導(dǎo)入依賴(pom.xml)
|
1
2
3
4
5
6
7
8
9
10
11
12
|
<!--整合Shiro安全框架--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <!--集成jwt實(shí)現(xiàn)token認(rèn)證--> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.2.0</version> </dependency> |
創(chuàng)建 ShiroConfig 配置類
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
@Configurationpublic class ShiroConfig { /** * ShiroFilterFactoryBean */ @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) { ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean(); //設(shè)置安全管理器 factoryBean.setSecurityManager(defaultWebSecurityManager); // 添加shiro的內(nèi)置過濾器 /* * anon:無需認(rèn)證就可以訪問 * authc:必須認(rèn)證才能訪問 * user:必須擁有 記住我 功能才能用 * perms:擁有對(duì)某個(gè)資源的權(quán)限能訪問 * role:擁有某個(gè)角色權(quán)限能訪問 */ Map<String, String> filterMap = new LinkedHashMap<>(); // 放行不需要權(quán)限認(rèn)證的接口 //放行登錄接口 filterMap.put("/login/**", "anon"); //放行用戶接口 filterMap.put("/", "anon"); // 網(wǎng)站首頁(yè) //認(rèn)證管理員接口 filterMap.put("/administrators/**", "authc"); factoryBean.setFilterChainDefinitionMap(filterMap); // 設(shè)置無權(quán)限時(shí)跳轉(zhuǎn)的 url // 設(shè)置登錄的請(qǐng)求 factoryBean.setLoginUrl("/login/toLogin"); return factoryBean; } /** * 注入 DefaultWebSecurityManager */ @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("customRealm") CustomRealm customRealm) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //關(guān)聯(lián)CustomRealm securityManager.setRealm(customRealm); return securityManager; } /** * 注入 securityManager */ @Bean public CustomRealm customRealm() { return new CustomRealm(); }} |
創(chuàng)建密碼登錄時(shí)驗(yàn)證授權(quán) CustomRealm 類
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
@Componentpublic class CustomRealm extends AuthorizingRealm { @Autowired AdministratorsService administratorsService; /* * 設(shè)置加密方式 */ { HashedCredentialsMatcher mather = new HashedCredentialsMatcher(); // 加密方式 mather.setHashAlgorithmName("md5"); // 密碼進(jìn)行一次運(yùn)算 mather.setHashIterations(512); this.setCredentialsMatcher(mather); } /** * 授權(quán) */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("————授權(quán)————doGetAuthorizationInfo————"); return null; } /** * 認(rèn)證 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("————認(rèn)證————doGetAuthenticationInfo————"); UsernamePasswordToken userToken = (UsernamePasswordToken) token; // 連接數(shù)據(jù)庫(kù) 查詢用戶數(shù)據(jù) QueryWrapper<Administrators> wrapper = new QueryWrapper<>(); wrapper.eq("username", userToken.getUsername()); Administrators administrators = administratorsService.getOne(wrapper); if (administrators == null) { return null; // 拋出異常 UnknownAccountException } // 密碼認(rèn)證,shiro做 return new SimpleAuthenticationInfo("", administrators.getPassword(), ""); }} |
控制層用戶密碼登錄
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
//用戶名登錄 @ApiOperation(value = "管理員登錄", notes = "用戶名登錄--不進(jìn)行攔截") @PostMapping("/doLogin") public String doLogin(@RequestParam("username") String username, @RequestParam("password") String password, HttpSession session,Model model) { // 獲取當(dāng)前的用戶 Subject subject = SecurityUtils.getSubject(); // 封裝用戶的登錄數(shù)據(jù) UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { subject.login(token); //保存session會(huì)話 管理員名字 session.setAttribute("adname", username); return "admin"; } catch (UnknownAccountException e) { model.addAttribute("usererror", "用戶名錯(cuò)誤!請(qǐng)重新輸入。"); return "login"; } catch (IncorrectCredentialsException ice) { model.addAttribute("pwerror", "密碼錯(cuò)誤!請(qǐng)重新輸入。"); return "login"; } } |
到此這篇關(guān)于SpringBoot 整合 Shiro 密碼登錄的實(shí)現(xiàn)代碼的文章就介紹到這了,更多相關(guān)SpringBoot 整合 Shiro 密碼登錄內(nèi)容請(qǐng)搜索服務(wù)器之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持服務(wù)器之家!
原文鏈接:https://www.cnblogs.com/dmflysky/p/14451029.html
