shiro使用——整合spring

shiro使用——整合spring

1. 引入相关配置

       <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.9.1</version>
        </dependency>

2. 自定义Realm类 继承AuthorizingRealm 并重写相对应的方法

1. 获取用户身份信息
2. 调用业务层获取用户信息 (数据库)
3. 非空判断，将数据封装返回

@Component
public class MyRealm extends AuthorizingRealm {
    
    

    @Autowired
    private UserMapper userMapper;


//    授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    
    
        return null;
    }
//  登录
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    
    
    //1 获取用户身份信息
        String name = authenticationToken.getPrincipal().toString();
	//2 调用业务层获取用户信息 (数据库)
        User user = userMapper.selectById(name);
	//3 非空判断，将数据封装返回
        if (user != null){
    
    
            SimpleAuthenticationInfo sai = new SimpleAuthenticationInfo(
            name, user.getPassword(), ByteSource.Util.bytes("salt"), MyRealm.class.getName()
            );
            return sai;
        }
        return null;
    }
}

3. 编写shiro配置类

配置securityManager

1. 创建defaultWebSecurityManager 对象
2. 创建加跨对象，设置相关属性
   2.1采用md5加密
   2.2 迭代加密次数
3. 将加对象存储到myRealm中
4. 将myRealm存AdefaultWebSecurityManager 对象
5. 返回

配置shiro内置过滤器拦截范围

1. 需要认证
2. 不需要认证

@Configuration
public class shiroConfig {
    
    

    @Autowired
    private MyRealm myRealm;

    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager() {
    
    
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        hashedCredentialsMatcher.setHashIterations(3);
        myRealm.setCredentialsMatcher(hashedCredentialsMatcher);
        defaultWebSecurityManager.setRealm(myRealm);
        ThreadContext.bind(defaultWebSecurityManager);
        return defaultWebSecurityManager;

    }
    //配置shiro内置过滤器拦截范围
    @Bean
    public DefaultShiroFilterChainDefinition shiroFilterChainDefinition(){
    
    
        DefaultShiroFilterChainDefinition defaultShiroFilterChainDefinition = new DefaultShiroFilterChainDefinition();
//        需要认证
        defaultShiroFilterChainDefinition.addPathDefinition("/login","anon");
        defaultShiroFilterChainDefinition.addPathDefinition("/user","anon");
//        不需要认证
        defaultShiroFilterChainDefinition.addPathDefinition("/**","authc");

        return defaultShiroFilterChainDefinition;
    }

}

4. 回到业务层通过subject.login()方法验证登录

	 Subject subject = SecurityUtils.getSubject();
        AuthenticationToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());
        try {
    
    
            subject.login(token);
        }catch (Exception e){
    
    
            e.printStackTrace();
            return ComResult.error("登录失败");
        }
        return ComResult.success("登录成功");