springboot 与shiro整合——(一)页面过滤器实现拦截
一 导读和实现效果
Shiro实现用户登录认证步骤
设计login页面——>ShiroConfig(login放行)——>login.html(提交login的controller)-->Controller(subject.login(token))->UserRealm进行mybtis数据库认证——>认证结果返回给Controller——>login.html页面显示结果
1. 设计登录页面loginPage.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>登录页面 </title>
</head>
<body>
<h3>登录</h3>
<h3 th:text="${msg}" style="color:red"></h3>
<form method="post" action="login">
用户名:<input type="text" name="name"/><br/>
密码: <input type="password" name="password"/><br/>
<input type="submit" value="登录"/>
</form>
</body>
</html>
2. 编写controller
@GetMapping("/tologin")
public String tologin()
{
return "loginPage";
}
/**
* 登录
* @return
*/
@RequestMapping("/login")
public String gologin(String name,String password,Model model)
{
System.out.println("name="+name);
/**
* 使用Shiro编写认证操作
*/
//1.获得subject
Subject subject= SecurityUtils.getSubject();
//2.封装用户数据
UsernamePasswordToken token=new UsernamePasswordToken(name,password);
//3. 执行登录方法
try {
subject.login(token);
//登录成功
return "redirect:/index";
}
catch (UnknownAccountException e)
{
//用户名不存在 ,登录失败
model.addAttribute("msg","用户名不存在");
return "loginPage";
}
catch (IncorrectCredentialsException e)
{
//密码错误 ,登录失败
model.addAttribute("msg","密码错误");
return "loginPage";
}
}
当执行login里的subject.login(token)时,会自动跳转到UserRealm的认证函数doGetAuthenticationInfo里
3. 修改UserRealm类
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权逻辑");
return null;
}
/**
* 执行认证逻辑
* @param
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
System.out.println("执行认证逻辑");
//编写shiro判读逻辑,判断用户名和密码
UsernamePasswordToken token=(UsernamePasswordToken)arg0;
System.out.println("token.getUsername()====="+token.getUsername());
User user=userService.getUserByNum(token.getUsername());
if(user==null)
{
return null;
}
return new SimpleAuthenticationInfo("",user.getPassword(),"");
}
}
4. 对login页面进行放行
public class ShiroConfig {
/*
创建ShiroFilterFactoryBean
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager)
{
ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
//1.设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
/**2. 添加shiro内置过滤器,可以实现权限相关的拦截
* 常用的过滤器:
* anon:无需认证(登录)可以访问
* authc: 必须认证才能访问
* user: 如果使用rememberMe的功能可以直接访问
* perms:该资源必须得到资源权限才可以访问
* role:该资源必须得到角色权限才能访问
**/
Map<String,String> filterMap=new LinkedHashMap<String,String>();
filterMap.put("/sysmenu/*","anon");
filterMap.put("/index","anon");
filterMap.put("/login","anon");
filterMap.put("/*","authc");
//修改跳转的登录页面
shiroFilterFactoryBean.setLoginUrl("/tologin");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/*
创建DefaultWebSecurityManager
*/
@Bean(name="securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm)
{
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
/*
创建Realm
*/
@Bean(name="userRealm")
public UserRealm getReal(){
return new UserRealm();
}
}
5.UserSerive和UserMapper类就不赘述了,前面的文章里都有