本篇文章为大家展示了springboot如何整合shiro实现登录验证授权的过程解析,内容简明扼要并且容易理解,绝对能使你眼前一亮,通过这篇文章的详细介绍希望你能有所收获。
springboot整合shiro实现登录验证授权,内容如下所示:
<!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.1</version> </dependency>
#配置服务端口 server: port: 8080 servlet: encoding: charset: utf-8 enabled: true force: true context-path: /cxh/ spring: #配置数据源 datasource: driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/cxh_mall_service?characterEncoding=utf-8&useSSL=false username: root password: 123456 #配置页面 mvc: view: prefix: /WEB-INF/page/ suffix: .jsp #配置上传文件大小 servlet: multipart: max-file-size: 10MB #配置Mybatis mybatis: config-location: classpath:mybatis/mybatis-config.xml mapper-locations: classpath:mybatis/mapper/*.xml type-aliases-package: com.cxh.mall.entity
import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; @Configuration public class ShiroConfig { @Bean @ConditionalOnMissingBean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator(); defaultAAP.setProxyTargetClass(true); return defaultAAP; } //凭证匹配器, 密码校验交给Shiro的SimpleAuthenticationInfo进行处理 public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5");//散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);//散列的次数; return hashedCredentialsMatcher; //将自己的验证方式加入容器 public LoginRealm myShiroRealm() { LoginRealm loginRealm = new LoginRealm(); //加入密码管理 loginRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return loginRealm; //权限管理,配置主要是Realm的管理认证 public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); return securityManager; //Filter工厂,设置对应的过滤条件和跳转条件 public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map<String, String> map = new HashMap<>(); //登出 map.put("/logout", "logout"); //登录 map.put("/loginSubmit", "anon"); //静态文件包 map.put("/res/**", "anon"); //对所有用户认证 map.put("/**", "authc"); shiroFilterFactoryBean.setLoginUrl("/login"); //首页 shiroFilterFactoryBean.setSuccessUrl("/index"); //错误页面,认证不通过跳转 shiroFilterFactoryBean.setUnauthorizedUrl("/error"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; }
import com.cxh.mall.entity.SysUser; import com.cxh.mall.service.SysMenuService; import com.cxh.mall.service.SysRoleService; import com.cxh.mall.service.SysUserService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.crypto.hash.SimpleHash; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.util.StringUtils; import java.util.HashSet; import java.util.Set; public class LoginRealm extends AuthorizingRealm { @Autowired @Lazy private SysUserService sysUserService; private SysRoleService sysRoleService; private SysMenuService sysMenuService; /** * 授权 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) { String username = (String) arg0.getPrimaryPrincipal(); SysUser sysUser = sysUserService.getUserByName(username); // 角色列表 Set<String> roles = new HashSet<String>(); // 功能列表 Set<String> menus = new HashSet<String>(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); roles = sysRoleService.listByUser(sysUser.getId()); menus = sysMenuService.listByUser(sysUser.getId()); // 角色加入AuthorizationInfo认证对象 info.setRoles(roles); // 权限加入AuthorizationInfo认证对象 info.setStringPermissions(menus); return info; } * 登录认证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { if (StringUtils.isEmpty(authenticationToken.getPrincipal())) { return null; } //获取用户信息 String username = authenticationToken.getPrincipal().toString(); if (username == null || username.length() == 0) { SysUser user = sysUserService.getUserByName(username); if (user == null) throw new UnknownAccountException(); //未知账号 //判断账号是否被锁定,状态(0:禁用;1:锁定;2:启用) if(user.getStatus() == 0) throw new DisabledAccountException(); //帐号禁用 if (user.getStatus() == 1) throw new LockedAccountException(); //帐号锁定 //盐 String salt = "123456"; //验证 SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( username, //用户名 user.getPassword(), //密码 ByteSource.Util.bytes(salt), //盐 getName() //realm name ); return authenticationInfo; public static void main(String[] args) { String originalPassword = "123456"; //原始密码 String hashAlgorithmName = "MD5"; //加密方式 int hashIterations = 2; //加密的次数 //加密 SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, originalPassword, salt, hashIterations); String encryptionPassword = simpleHash.toString(); //输出加密密码 System.out.println(encryptionPassword); }
import lombok.extern.slf4j.Slf4j; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @Controller @Slf4j public class LoginController { /** * 登录页面 */ @GetMapping(value={"/", "/login"}) public String login(){ return "admin/loginPage"; } * 登录操作 @RequestMapping("/loginSubmit") public String login(String username, String password, ModelMap modelMap) { //参数验证 if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { modelMap.addAttribute("message", "账号密码必填!"); return "admin/loginPage"; } //账号密码令牌 AuthenticationToken token = new UsernamePasswordToken(username, password); //获得当前用户到登录对象,现在状态为未认证 Subject subject = SecurityUtils.getSubject(); try //将令牌传到shiro提供的login方法验证,需要自定义realm subject.login(token); //没有异常表示验证成功,进入首页 return "admin/homePage"; catch (IncorrectCredentialsException ice) modelMap.addAttribute("message", "用户名或密码不正确!"); catch (UnknownAccountException uae) modelMap.addAttribute("message", "未知账户!"); catch (LockedAccountException lae) modelMap.addAttribute("message", "账户被锁定!"); catch (DisabledAccountException dae) modelMap.addAttribute("message", "账户被禁用!"); catch (ExcessiveAttemptsException eae) modelMap.addAttribute("message", "用户名或密码错误次数太多!"); catch (AuthenticationException ae) modelMap.addAttribute("message", "验证未通过!"); catch (Exception e) //返回登录页 * 登出操作 @RequestMapping("/logout") public String logout() //登出清除缓存 subject.logout(); return "redirect:/login"; }
<div> <div><p>cxh电商平台管理后台</p></div> <div> <form name="loginForm" method="post" action="/cxh/loginSubmit" onsubmit="return SubmitLogin()" autocomplete="off"> <input type="text" name="username" placeholder="用户名"/> <input type="password" name="password" placeholder="密码" autocomplete="on"> <span>${message}</span> <input type="submit" value="登录"/> </form> </div> </div>
//提交登录 function SubmitLogin() { //判断用户名是否为空 if (!loginForm.username.value) { alert("请输入用户姓名!"); loginForm.username.focus(); return false; } //判断密码是否为空 if (!loginForm.password.value) { alert("请输入登录密码!"); loginForm.password.focus(); return false; } return true; }
上述内容就是springboot如何整合shiro实现登录验证授权的过程解析,你们学到知识或技能了吗?如果还想学到更多技能或者丰富自己的知识储备,欢迎关注亿速云行业资讯频道。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。