这篇博客适合Shiro新手,配套学习视频 B站链接
配合视频使用,这里就直接贴代码了
1、整体结构
2、pom文件
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
3、TestController
@Controller
public class TestController {
@RequestMapping(value = "/test",method = RequestMethod.GET)
public String Test(Model model){
model.addAttribute("name","张三");
return "test";
}
@RequestMapping(value = "/user/add",method = RequestMethod.GET)
public String add(Model model){
model.addAttribute("add","用户添加操作");
return "/user/add";
}
@RequestMapping(value = "/user/update",method = RequestMethod.GET)
public String update(Model model){
model.addAttribute("update","用户更新操作");
return "/user/update";
}
@RequestMapping(value = "/toLogin",method = RequestMethod.GET)
public String toLogin(Model model){
return "login";
}
@RequestMapping(value = "/unAuth",method = RequestMethod.GET)
public String unAuth(Model model){
return "unAuth";
}
//登录逻辑处理
@RequestMapping(value = "/login",method = RequestMethod.POST)
public String login(String name,String password,Model model){
/*使用shiro编写认证操作*/
//1、获取subject 认证主体
Subject subject = SecurityUtils.getSubject();
//封装用户数据
UsernamePasswordToken token = new UsernamePasswordToken(name,password);
//执行登录方法
try{
subject.login(token);
return "redirect:/test";
}catch (UnknownAccountException e){
model.addAttribute("msg","账户不存在");
return "login";
}catch (IncorrectCredentialsException e){
model.addAttribute("msg","密码不正确");
return "login";
}catch (Exception e){
model.addAttribute("msg","未知错误");
return "login";
}
}
}
4、ShiroConfig
@Configuration
public class ShiroConfig {
//ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//添加shiro内置过滤器
/*shiro内置过滤器,可以实现权限相关的过滤器
*常用过滤器:
* anon:无需认证(登录)即可访问
* authc:必须认证才可访问
* user:如果的rememberMe的功能可以直接访问
* perms:必须得到资源权限
* role:必须得到角色权限
* */
Map<String,String> filterMap = new HashMap<>();
/* filterMap.put("/add","authc");
filterMap.put("/update","authc");*/
filterMap.put("/login","anon");
filterMap.put("/test","anon");
filterMap.put("/user/add","perms[user:add]");
filterMap.put("/user/update","perms[user:update]");
filterMap.put("/user/*","authc");
//修改调整的登录界面
shiroFilterFactoryBean.setLoginUrl("/toLogin");
//添加未授权界面
shiroFilterFactoryBean.setUnauthorizedUrl("/unAuth");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
//DefaultWebSecurityManager
@Bean("defaultWebSecurityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
//Realm
@Bean("userRealm")
public UserRealm getUserRealm(){
return new UserRealm();
}
}
5、UserRealm
public class UserRealm extends AuthorizingRealm {
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermission("user:add");
//到数据库中查询当前要登录用户的授权字符串 利用principal填入的对象获得授权字符串
//Subject subject = SecurityUtils.getSubject();
//Object principal = subject.getPrincipal();
return info;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//假设数据库的用户名和密码
String name = "lisi";
String password = "1234";
//编写shiro的判断逻辑,判断用户名和密码
//1、判断用户名
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
if(!name.equals(token.getUsername())){
//用户名不存在
return null;
//底层会抛出UnknownAccountException
}
//2、判断密码
//在这里把User填入 principal
return new SimpleAuthenticationInfo("name",password,"UserRealm");
}
}
6、add.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>用户添加</title>
</head>
<body>
<h3 th:text="${add}"></h3>
</body>
</html>
7、update.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h3 th:text="${update}"></h3>
</body>
</html>
8、login.html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>登录界面</title>
</head>
<body>
<h3>登录界面</h3>
<h3 th:text="${msg}" style="color: red"></h3>
<form action="/login" method="post">
用户名:<input type="text" name="name">
密码:<input type="password" name="password">
<input type="submit" value="登录">
</form>
</body>
</html>
9、test.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>测试</title>
</head>
<body>
<h3 th:text="${name}"></h3>
<hr>
<a href="/user/add">进入用户添加界面</a><br>
<a href="/user/update">进入用户更新界面</a>
</body>
</html>
10、unAuth.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>用户未授权</title>
</head>
<body>
<h3>未授权界面</h3>
</body>
</html>