springboot整合shiro实现登录验证授权的过程解析
作者:灰太狼_cxh
这篇文章主要介绍了springboot整合shiro实现登录验证授权,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下
springboot整合shiro实现登录验证授权,内容如下所示:
1.添加依赖:
<!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.7.1</version> </dependency>
2.yml配置:
#配置服务端口 server: port: 8080 servlet: encoding: charset: utf-8 enabled: true force: true context-path: /cxh/ spring: #配置数据源 datasource: driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/cxh_mall_service?characterEncoding=utf-8&useSSL=false username: root password: 123456 #配置页面 mvc: view: prefix: /WEB-INF/page/ suffix: .jsp #配置上传文件大小 servlet: multipart: max-file-size: 10MB #配置Mybatis mybatis: config-location: classpath:mybatis/mybatis-config.xml mapper-locations: classpath:mybatis/mapper/*.xml type-aliases-package: com.cxh.mall.entity
3.shiro配置:
import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; @Configuration public class ShiroConfig { @Bean @ConditionalOnMissingBean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator(); defaultAAP.setProxyTargetClass(true); return defaultAAP; } //凭证匹配器, 密码校验交给Shiro的SimpleAuthenticationInfo进行处理 public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5");//散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2);//散列的次数; return hashedCredentialsMatcher; //将自己的验证方式加入容器 public LoginRealm myShiroRealm() { LoginRealm loginRealm = new LoginRealm(); //加入密码管理 loginRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return loginRealm; //权限管理,配置主要是Realm的管理认证 public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); return securityManager; //Filter工厂,设置对应的过滤条件和跳转条件 public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map<String, String> map = new HashMap<>(); //登出 map.put("/logout", "logout"); //登录 map.put("/loginSubmit", "anon"); //静态文件包 map.put("/res/**", "anon"); //对所有用户认证 map.put("/**", "authc"); shiroFilterFactoryBean.setLoginUrl("/login"); //首页 shiroFilterFactoryBean.setSuccessUrl("/index"); //错误页面,认证不通过跳转 shiroFilterFactoryBean.setUnauthorizedUrl("/error"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; }
4.shiro登录验证授权:
import com.cxh.mall.entity.SysUser; import com.cxh.mall.service.SysMenuService; import com.cxh.mall.service.SysRoleService; import com.cxh.mall.service.SysUserService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.crypto.hash.SimpleHash; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.util.StringUtils; import java.util.HashSet; import java.util.Set; public class LoginRealm extends AuthorizingRealm { @Autowired @Lazy private SysUserService sysUserService; private SysRoleService sysRoleService; private SysMenuService sysMenuService; /** * 授权 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) { String username = (String) arg0.getPrimaryPrincipal(); SysUser sysUser = sysUserService.getUserByName(username); // 角色列表 Set<String> roles = new HashSet<String>(); // 功能列表 Set<String> menus = new HashSet<String>(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); roles = sysRoleService.listByUser(sysUser.getId()); menus = sysMenuService.listByUser(sysUser.getId()); // 角色加入AuthorizationInfo认证对象 info.setRoles(roles); // 权限加入AuthorizationInfo认证对象 info.setStringPermissions(menus); return info; } * 登录认证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { if (StringUtils.isEmpty(authenticationToken.getPrincipal())) { return null; } //获取用户信息 String username = authenticationToken.getPrincipal().toString(); if (username == null || username.length() == 0) { SysUser user = sysUserService.getUserByName(username); if (user == null) throw new UnknownAccountException(); //未知账号 //判断账号是否被锁定,状态(0:禁用;1:锁定;2:启用) if(user.getStatus() == 0) throw new DisabledAccountException(); //帐号禁用 if (user.getStatus() == 1) throw new LockedAccountException(); //帐号锁定 //盐 String salt = "123456"; //验证 SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( username, //用户名 user.getPassword(), //密码 ByteSource.Util.bytes(salt), //盐 getName() //realm name ); return authenticationInfo; public static void main(String[] args) { String originalPassword = "123456"; //原始密码 String hashAlgorithmName = "MD5"; //加密方式 int hashIterations = 2; //加密的次数 //加密 SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, originalPassword, salt, hashIterations); String encryptionPassword = simpleHash.toString(); //输出加密密码 System.out.println(encryptionPassword); }
5.登录控制器:
import lombok.extern.slf4j.Slf4j; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @Controller @Slf4j public class LoginController { /** * 登录页面 */ @GetMapping(value={"/", "/login"}) public String login(){ return "admin/loginPage"; } * 登录操作 @RequestMapping("/loginSubmit") public String login(String username, String password, ModelMap modelMap) { //参数验证 if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { modelMap.addAttribute("message", "账号密码必填!"); return "admin/loginPage"; } //账号密码令牌 AuthenticationToken token = new UsernamePasswordToken(username, password); //获得当前用户到登录对象,现在状态为未认证 Subject subject = SecurityUtils.getSubject(); try //将令牌传到shiro提供的login方法验证,需要自定义realm subject.login(token); //没有异常表示验证成功,进入首页 return "admin/homePage"; catch (IncorrectCredentialsException ice) modelMap.addAttribute("message", "用户名或密码不正确!"); catch (UnknownAccountException uae) modelMap.addAttribute("message", "未知账户!"); catch (LockedAccountException lae) modelMap.addAttribute("message", "账户被锁定!"); catch (DisabledAccountException dae) modelMap.addAttribute("message", "账户被禁用!"); catch (ExcessiveAttemptsException eae) modelMap.addAttribute("message", "用户名或密码错误次数太多!"); catch (AuthenticationException ae) modelMap.addAttribute("message", "验证未通过!"); catch (Exception e) //返回登录页 * 登出操作 @RequestMapping("/logout") public String logout() //登出清除缓存 subject.logout(); return "redirect:/login"; }
6.前端登录页面:
<div> <div><p>cxh电商平台管理后台</p></div> <div> <form name="loginForm" method="post" action="/cxh/loginSubmit" onsubmit="return SubmitLogin()" autocomplete="off"> <input type="text" name="username" placeholder="用户名"/> <input type="password" name="password" placeholder="密码" autocomplete="on"> <span>${message}</span> <input type="submit" value="登录"/> </form> </div> </div>
//提交登录 function SubmitLogin() { //判断用户名是否为空 if (!loginForm.username.value) { alert("请输入用户姓名!"); loginForm.username.focus(); return false; } //判断密码是否为空 if (!loginForm.password.value) { alert("请输入登录密码!"); loginForm.password.focus(); return false; } return true; }
到此这篇关于springboot整合shiro实现登录验证授权的文章就介绍到这了,更多相关springboot整合shiro登录验证内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!