springboot整合shiro实现登录验证授权的过程解析
这篇文章主要介绍了springboot整合shiro实现登录验证授权,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下
springboot整合shiro实现登录验证授权,内容如下所示:
1.添加依赖:
1 2 3 4 5 6 | <!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version> 1.7 . 1 </version> </dependency> |
2.yml配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | #配置服务端口 server: port: 8080 servlet: encoding: charset: utf- 8 enabled: true force: true context-path: /cxh/ spring: #配置数据源 datasource: driver- class -name: com.mysql.cj.jdbc.Driver url: jdbc:mysql: //localhost:3306/cxh_mall_service?characterEncoding=utf-8&useSSL=false username: root password: 123456 #配置页面 mvc: view: prefix: /WEB-INF/page/ suffix: .jsp #配置上传文件大小 servlet: multipart: max-file-size: 10MB #配置Mybatis mybatis: config-location: classpath:mybatis/mybatis-config.xml mapper-locations: classpath:mybatis/mapper/*.xml type-aliases- package : com.cxh.mall.entity |
3.shiro配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; @Configuration public class ShiroConfig { @Bean @ConditionalOnMissingBean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator(); defaultAAP.setProxyTargetClass( true ); return defaultAAP; } //凭证匹配器, 密码校验交给Shiro的SimpleAuthenticationInfo进行处理 public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName( "MD5" ); //散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations( 2 ); //散列的次数; return hashedCredentialsMatcher; //将自己的验证方式加入容器 public LoginRealm myShiroRealm() { LoginRealm loginRealm = new LoginRealm(); //加入密码管理 loginRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return loginRealm; //权限管理,配置主要是Realm的管理认证 public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); return securityManager; //Filter工厂,设置对应的过滤条件和跳转条件 public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map<String, String> map = new HashMap<>(); //登出 map.put( "/logout" , "logout" ); //登录 map.put( "/loginSubmit" , "anon" ); //静态文件包 map.put( "/res/**" , "anon" ); //对所有用户认证 map.put( "/**" , "authc" ); shiroFilterFactoryBean.setLoginUrl( "/login" ); //首页 shiroFilterFactoryBean.setSuccessUrl( "/index" ); //错误页面,认证不通过跳转 shiroFilterFactoryBean.setUnauthorizedUrl( "/error" ); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } |
4.shiro登录验证授权:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | import com.cxh.mall.entity.SysUser; import com.cxh.mall.service.SysMenuService; import com.cxh.mall.service.SysRoleService; import com.cxh.mall.service.SysUserService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.crypto.hash.SimpleHash; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.util.StringUtils; import java.util.HashSet; import java.util.Set; public class LoginRealm extends AuthorizingRealm { @Autowired @Lazy private SysUserService sysUserService; private SysRoleService sysRoleService; private SysMenuService sysMenuService; /** * 授权 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) { String username = (String) arg0.getPrimaryPrincipal(); SysUser sysUser = sysUserService.getUserByName(username); // 角色列表 Set<String> roles = new HashSet<String>(); // 功能列表 Set<String> menus = new HashSet<String>(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); roles = sysRoleService.listByUser(sysUser.getId()); menus = sysMenuService.listByUser(sysUser.getId()); // 角色加入AuthorizationInfo认证对象 info.setRoles(roles); // 权限加入AuthorizationInfo认证对象 info.setStringPermissions(menus); return info; } * 登录认证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { if (StringUtils.isEmpty(authenticationToken.getPrincipal())) { return null ; } //获取用户信息 String username = authenticationToken.getPrincipal().toString(); if (username == null || username.length() == 0 ) { SysUser user = sysUserService.getUserByName(username); if (user == null ) throw new UnknownAccountException(); //未知账号 //判断账号是否被锁定,状态(0:禁用;1:锁定;2:启用) if (user.getStatus() == 0 ) throw new DisabledAccountException(); //帐号禁用 if (user.getStatus() == 1 ) throw new LockedAccountException(); //帐号锁定 //盐 String salt = "123456" ; //验证 SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( username, //用户名 user.getPassword(), //密码 ByteSource.Util.bytes(salt), //盐 getName() //realm name ); return authenticationInfo; public static void main(String[] args) { String originalPassword = "123456" ; //原始密码 String hashAlgorithmName = "MD5" ; //加密方式 int hashIterations = 2 ; //加密的次数 //加密 SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, originalPassword, salt, hashIterations); String encryptionPassword = simpleHash.toString(); //输出加密密码 System.out.println(encryptionPassword); } |
5.登录控制器:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | import lombok.extern.slf4j.Slf4j; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @Controller @Slf4j public class LoginController { /** * 登录页面 */ @GetMapping (value={ "/" , "/login" }) public String login(){ return "admin/loginPage" ; } * 登录操作 @RequestMapping ( "/loginSubmit" ) public String login(String username, String password, ModelMap modelMap) { //参数验证 if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { modelMap.addAttribute( "message" , "账号密码必填!" ); return "admin/loginPage" ; } //账号密码令牌 AuthenticationToken token = new UsernamePasswordToken(username, password); //获得当前用户到登录对象,现在状态为未认证 Subject subject = SecurityUtils.getSubject(); try //将令牌传到shiro提供的login方法验证,需要自定义realm subject.login(token); //没有异常表示验证成功,进入首页 return "admin/homePage" ; catch (IncorrectCredentialsException ice) modelMap.addAttribute( "message" , "用户名或密码不正确!" ); catch (UnknownAccountException uae) modelMap.addAttribute( "message" , "未知账户!" ); catch (LockedAccountException lae) modelMap.addAttribute( "message" , "账户被锁定!" ); catch (DisabledAccountException dae) modelMap.addAttribute( "message" , "账户被禁用!" ); catch (ExcessiveAttemptsException eae) modelMap.addAttribute( "message" , "用户名或密码错误次数太多!" ); catch (AuthenticationException ae) modelMap.addAttribute( "message" , "验证未通过!" ); catch (Exception e) //返回登录页 * 登出操作 @RequestMapping ( "/logout" ) public String logout() //登出清除缓存 subject.logout(); return "redirect:/login" ; } |
6.前端登录页面:
1 2 3 4 5 6 7 8 9 10 11 | < div > < div >< p >cxh电商平台管理后台</ p ></ div > < div > < form name = "loginForm" method = "post" action = "/cxh/loginSubmit" onsubmit = "return SubmitLogin()" autocomplete = "off" > < input type = "text" name = "username" placeholder = "用户名" /> < input type = "password" name = "password" placeholder = "密码" autocomplete = "on" > < span >${message}</ span > < input type = "submit" value = "登录" /> </ form > </ div > </ div > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | //提交登录 function SubmitLogin() { //判断用户名是否为空 if (!loginForm.username.value) { alert( "请输入用户姓名!" ); loginForm.username.focus(); return false ; } //判断密码是否为空 if (!loginForm.password.value) { alert( "请输入登录密码!" ); loginForm.password.focus(); return false ; } return true ; } |
到此这篇关于springboot整合shiro实现登录验证授权的文章就介绍到这了
原文链接:https://blog.51cto.com/u_13321676/4968530