zoukankan      html  css  js  c++  java
  • 【Shiro】08 SpringBoot整合

    需要的依赖的坐标:

            <!-- Shiro依赖 -->
            <dependency>
                <groupId>com.github.theborakompanioni</groupId>
                <artifactId>thymeleaf-extras-shiro</artifactId>
                <version>2.0.0</version>
            </dependency>
    
            <dependency>
                <groupId>org.apache.shiro</groupId>
                <artifactId>shiro-spring-boot-web-starter</artifactId>
                <version>1.5.3</version>
            </dependency>
            
            <!-- Thymeleaf模版引擎 -->
            <dependency>
                <groupId>org.thymeleaf</groupId>
                <artifactId>thymeleaf-spring5</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.thymeleaf.extras</groupId>
                <artifactId>thymeleaf-extras-java8time</artifactId>
            </dependency>
            
            <!-- web组件 -->
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-web</artifactId>
            </dependency>

    【配置编写】

    先编写自定义Realm:

    package cn.dai.shiro;
    
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    
    /**
     * @author DaiZhiZhou
     * @file Shiro
     * @create 2020-08-01 22:44
     */
    public class UserRealm extends AuthorizingRealm {
    
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            return null;
        }
    
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    
            String principal = authenticationToken.getPrincipal().toString();
    
            if ("xxx".equals(principal)) return new SimpleAuthenticationInfo(principal, "123456", this.getName());
    
            return null;
        }
    
    }

    再编写配置类:

    package cn.dai.config;
    
    import cn.dai.shiro.UserRealm;
    import org.apache.shiro.realm.Realm;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    /**
     * @author DaiZhiZhou
     * @file Shiro
     * @create 2020-08-01 22:39
     */
    @Configuration
    public class ShiroConfiguration {
    
        
        @Bean("realm") /* 自定义Realm配置 */
        public Realm getRealm() {
            return new UserRealm();
        }
    
        @Bean("defaultWebSecurityManager") /* 注入安全管理器 */
        public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {
            DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
            defaultWebSecurityManager.setRealm(realm);
            return defaultWebSecurityManager;
        }
    
        @Bean("shiroFilterFactoryBean") /* 注入Shiro过滤器工厂Bean */
        public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
            return shiroFilterFactoryBean;
        }
    }

    配置Controller:

    package cn.dai.controller;
    
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.IncorrectCredentialsException;
    import org.apache.shiro.authc.UnknownAccountException;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.subject.Subject;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    
    import javax.servlet.http.HttpSession;
    
    /**
     * @author DaiZhiZhou
     * @file Shiro
     * @create 2020-08-01 22:53
     */
    @Controller
    public class AccessController {
        
        @RequestMapping("logout")
        public String logout() { 
            SecurityUtils.getSubject().logout();
            return "redirect:/loginview"; // 账号退出,重定向到登录页
        }
        
        @RequestMapping("loginview")
        public String login() {
            return "login"; // 跳转登陆页面
        }
        
        @RequestMapping("login")
        public String login(String username, String password, HttpSession session) {
            try {
                Subject subject = SecurityUtils.getSubject();
                subject.login(new UsernamePasswordToken(username, password));
                return "redirect:/index"; // login方法执行没出现异常,登陆正常
            } catch (UnknownAccountException unknownAccountException) {
                unknownAccountException.printStackTrace();
                System.out.println("用户名错误");
            } catch (IncorrectCredentialsException incorrectCredentialsException) {
                incorrectCredentialsException.printStackTrace();
                System.out.println("密码错误");
            } catch (Exception exception) {
                exception.printStackTrace();
            }
            
            return "redirect:/loginview";
        }
        
    }

    然后再更改权限控制:

    package cn.dai.config;
    
    import cn.dai.shiro.UserRealm;
    import org.apache.shiro.realm.Realm;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    import java.util.HashMap;
    
    /**
     * @author DaiZhiZhou
     * @file Shiro
     * @create 2020-08-01 22:39
     */
    @Configuration
    public class ShiroConfiguration {
    
    
        @Bean("realm") /* 自定义Realm配置 */
        public Realm getRealm() {
            return new UserRealm();
        }
    
        @Bean("defaultWebSecurityManager") /* 注入安全管理器 */
        public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm) {
            DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
            defaultWebSecurityManager.setRealm(realm);
            return defaultWebSecurityManager;
        }
    
        @Bean("shiroFilterFactoryBean") /* 注入Shiro过滤器工厂Bean */
        public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
    
            HashMap<String, String> map = new HashMap<>();
            
            map.put("/login", "anon"); // 登录shiro控制程序,随意访问
            map.put("/loginview", "anon"); // 登录页面随意访问
            map.put("/logout", "anon"); //退出页面随意访问
            map.put("/**", "authc"); // 其余资源都必须授权访问
            
            shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
            shiroFilterFactoryBean.setLoginUrl("/login");
            return shiroFilterFactoryBean;
        }
    }
  • 相关阅读:
    C知识(#一些笔记)
    我整理的Python规则(2)
    我整理的Python代码规则
    教你如何通俗易懂的了解深度学习知识
    c#中委托和事件(续)(转)
    c#中的委托和事件(转)
    .Net neatupload上传控件实现文件上传的进度条
    C#常用日期格式处理转换[C#日期格式转换大全
    C#string常用函数总结
    数据库08版本如何移动到05的数据中
  • 原文地址:https://www.cnblogs.com/mindzone/p/13417032.html
Copyright © 2011-2022 走看看