SpringBoot整合Shiro
1.创建一个springboot项目
2.添加相关依赖pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--导入配置文件处理器,配置文件进行绑定就会有提示-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!--<dependency>-->
<!--<groupId>org.springframework.boot</groupId>-->
<!--<artifactId>spring-boot-dev</artifactId>-->
<!--<optional>true</optional>-->
<!--</dependency>-->
<!-- 使用jsp引擎,springboot内置tomcat没有此依赖 -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!--shiro依赖-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
</dependencies>
3.目录结构
image.png
4.在realms包里面创建一个自定义的realms.java
public class Myrealms extends AuthorizingRealm {
@Autowired
private UserService userService;
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1.获取用户输入的账号
String name = (String) authenticationToken.getPrincipal();
System.out.println("name-------------------"+name);
//2.通过username从数据库中查找到user实体
User user = userService.login(name);
System.out.println(user);
if (user == null) {
return null;
}
//3.通过SimpleAuthenticationInfo做身份处理
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),getName());
//4.返回身份处理对象
return info;
}
}
5.在config包里面创建一个shiroConfig.java
package com.linlin.config;
import com.linlin.realms.Myrealms;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @author Giraffe Wld
* @site com.linlin
* @company 林林
* @create 2020-05-12 9:52
*/
@Configuration
public class ShiroConfig {
/**
* 配置Shiro的Web过滤器,拦截浏览器请求并交给SecurityManager处理
* @return
*/
@Bean
public ShiroFilterFactoryBean webFilter(){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//配置拦截链 使用LinkedHashMap,因为LinkedHashMap是有序的,shiro会根据添加的顺序进行拦截
// Map<K,V> K指的是拦截的url V值的是该url是否拦截
Map<String,String> filterChainMap = new LinkedHashMap<String,String>(16);
//authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问,先配置anon再配置authc。
filterChainMap.put("/user/login","anon");
filterChainMap.put("/user/login.html","anon");
//放行static下面的所有静态文件
filterChainMap.put("/static/asserts/**","anon");
filterChainMap.put("/asserts/css/**","anon");
filterChainMap.put("/asserts/img/**","anon");
filterChainMap.put("/asserts/js/**","anon");
filterChainMap.put("/**", "authc");
//设置拦截请求后跳转的URL.
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainMap);
//设置securityManager 启用安全管理器,即shiroFilterFactoryBean中配置SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager());
return shiroFilterFactoryBean;
}
//将自己的验证方式加入容器
@Bean
public Myrealms myrealms() {
Myrealms Myrealms = new Myrealms();
return Myrealms;
}
//权限管理,配置主要是Realm的管理认证
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myrealms());
return securityManager;
}
}
2.拦截链要记得放行静态文件不然会没有样式
image.png
6.控制器Controller.java
package com.linlin.contoller;
import com.linlin.entity.User;
import com.linlin.mapper.UserMapper;
import com.linlin.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @author Giraffe Wld
* @site com.linlin
* @company 林林
* @create 2020-05-11 16:49
*/
@Controller
@RequestMapping("user/")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("login")
public String login(Model model,String name,String password){
User login = userService.login(name);
System.out.println("用户--------------------"+login);
UsernamePasswordToken token=new UsernamePasswordToken(name,password);
Subject currentUser = SecurityUtils.getSubject();
try {
//主体提交登录请求到SecurityManager
currentUser.login(token);
}catch (IncorrectCredentialsException ice){
model.addAttribute("msg","密码不正确");
}catch(UnknownAccountException uae){
model.addAttribute("msg","账号不存在");
}
if(currentUser.isAuthenticated()){
System.out.println("认证成功");
model.addAttribute("currentUser",currentUser);
return "index";
}else{
token.clear();
return "login";
}
}
@RequestMapping({"/","login.html"})
public String login(){
return "login";
}
}
完成,访问地址
image.png
1.http://localhost:8080/user/login.html因为我的html文件是放在
templates文件夹
templates文件夹里面的html是不能直接访问要通过控制器去访问,所以我在控制器Controller里面写了个方法跳到登录页面
image.png
