手机扫码查看
shiro依赖
<!--shiro-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.8.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.4.0</version>
</dependency>
数据库设计
drop database if exists springboot_shiro;
create database if not exists springboot_shiro;
use springboot_shiro;
create table shiro_user(
id int auto_increment primary key ,
username varchar(50),
password varchar(50),
salt varchar(50)
)charset=utf8;
shiro 框架相关的配置类
@Configuration
public class ShiRoConfig {
// 1. 创建 shiro filter // 负责拦截所有请求
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager dwm){
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
// 给 filter 设置安全管理器
factoryBean.setSecurityManager(dwm);
// 配置系统受限资源
// 配置系统公共资源
Map<String,String> map=new HashMap<String,String>();
map.put("/server/login","anon");// anon 设置为公共资源
map.put("/server/reg","anon");// anon 设置为公共资源
map.put("/","anon");// anon 设置为公共资源
map.put("/admin/*","authc");// authc 请求这个资源需要认证和授权
// 未登录跳转登录页面
factoryBean.setLoginUrl("/server/login");
factoryBean.setFilterChainDefinitionMap(map);
return factoryBean;
}
// 2. 创建安全管理器
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){
DefaultWebSecurityManager webSecurityManager = new DefaultWebSecurityManager();
// 给安全管理器设置 realm
webSecurityManager.setRealm(realm);
return webSecurityManager;
}
// 3. 创建自定义realm
@Bean
public Realm getRealm(){
CustomerRealm customerRealm = new CustomerRealm();
// 修改凭证效验匹配器
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
// 设置加密算法为MD5
matcher.setHashAlgorithmName("sha-256");
// 设置三列次数
matcher.setHashIterations(10000);
// true=hex格式,FALSE=base64格式
matcher.setStoredCredentialsHexEncoded(false);
// 将密文比对器 注册在 realm 中
customerRealm.setCredentialsMatcher(matcher);
return customerRealm;
}
}
创建user对象实体类
mapper
@Select("select*from shiro_user where username=#{username}")
ShiroUser queryShiroUsername(String username);
在entity包下创建CustomerRealm实体类
// 自定义 realm
public class CustomerRealm extends AuthorizingRealm {
@Autowired
private SqlSession ss;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 获取身份信息
String principal = (String) principalCollection.getPrimaryPrincipal();
System.out.println("调用授权验证:"+principal);
// 根据主身份信息获取角色 和 权限信息
if("admin".equals(principal)){
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRole("admin");
info.addRole("user");
info.addStringPermission("user:add");
return info;
}
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("================");
// 获取身份信息
String principal = (String) token.getPrincipal();
ShiroUserMapper mapper = ss.getMapper(ShiroUserMapper.class);
ShiroUser user = mapper.queryShiroUsername(principal);
if(!ObjectUtils.isEmpty(user)){
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(),
user.getPassword(), ByteSource.Util.bytes(user.getSalt()), this.getName());
return info;
}
return null;
}
}
控制层
// 注册服务
@PostMapping("/reg")
public String reg(ShiroUser user){
ShiroUserMapper mapper = ss.getMapper(ShiroUserMapper.class);
// 加密
String salt = UUID.randomUUID().toString();
String pass = new Sha256Hash(user.getPassword(),salt,10000).toBase64();
// 设置盐
user.setSalt(salt);
// 设置密文
user.setPassword(pass);
try {
int insert=mapper.insertSelective(user);
if (insert!=1) {
log.error("[注册失败] user={}",user);
throw new RuntimeException("[注册失败]");
}
return "redirect:/server/login";
} catch (Exception e) {
e.printStackTrace();
return "public/reg";
}
}
// 登录服务
@PostMapping("/login")
public String login(String username,String password){
// 获取主体对象
Subject subject = SecurityUtils.getSubject();
try{
subject.login(new UsernamePasswordToken(username,password));
return "redirect:/";
}catch (UnknownAccountException e){
e.printStackTrace();
System.out.println("用户名错误");
}catch (IncorrectCredentialsException e){
e.printStackTrace();
System.out.println("密码错误");
}
return "redirect:/server/login";
}
首页
<shiro:guest>
<a href="/server/login">登录</a>
</shiro:guest>
<shiro:authenticated>
<a href="/server/logout">退出</a>
</shiro:authenticated>
<div>
<ul>用户管理
<shiro:hasPermission name="user:add">
<li>添加用户</li>
</shiro:hasPermission>
<shiro:hasPermission name="user:update">
<li>修改用户</li>
</shiro:hasPermission>
<shiro:hasPermission name="user:query">
<li>查询用户</li>
</shiro:hasPermission>
<shiro:hasPermission name="user:delete">
<li>删除用户</li>
</shiro:hasPermission>
</ul>
</div>
订单控制层
@Controller
@RequestMapping("/order")
public class OrderControllers {
@RequestMapping("/save")
@RequiresRoles(value = {"admin","user"}) // 用来判断角色,同时具有的角色
@RequiresPermissions("user:add") // 用来判断权限字符串
public String save(){
System.out.println("进入方法");
return "redirect:/";
}
}
- 本页地址 http://www.evshou.com/?p=3323
- 上一篇 <<文件上传
- 下一篇 >>java编写微信支付
发表评论