shiro use - integrate spring

shiro use - integrate spring

1. Import related configuration

       <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.9.1</version>
        </dependency>

2. The custom Realm class inherits AuthorizingRealm and overrides the corresponding method

1. Get user identity information
2. Call the business layer to obtain user information (database)
3. Non-empty judgment, encapsulate the data and return

@Component
public class MyRealm extends AuthorizingRealm {
    
    

    @Autowired
    private UserMapper userMapper;


//    授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    
    
        return null;
    }
//  登录
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    
    
    //1 获取用户身份信息
        String name = authenticationToken.getPrincipal().toString();
	//2 调用业务层获取用户信息 (数据库)
        User user = userMapper.selectById(name);
	//3 非空判断，将数据封装返回
        if (user != null){
    
    
            SimpleAuthenticationInfo sai = new SimpleAuthenticationInfo(
            name, user.getPassword(), ByteSource.Util.bytes("salt"), MyRealm.class.getName()
            );
            return sai;
        }
        return null;
    }
}

3. Write shiro configuration class

Configure securityManager

1. Create a defaultWebSecurityManager object
2. Create a spanning object and set related attributes
   2.1 Use md5 encryption
   2.2 Iterative encryption times
3. Store the plus object in myRealm
4. Save myRealm as an AdefaultWebSecurityManager object
5. return

Configure shiro's built-in filter interception range

1. authentication required
2. no authentication required

@Configuration
public class shiroConfig {
    
    

    @Autowired
    private MyRealm myRealm;

    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager() {
    
    
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        hashedCredentialsMatcher.setHashIterations(3);
        myRealm.setCredentialsMatcher(hashedCredentialsMatcher);
        defaultWebSecurityManager.setRealm(myRealm);
        ThreadContext.bind(defaultWebSecurityManager);
        return defaultWebSecurityManager;

    }
    //配置shiro内置过滤器拦截范围
    @Bean
    public DefaultShiroFilterChainDefinition shiroFilterChainDefinition(){
    
    
        DefaultShiroFilterChainDefinition defaultShiroFilterChainDefinition = new DefaultShiroFilterChainDefinition();
//        需要认证
        defaultShiroFilterChainDefinition.addPathDefinition("/login","anon");
        defaultShiroFilterChainDefinition.addPathDefinition("/user","anon");
//        不需要认证
        defaultShiroFilterChainDefinition.addPathDefinition("/**","authc");

        return defaultShiroFilterChainDefinition;
    }

}

4. Go back to the business layer and verify the login through the subject.login() method

	 Subject subject = SecurityUtils.getSubject();
        AuthenticationToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());
        try {
    
    
            subject.login(token);
        }catch (Exception e){
    
    
            e.printStackTrace();
            return ComResult.error("登录失败");
        }
        return ComResult.success("登录成功");