Inscription : After learning springboot and thymeleaf, would like to complete a project to practice your hand, then use springboot + mybatis and thymeleaf complete a blog system, some problems arise during the completion of these issues are recorded as their own learning experience . In this Thanks in the main group of Tumo TyCoding project, although they too dishes, many places do not understand, but still served me well.
shiro As a small and flexible security framework for authentication and authorization in terms of simple but not simple, very easy to get started. Here is shiro integrate specific processes.
1. Add dependence
1 <!--shiro和spring整合--> 2 <dependency> 3 <groupId>org.apache.shiro</groupId> 4 <artifactId>shiro-spring</artifactId> 5 <version>1.3.2</version> 6 </dependency> 7 <!--shiro核心包--> 8 <dependency> 9 <groupId>org.apache.shiro</groupId> 10 <artifactId>shiro-core</artifactId> 11 <version>1.3.2</version> 12 </dependency>
2. Add annotations scanning and scanning entity classes in the base package springboot console
Because I really careless with the try, catch this error to wrap up, so look for one afternoon only to find the bug. If it is integrated with shiro ssm also roughly the same, but we need to add some configuration information in web.xml.
Specific processes similar.
@SpringBootApplication(scanBasePackages = "cn.zhq") @EntityScan("cn.zhq.system.entity") public class MyBlogApplication { public static void main(String[] args) { SpringApplication.run(MyBlogApplication.class); } }
3. Customize the realm domain
Personally feel that realm is equivalent to a data source, shiro to get some data from the realm, verify that the authentication and authorization of users.
3.1 usermapper Interface
@Mapper public interface UserMapper { /** According to user data queries Name * */ SysUser findByName(String username); }
3.2 Profile usermapper.xml
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > <mapper namespace="cn.zhq.system.mapper.UserMapper"> <select id="findByName" resultType="sysuser" parameterType="String"> select * from tb_user where username = #{username} </select> </mapper>
3.3 write custom realm and inherited AuthorizingRealm
Posted here only authentication method.
@Autowired private UserMapper userMapper; @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //1.获取登录的用户名密码(token) UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken; String username = upToken.getUsername(); Password String = new new String (upToken.getPassword ()); // 2. According to query the database user name SYSUSER the User = userMapper.findByName (username); // 3. determine whether there is or user password is consistent IF ! (The User = null && user.getPassword () the equals (password)) {. // 4. If the security data is consistent return // constructor: data security, password, realm domain SimpleAuthenticationInfo info = new new SimpleAuthenticationInfo (User, user.getPassword (), the this . getName ()); return info; } // 5. inconsistent, return null (thrown) return null ; }
Shiro configuration class 4. Preparation of
Security Manager 4.1
// configure a custom Realm @Bean public AuthRealm getRealm () { return new new AuthRealm (); } // configure the security manager @Bean public the SecurityManager securityManager (AuthRealm realm) { // the default security manager DefaultWebSecurityManager securityManager = new new DefaultWebSecurityManager (realm); // the customized realm security manager to unified management securityManager. setRealm (The realm); return securityManager; }
4.2 configure a filter plant
@Bean public ShiroFilterFactoryBean shiroFilter (the SecurityManager securityManager) { // 1. create a filter plant ShiroFilterFactoryBean FilterFactory = new new ShiroFilterFactoryBean (); // 2. security manager set filterFactory.setSecurityManager (securityManager); // 3. General configuration (Jump login page for authorized jump page) filterFactory.setLoginUrl ( "#"); // Jump url address filterFactory.setUnauthorizedUrl ( "#"); // unauthorized url return FilterFactory; }
5. Write controller method
@RequestMapping(value="/login") @ResponseBody public String login(String username,String password) { try{ Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken uptoken = new UsernamePasswordToken(username,password); subject.login(uptoken); return "Login successful" ; } The catch (Exception E) { return "user name or password error" ; } }
6. Log
6.1 Getting md5 encrypted password
Because the password is encrypted using Md5 way shiro provided. To avoid trouble after direct printing password encryption.
The meaning of the parameters are represented Md5Hash encrypted content | salt (encrypted string confusion) | encryption times
System.out.println(new Md5Hash("123456","zhangbo",3).toString());
You can see the use of encrypted passwords can be successful landing, but the landing using the original password is not successful, can add users specific business logic in the password is encrypted.