上一篇简单学习shiro的认证。这一篇主要是结合数据库来整合springboot和shiro
整体项目结构
首先我们在pom添加mybatis
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
整体pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- shiro与spring整合依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
</dependencies>
UserMapper
//@Mapper
@Repository
public interface UserMapper {
//登录
public User findByUsername(String username);
public int register(User user);
}
UserMapper.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.mapper.UserMapper">
<select id="findByUsername" parameterType="String" resultType="com.example.pojo.User" >
select username,password from t_login where username = #{value}
</select>
<!-- 添加用户 -->
<insert id="register" parameterType="com.example.pojo.User">
INSERT INTO t_login
(
username,
password
)
VALUES
(
#{username},
#{password}
)
</insert>
</mapper>
UserService
public interface UserService {
public User findByUsername(String username);
public boolean register(User user);
}
@Service
public class UserServiceImpl implements UserService {
//属性注入
@Autowired
private UserMapper usermapper;
public User findByUsername(String username){
return usermapper.findByUsername(username);
}
@Override
public boolean register(User user) {
int appregister=0;
appregister= usermapper.register(user);
// System.out.println("appregister:"+appregister);
if(appregister==0){
return false;
}
else {
return true;
}
}
}
自定义Realm类
/**
* 自定义Realm
*
*
*/
public class UserRealm extends AuthorizingRealm{
/**
* 执行授权逻辑
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
System.out.println("执行授权逻辑");
return null;
}
@Autowired
private UserService userSerivce;
/**
* 执行认证逻辑
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
System.out.println("执行认证逻辑");
//编写shiro判断逻辑,判断用户名和密码
//1.判断用户名
UsernamePasswordToken token = (UsernamePasswordToken)arg0;
User user = userSerivce.findByUsername(token.getUsername());
if(user==null){
//用户名不存在
return null;//shiro底层会抛出UnKnowAccountException
}
//2.判断密码
return new SimpleAuthenticationInfo("",user.getPassword(),"");
}
controller层
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/tologin")
public String tologin(){
return "login";
}
@RequestMapping("/registe")
public String register(){
return "registe";
}
@RequestMapping("/towelcome")
public String inwelcome(){
return "welcome";
}
/**
* 登录逻辑处理
*/
@RequestMapping("/loginsubmit")
public String login(String username,String password,Model model){
/**
* 使用Shiro编写认证操作
*/
//1.获取Subject
Subject subject = SecurityUtils.getSubject();
//2.封装用户数据
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
//3.执行登录方法
try {
subject.login(token);
//登录成功
//跳转到test.html
return "redirect:/towelcome";
} catch (UnknownAccountException e) {
//e.printStackTrace();
//登录失败:用户名不存在
model.addAttribute("msg", "用户名不存在");
return "login";
}catch (IncorrectCredentialsException e) {
//e.printStackTrace();
//登录失败:密码错误
model.addAttribute("msg", "密码错误");
return "login";
}
}
/**
* 注册逻辑处理
*/
@RequestMapping("/userRegister")
public String toregister(String username,String password,Model model)
{
User user=new User();
user.setUsername(username);
user.setPassword(password);
boolean addregister= userService.register(user);
if(addregister) {
model.addAttribute("msg", "注册成功");
}
else{
model.addAttribute("msg", "注册失败");
}
return "registe";
}
}
ExampleApplication
@MapperScan("com.example.mapper")
@SpringBootApplication
@EnableTransactionManagement//启注解事务管理,等同于xml配置方式的 <tx:annotation-driven />
public class ExampleApplication {
public static void main(String[] args) {
SpringApplication.run(ExampleApplication.class, args);
}
}
**Shiro配置类(*)**基本上跟上一篇一样,就增加了注册认证 filterMap.put("/userRegister", “anon”);
@Configuration
public class ShiroConfig {
/**
* 创建ShiroFilterFactoryBean
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
//添加Shiro内置过滤器
/**
* Shiro内置过滤器,可以实现权限相关的拦截器
* 常用的过滤器:
* anon: 无需认证(登录)可以访问
* authc: 必须认证才可以访问
* user: 如果使用rememberMe的功能可以直接访问
* perms: 该资源必须得到资源权限才可以访问
* role: 该资源必须得到角色权限才可以访问
*/
Map<String,String> filterMap = new LinkedHashMap<String,String>();
filterMap.put("/static/**", "anon");
filterMap.put("/tologin", "anon");
filterMap.put("/loginsubmit", "anon");
filterMap.put("/registe", "anon");
filterMap.put("/userRegister", "anon");
filterMap.put("/*", "authc");
//修改调整的登录页面
shiroFilterFactoryBean.setLoginUrl("/tologin");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/**
* 创建DefaultWebSecurityManager
*/
@Bean(name="securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联realm
securityManager.setRealm(userRealm);
return securityManager;
}
/**
* 创建Realm
*/
@Bean(name="userRealm")
public UserRealm getRealm(){
return new UserRealm();
}
}
好了到这里就完成与数据库的整合,下一篇会介绍shiro权限管理和加密认证的过程。
源码地址:https://gitee.com/jzzhu123456/shiroHouse_asd
下一篇:springboot结合shiro入门学习(三)
