springboot shiro 基本整合
https://www.w3cschool.cn/shiro/c52r1iff.html
http://shiro.apache.org/configuration.html#Configuration-ProgrammaticConfiguration
步骤
依赖和配置
定义 org.apache.shiro.realm.Realm 使用 IniRealm
定义 org.apache.shiro.mgt.SecurityManager
定义 org.apache.shiro.spring.web.ShiroFilterFactoryBean
指定登录页面 shiroFilterFactoryBean.setLoginUrl("/login.html")
放行登录相关接口和静态资源
定义登录Controller
Map<String, String> map = new HashMap<>();
map.put("/login/pc", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
配置
server:
servlet:
context-path: /mozq
# user.ini
[users]
liubei=123
添加Bean
package com.mozq.sb.shiro03.config;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.apache.shiro.mgt.SecurityManager;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
//自定义 org.apache.shiro.realm.Realm
@Bean
public IniRealm iniRealm(){
IniRealm iniRealm = new IniRealm("classpath:user.ini");
return iniRealm;
}
//定义 org.apache.shiro.mgt.SecurityManager
@Bean
public SecurityManager securityManager(Realm realm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
//定义 org.apache.shiro.spring.web.ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//过滤的路径
Map<String, String> map = new HashMap<>();
map.put("/**", "authc");
map.put("/login/pc", "anon");//放行登录相关接口
map.put("/js/jquery-3.4.1.js", "anon");//放行登录页面静态资源,不然登录页报错。
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
shiroFilterFactoryBean.setLoginUrl("/login.html");//登录页面
return shiroFilterFactoryBean;
}
}
登录页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="js/jquery-3.4.1.js"></script>
</head>
<body>
<form action="/login/pc" method="post">
<input id="username" name="username">
<input id="password" name="password">
<!-- <input type="button" value="登录"> -->
<input type="button" value="登录" onclick="login()">
</form>
<script>
var serverPath = "/mozq";
function login() {
var username = $("#username").val();
var password = $("#password").val();
console.log(username);
console.log(password);
$.ajax({//Content-Type: application/x-www-form-urlencoded; charset=UTF-8
url: serverPath + "/login/pc",
type: "post",
data: {"username": username, "password": password},
success: function (res) {
if(res === "success"){
window.location.href = "http://www.baidu.com";
}else{
alert(res);
}
}
});
}
</script>
</body>
</html>
登录Controller
package com.mozq.sb.shiro03.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/login")
public class LoginController {
@RequestMapping("/pc")
public String login(@RequestParam String username, @RequestParam String password){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
try {
subject.login(usernamePasswordToken);
} catch (AuthenticationException e) {
e.printStackTrace();
return "身份验证错误";
}
return "success";
}
}
bugs
1.
Caused by: org.apache.shiro.config.ConfigurationException: java.io.IOException: Resource [classpath: user.ini] could not be found.
原因:[classpath: user.ini] 路径中加了空格
2.
不配置登录跳转页面,则默认跳转到 http://localhost:8080/login.jsp
配置登录接口:shiroFilterFactoryBean.setLoginUrl("/login.html");//则这个接口成为放行的,即anon
如果项目路径为: localhost/mozq
则此时登录跳转到:localhost/mozq/login.html
3.
如果登录相关的其他接口不放行,则重定向到登录页面。
放行登录相关的接口:map.put("/login/pc", "anon");
如果项目路径为: localhost/mozq
则此时放行路径:localhost/mozq/login/pc
4.
org.apache.shiro.authc.UnknownAccountException: Realm [org.apache.shiro.realm.text.IniRealm@4c9f4ee9] was unable to find account data for the submitted AuthenticationToken [org.apache.shiro.authc.UsernamePasswordToken - 1, rememberMe=false].
原因:user.ini中什么都没有写。则登录验证失败。
方案:添加用户信息
[users]
liubei=123
5.
Uncaught SyntaxError: Unexpected token <
原因:shiro 将login.html的资源 jquery-3.4.1.js 拦截了,无法访问,所以报了这个错误。
方案:
放行静态资源
map.put("/js/jquery-3.4.1.js", "anon")