springboot整合shiro身份验证简易版
一、项目结构:
二、pom结构:
shiro库:
模板:
三、shiro配置:
1. shiro自定义授权,重写父类:
package com.shiro.example.shirodemo.config;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Service;
@Service
public class ShiroRealm extends AuthorizingRealm {
private static final String[] users={"wangyao","123","456"};
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
SimpleAuthenticationInfo simpleAuthenticationInfo = null;
//UsernamePasswordToken对象用来存放提交的登录信息
UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;
System.out.print("name:"+token.getUsername()+">>pwd:"+token.getPassword()+">>host:"+token.getHost());
boolean success=false;
for (int i=0;i<users.length;i++){
if(users[i].equals(token.getUsername())){
success=true;
break;
}
}
if(success){
simpleAuthenticationInfo = new SimpleAuthenticationInfo(token.getUsername(), // 用户账号
token.getUsername(), // 密码
getName()// realm name
);
}else{
return null;
}
return simpleAuthenticationInfo;
}
}
2.shiro配置:
package com.shiro.example.shirodemo.config;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
//加载shiroFilter权限控制规则(从数据库读取然后配置)
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager());
shiroFilterFactoryBean.setLoginUrl("/home/login");
shiroFilterFactoryBean.setSuccessUrl("/home/index");
// authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter
// anon:它对应的过滤器里面是空的,什么都没做
filterChainDefinitionMap.put("/home/detail", "authc");//需要验证才能访问
filterChainDefinitionMap.put("/**", "anon");//不拦截,它对应的过滤器里是空的,什么都没做
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* 权限管理
* @return
*/
@Bean(name = "securityManager")
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(shiroRealm());
return defaultWebSecurityManager;
}
/**
* 注册shiro权限
* @return
*/
@Bean(name = "shiroRealm")
public ShiroRealm shiroRealm() {
return new ShiroRealm();
}
/**
* 保证实现了Shiro内部lifecycle函数的bean执行 (生命周期)
* @return
*/
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
四、控制器:
package com.shiro.example.shirodemo.controller;
import org.apache.catalina.servlet4preview.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@org.springframework.stereotype.Controller
@RequestMapping("/home")
public class Controller {
@RequestMapping("/login")
public String login(){
return "login";
}
@RequestMapping("/detail")
public String detail(){
return "index";
}
@RequestMapping(value="/index",method = RequestMethod.POST)
@ResponseBody
public String index(HttpServletRequest request){
String userNo = request.getParameter("name");
String password =request.getParameter("password");
UsernamePasswordToken token = new UsernamePasswordToken(userNo, password, "login");
Subject currentUser = SecurityUtils.getSubject();
try {
System.out.print("对用户[" + userNo + "]进行登录验证..验证开始");
currentUser.login(token);
if (currentUser.isAuthenticated()) {
System.out.print("用户[" + userNo + "]登录认证通过(这里可以进行一些认证通过后的一些系统参数初始化操作)");
currentUser.getSession().setAttribute("userName", userNo);
currentUser.getSession().setAttribute("userNo", userNo);
}
System.out.print("对用户[" + userNo + "]进行登录验证..验证通过");
return "验证通过";
} catch (UnknownAccountException uae) {
System.out.print("对用户[" + userNo + "]进行登录验证..验证未通过,未知账户");
//info.success = false;
//info.err.mess = "未知账户";
return "未知账户";
} catch (IncorrectCredentialsException ice) {
System.out.print("对用户[" + userNo + "]进行登录验证..验证未通过,错误的凭证");
return "密码不正确";
} catch (LockedAccountException lae) {
System.out.print("对用户[" + userNo + "]进行登录验证..验证未通过,账户已锁定");
return "账户已锁定";
} catch (ExcessiveAttemptsException eae) {
System.out.print("对用户[" + userNo + "]进行登录验证..验证未通过,错误次数过多");
return "用户名或密码错误次数过多";
} catch (AuthenticationException ae) {
// 通过处理Shiro的运行时AuthenticationException就可以控制用户登录失败或密码错误时的情景
System.out.print("对用户[" + userNo + "]进行登录验证..验证未通过,堆栈轨迹如下");
ae.printStackTrace();
return "用户名或者密码错误";
}
}
}
五、启动类:
package com.shiro.example.shirodemo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class ShirodemoApplication {
public static void main(String[] args) {
SpringApplication.run(ShirodemoApplication.class, args);
}
}
六、登录:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Title</title>
</head>
<body>
<div>
用户:<input type="text" id="name"/>
密码:<input type="password" id="password"/>
<input type="button" onclick="tijiao();" value="提交"/>
</div>
</body>
<script type="text/javascript" src="/js/jquery-3.2.1.js"></script>
<script>
$(function(){
alert(123);
});
function tijiao() {
var data={};
data.name=$("#name").val();
data.password=$("#password").val();
$.ajax({
type:"POST",
url:"/home/index",
data:data,
success:function (res) {
if(res=="验证通过"){
window.location.href="/home/detail";
}
alert(123);
},
error:function (){
alert(456);
}
});
}
</script>
</html>
七、跳转页面:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Title</title>
</head>
<body>
<h2>欢迎来到!</h2>
</body>
</html>
浙公网安备 33010602011771号