先导入pom.xml的依赖
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.1</version> </dependency>
<!--配置日志文件-->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
第二步,Shiro框架怎么用,直接配置相关信息即可,这里要注意,我们从下往上走,理解会更加的简单
1 @Configuration
2 public class ShiroConfig {
3
4 //shiroFilterFactoryBean
5 @Bean //此处Qualifier绑定的是getDefaultSecurityManager这个bean对象
6 public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
7 //前两步固定套路,工厂模式创建一个shiroFilterFactoryBean,然后将下面的defaultWebSecurityManager设置进来
8 ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
9 bean.setSecurityManager(defaultWebSecurityManager);
10
11 // <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
12 // Map<String, String> filterMap = new LinkedHashMap<>();
13 // //注意此处的页面路劲不是网页名称,而是MVC中的方法
14 // filterMap.put("/main","anon");
15 // bean.setFilterChainDefinitionMap(filterMap);
16
17 //设置登录时路径
18 // bean.setLoginUrl("/index");
19 return bean;
20 }
21
22 //DefaultWebSecurityManager,中间商,处理用户 授权 以及 认证 的合法性,以此转交给上面的FilterFactorBean进行过滤
23 @Bean(name = "securityManager") //此处Qualifier绑定的是userRealm这个bean对象
24 public DefaultWebSecurityManager getDefaultSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
25 DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
26
27 //关联Realm
28 defaultWebSecurityManager.setRealm(userRealm);
29
30 return defaultWebSecurityManager;
31 }
32
33 //创建Realm对象,用来进行授权以及认证功能,完毕后转交给SecurityManager进行合法性验证
34 @Bean
35 public UserRealm userRealm(){
36 return new UserRealm();
37 }
38 }
然后我们来配置UserRealm的登录验证逻辑
1 public class UserRealm extends AuthorizingRealm {
2
3
4 @Autowired
5 UserMapper userMapper;
6
7 //授权
8 @Override
9 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
10 System.out.println("执行了授权");
11 return null;
12 }
13
14 //认证
15 @Override
16 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
17 System.out.println("执行了认证");
18
19 //获取当前用户token
20 UsernamePasswordToken userToken = (UsernamePasswordToken) token;
21
22 //mybatis-plus查询
23 QueryWrapper<User> queryWrapper = new QueryWrapper<>();
24 queryWrapper.eq("username",userToken.getUsername());
25 User user = userMapper.selectOne(queryWrapper);
26
27 //后台测试打印用户是否正确获取
28 System.out.println(user.getUsername()+" "+user.getPassword());
29
30 //如果用户不存在
31 if(user.getUsername() == null)
32 return null; //自动抛出UnknownAccountException
33
34 System.out.println(userToken.getUsername()+"......");
35
36 //password siro处理 不交由用户处理
37 return new SimpleAuthenticationInfo("",user.getPassword(),"");
38 }
39 }
最后,新建一个log4j.properties配置一下日志文件即可
1 log4j.rootLogger=INFO, stdout 2 3 log4j.appender.stdout=org.apache.log4j.ConsoleAppender 4 log4j.appender.stdout.layout=org.apache.log4j.PatternLayout 5 log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n 6 7 # General Apache libraries 8 log4j.logger.org.apache=WARN 9 10 # Spring 11 log4j.logger.org.springframework=WARN 12 13 # Default Shiro logging 14 log4j.logger.org.apache.shiro=INFO 15 16 # Disable verbose logging 17 log4j.logger.org.apache.shiro.util.ThreadContext=WARN 18 log4j.logger.org.apache.shiro.cache.ehcache.EhCache=WARN
至此,登录验证用户名密码功能已经实现了。