> 用户名:<input type="text" name="username" > <br/> 密码 : <input type="text" name="password"> <br> <input type="submit"
Spring 集成 shiro 实现登录认证
不负年华
06-02 394
Spring 集成 shiro 实现登录认证 一,在Spring原基础依赖加上以下依赖 <!--shiro 依赖的 jar 包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version&gt
SpringBoot 集成 Shiro 实现动态uri权限
04-22
SpringBoot集成Shiro实现动态URI权限是一个常见的权限管理实践,主要目的是为了实现更灵活、更安全的用户访问控制。在Web应用中,权限控制通常包括角色管理、菜单管理、操作权限(URI)管理等,而动态URI权限则允许...
SpringBoot集成Shiro、Jwt和Redis
10-24
本教程将深入探讨如何在SpringBoot项目中集成Shiro、Jwt(JSON Web Tokens)以及Redis,同时利用MyBatisPlus进行数据库操作,以构建一个强大的权限管理(RBAC,Role-Based Access Control)系统。 **Shiro** 是...
springboot集成shiro
01-06
本项目"springboot集成shiro"是将这两个优秀的框架结合,以实现一个基于Spring Boot的权限控制解决方案,并且还集成了MyBatis Plus,这是一个增强版的MyBatis,提供了更多的方便操作数据库的功能。 首先,我们来...
springBoot集成shiro
06-20
该demo实现了:spring集成shiro。 用户角色校验,用户权限校验。链接mysql。 对应文章url: https://blog.csdn.net/zhou199252/article/details/80741361
springboot 集成shiro代码实例
08-28
SpringBoot集成Shiro是Java开发中常见的权限管理实践,它结合了SpringBoot的便捷性和Apache Shiro的安全特性,为Web应用程序提供了用户认证和授权的解决方案。以下是对这一主题的详细阐述: 1. **SpringBoot简介**...
springmvc+mybatis+shiro+mysql简单例子,有脚本
05-13
实现简单登录、简单权限控制
springboot整合shiro入门,实现认证和授权功能(非常详细)
沐雨橙风ιε的博客
07-02 5775
自定义过滤器AuthorizationFilter实现鉴权功能。/*** 鉴权过滤器*/@WebFilter@Override= null &&!// 构建返回对象JsonResult<Void> jsonResult= JsonResult.error(ResponseCode.UNAUTHORIZED, "正在访问未授权的资源");return;
ShiroSpringBoot整合Shiro实现简单的认证授权
weixin_47201411的博客
09-14 289
【Shrio】SpringBoot整合Shiro入门案例
Springboot整合Shiro实现登录认证
qq_42077317的博客
07-08 1055
另外,如果我们想要控制对于接口访问权限,也可以使用Shiro相关注解实现,比如像 @RequestPermissions这样的注解就可以进行控制用户的权限,这里就不做过多说明了。Realm,可以有1个或多个Realm,即安全实体数据源,即用于获取安全实体的;Shiro 是一个功能强大且易于使用的轻量级Java安全框架,包括身份验证、授权、加密及会话管理,使用Shiro易于理解的API,可以轻松地保护任何应用程序。SecurityManager即安全管理器,可以视为拦截器,拦截请求,并转至shiro中处理。
三、Springboot 整合Shiro---01认证
itxsl的博客
07-20 673
本篇基于:二、Sprinboot 整合 beetl 模板引擎 shiro是什么? Shiro是一个功能强大且易于使用的Java安全框架,它执行身份验证、授权、密码学和会话管理。使用Shiro易于理解的API,您可以快速且轻松地保护任何应用程序——从最小的移动应用程序到最大的web和企业应用程序。 Shiro提供了应用程序安全API来执行以下方面(我喜欢将其称为应用程序安全性的4个基石: A...
SpringBoot整合Shiro实现登录认证和权限授权
ChuaWi98的博客
05-28 985
Shiro是一个功能强大、灵活的,开源的安全框架,主要可以帮助我们解决程序开发中认证和权限等问题。基于拦截器做的权限系统,权限控制的粒度有限,为了方便各种各样的常用的权限管理需求的实现,我们有必要使用比较好的安全框架。 早期Spring security 作为一个比较完善的安全框架比较火,但是Springsecurity学习成本比较高,于是就出现了shiro安全框架,学习成本降低了很多,而且基本的功能也比较完善。 Shiro的架构 1、Subject:主题。被验证的对象,一般指的当前用户对象。但是不仅
Spring整合shiro配置(认证+授权)
qq_48839285的博客
07-06 151
-配置包扫描-->-- 注解驱动-->-- 静态资源放行-->--4.视图解析器--></bean>-- 数据源-->-- 数据源--></bean>-- sqlsessionfactory 加载mybatis配置-->-- 映射文件--></bean>-- dao接口代理实现类--></bean>-- Spring整合shiro配置-->--shiro和spring整合的配置--></bean></bean>
springboot集成shiro安全框架实现用户身份认证和授权
weixin_44341110的博客
09-18 926
Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 主要功能: 三个核心组件:Subject, SecurityManager 和 Realms. Subject:即“当前操作用户”。但是,在Shiro中,Subject这一概念并...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

快乐的小三菊

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值