shiro简单使用

1、导入依赖

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring-boot-web-starter</artifactId>
    <version>1.9.1</version>
</dependency>

2、建立配置类

ShiroConfig:

package cn.laoyao.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    //ShiroFilterFactoryBean

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Autowired DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);

        //添加shiro的内置过滤器
        /*
            anon:  无需认证就可以访问
            authc:  必须认证 了才能访问

            user:  必须拥有 记住我 功能才能用

            perms:  拥有对某个资源的权限才能访问
            role:  拥有某个角色权限才能访问
        */

        //拦截

        Map<String, String> filterMap = new LinkedHashMap<>();

        //权限拦截  要写在authc上面,不然无效
        filterMap.put("/user/add","perms[user:add]");


        //认证拦截  必须认证才能访问的地址
//        filterMap.put("/user/add","authc");
//        filterMap.put("/user/update","authc");

        filterMap.put("/user/*","authc");


        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);

        //设置登录页,拦截后会自动跳转
        shiroFilterFactoryBean.setLoginUrl("/toLogin");

        //设置未授权跳转
        shiroFilterFactoryBean.setUnauthorizedUrl("/noAut");

        return shiroFilterFactoryBean;
    }

    //DefaultWebSecurityManager
    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager(@Autowired UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联realm
        securityManager.setRealm(userRealm);
        return securityManager;
    }


    //创建 realm 对象,需自定义类
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }
}

UserRealm:

package cn.laoyao.config;

import cn.laoyao.pojo.User;
import cn.laoyao.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

import javax.annotation.Resource;

public class UserRealm extends AuthorizingRealm {

    @Resource
    UserService userService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("shouquan");
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        //拿到当前登录的user对象  获取的是doGetAuthenticationInfo返回的user
        Subject subject = SecurityUtils.getSubject();
        User user = (User) subject.getPrincipal();
        //设置权限 info.addStringPermission()
        info.addStringPermission(user.getPerms());
        return info;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("renzheng");

        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;

        //查询用户
        User user = userService.queryUserByName(token.getUsername());

        if(user == null){
            return null;  //抛出异常  UnknownAccountException
        }

        //密码认证
        return new SimpleAuthenticationInfo(user,user.getPwd(),"");
    }
}

controller:

package cn.laoyao.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class MyController {
    @RequestMapping({"/","/index"})
    public String method(){
        return "index";
    }

    @RequestMapping("/user/add")
    public String add(){
        return "user/add";
    }

    @RequestMapping("/user/update")
    public String update(){
        return "user/update";
    }

    @RequestMapping("/toLogin")
    public String toLogin(){
        return "login";
    }

    @RequestMapping("/login")
    public String login(String username, String password, Model model){
        //获取当前用户
        Subject subject = SecurityUtils.getSubject();
        //封装用户数据
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);

        try {
            subject.login(token);
            return "index";
            } catch (UnknownAccountException e) { //用户名不存在
            model.addAttribute("msg","用户名不存在");
            return "login";
        }catch (IncorrectCredentialsException e){//密码错误
            model.addAttribute("msg","密码错误");
            return "login";
        }
    }

    @RequestMapping("/noAut")
    @ResponseBody
    public String unAuthorised(){
        return "未授权";
    }
}
posted @ 2022-08-10 23:29  z-laoyao  阅读(41)  评论(0编辑  收藏  举报