springboot整合shiro实现登录验证授权的过程解析
更新时间:2022年01月26日 09:33:18 作者:灰太狼_cxh
这篇文章主要介绍了springboot整合shiro实现登录验证授权,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下
springboot整合shiro实现登录验证授权,内容如下所示:
1.添加依赖:
<!-- shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.1</version>
</dependency>2.yml配置:
#配置服务端口
server:
port: 8080
servlet:
encoding:
charset: utf-8
enabled: true
force: true
context-path: /cxh/
spring:
#配置数据源
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/cxh_mall_service?characterEncoding=utf-8&useSSL=false
username: root
password: 123456
#配置页面
mvc:
view:
prefix: /WEB-INF/page/
suffix: .jsp
#配置上传文件大小
servlet:
multipart:
max-file-size: 10MB
#配置Mybatis
mybatis:
config-location: classpath:mybatis/mybatis-config.xml
mapper-locations: classpath:mybatis/mapper/*.xml
type-aliases-package: com.cxh.mall.entity3.shiro配置:
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
@ConditionalOnMissingBean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
//凭证匹配器, 密码校验交给Shiro的SimpleAuthenticationInfo进行处理
public HashedCredentialsMatcher hashedCredentialsMatcher() {
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("MD5");//散列算法:这里使用MD5算法;
hashedCredentialsMatcher.setHashIterations(2);//散列的次数;
return hashedCredentialsMatcher;
//将自己的验证方式加入容器
public LoginRealm myShiroRealm() {
LoginRealm loginRealm = new LoginRealm();
//加入密码管理
loginRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return loginRealm;
//权限管理,配置主要是Realm的管理认证
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
//Filter工厂,设置对应的过滤条件和跳转条件
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map<String, String> map = new HashMap<>();
//登出
map.put("/logout", "logout");
//登录
map.put("/loginSubmit", "anon");
//静态文件包
map.put("/res/**", "anon");
//对所有用户认证
map.put("/**", "authc");
shiroFilterFactoryBean.setLoginUrl("/login");
//首页
shiroFilterFactoryBean.setSuccessUrl("/index");
//错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
return shiroFilterFactoryBean;
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}4.shiro登录验证授权:
import com.cxh.mall.entity.SysUser;
import com.cxh.mall.service.SysMenuService;
import com.cxh.mall.service.SysRoleService;
import com.cxh.mall.service.SysUserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.util.StringUtils;
import java.util.HashSet;
import java.util.Set;
public class LoginRealm extends AuthorizingRealm {
@Autowired
@Lazy
private SysUserService sysUserService;
private SysRoleService sysRoleService;
private SysMenuService sysMenuService;
/**
* 授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
String username = (String) arg0.getPrimaryPrincipal();
SysUser sysUser = sysUserService.getUserByName(username);
// 角色列表
Set<String> roles = new HashSet<String>();
// 功能列表
Set<String> menus = new HashSet<String>();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
roles = sysRoleService.listByUser(sysUser.getId());
menus = sysMenuService.listByUser(sysUser.getId());
// 角色加入AuthorizationInfo认证对象
info.setRoles(roles);
// 权限加入AuthorizationInfo认证对象
info.setStringPermissions(menus);
return info;
}
* 登录认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
if (StringUtils.isEmpty(authenticationToken.getPrincipal())) {
return null;
}
//获取用户信息
String username = authenticationToken.getPrincipal().toString();
if (username == null || username.length() == 0)
{
SysUser user = sysUserService.getUserByName(username);
if (user == null)
throw new UnknownAccountException(); //未知账号
//判断账号是否被锁定,状态(0:禁用;1:锁定;2:启用)
if(user.getStatus() == 0)
throw new DisabledAccountException(); //帐号禁用
if (user.getStatus() == 1)
throw new LockedAccountException(); //帐号锁定
//盐
String salt = "123456";
//验证
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
username, //用户名
user.getPassword(), //密码
ByteSource.Util.bytes(salt), //盐
getName() //realm name
);
return authenticationInfo;
public static void main(String[] args) {
String originalPassword = "123456"; //原始密码
String hashAlgorithmName = "MD5"; //加密方式
int hashIterations = 2; //加密的次数
//加密
SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, originalPassword, salt, hashIterations);
String encryptionPassword = simpleHash.toString();
//输出加密密码
System.out.println(encryptionPassword);
}5.登录控制器:
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
@Controller
@Slf4j
public class LoginController {
/**
* 登录页面
*/
@GetMapping(value={"/", "/login"})
public String login(){
return "admin/loginPage";
}
* 登录操作
@RequestMapping("/loginSubmit")
public String login(String username, String password, ModelMap modelMap)
{
//参数验证
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password))
{
modelMap.addAttribute("message", "账号密码必填!");
return "admin/loginPage";
}
//账号密码令牌
AuthenticationToken token = new UsernamePasswordToken(username, password);
//获得当前用户到登录对象,现在状态为未认证
Subject subject = SecurityUtils.getSubject();
try
//将令牌传到shiro提供的login方法验证,需要自定义realm
subject.login(token);
//没有异常表示验证成功,进入首页
return "admin/homePage";
catch (IncorrectCredentialsException ice)
modelMap.addAttribute("message", "用户名或密码不正确!");
catch (UnknownAccountException uae)
modelMap.addAttribute("message", "未知账户!");
catch (LockedAccountException lae)
modelMap.addAttribute("message", "账户被锁定!");
catch (DisabledAccountException dae)
modelMap.addAttribute("message", "账户被禁用!");
catch (ExcessiveAttemptsException eae)
modelMap.addAttribute("message", "用户名或密码错误次数太多!");
catch (AuthenticationException ae)
modelMap.addAttribute("message", "验证未通过!");
catch (Exception e)
//返回登录页
* 登出操作
@RequestMapping("/logout")
public String logout()
//登出清除缓存
subject.logout();
return "redirect:/login";
}6.前端登录页面:
<div>
<div><p>cxh电商平台管理后台</p></div>
<div>
<form name="loginForm" method="post" action="/cxh/loginSubmit" onsubmit="return SubmitLogin()" autocomplete="off">
<input type="text" name="username" placeholder="用户名"/>
<input type="password" name="password" placeholder="密码" autocomplete="on">
<span>${message}</span>
<input type="submit" value="登录"/>
</form>
</div>
</div>//提交登录
function SubmitLogin() {
//判断用户名是否为空
if (!loginForm.username.value) {
alert("请输入用户姓名!");
loginForm.username.focus();
return false;
}
//判断密码是否为空
if (!loginForm.password.value) {
alert("请输入登录密码!");
loginForm.password.focus();
return false;
}
return true;
}到此这篇关于springboot整合shiro实现登录验证授权的文章就介绍到这了,更多相关springboot整合shiro登录验证内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!
相关文章
在Java中,队列是一种常用的数据结构,用于存储和管理元素。Java提供了Queue接口和其实现类,包括LinkedList和ArrayDeque等。队列的基本操作包括入队(enqueue)、出队(dequeue)、获取队首元素(peek)和判断队列是否为空(isEmpty)。2023-09-09
这篇文章主要为大家推荐了15道非常经典的Java面试题,附详细答案,具有一定的参考价值,感兴趣的小伙伴们可以参考一下2016-10-10
网络编程是指编写运行在多个设备(计算机)的程序,这些设备都通过网络连接起来。本文介绍了一些网络编程基础的概念,并用Java来实现TCP和UDP的Socket的编程,来让读者更好的了解其原理2021-06-06
这篇文章主要介绍了浅谈Java 三种方式实现接口校验,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧2017-10-10
这篇文章主要介绍了Java语言面向对象编程思想之类与对象实例详解,还是十分不错的,这里给大家分享下,需要的朋友可以参考,希望能帮到你2021-07-07
本文主要介绍了Java实现两个随机数组合并进行排序的方法,文中通过示例代码介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们可以参考一下2021-09-09
这篇文章主要介绍了Java中for循环的执行过程,实例分析了for循环的执行原理与顺序,对于深入理解Java具有一定参考借鉴价值,需要的朋友可以参考下2015-02-02
这篇文章主要介绍了IntelliJ IDEA将导入的项目转成maven项目,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧2020-09-09
这篇文章主要给大家介绍了关于Java单例模式推荐的几种模式,文中通过示例代码介绍的非常详细,对大家学习或者使用Java具有一定的参考学习价值,需要的朋友们下面来一起学习学习吧2021-06-06
本篇文章主要介绍了详解Spring Boot下Druid连接池的使用配置分析,具有一定的参考价值,感兴趣的小伙伴们可以参考一下2017-06-06
最新评论