Spring Boot学习篇(十二)
shiro安全框架使用篇(四)
2 在主页显示用户登录状态、用户信息和完成默认注销(不改shiro原来的配置)操作
2.1 变更SysUserController类
2.1.1 在SysUserController类中注入sysUserMapper
@Autowired
SysUserMapper sysUserMapper;
2.1.2 在SysUserController类中的login()方法下面需要增加的代码
SysUser users = sysUserMapper.findUserByUsername(username);
session.setAttribute("users", users);
2.1.3 变更后的SysUserController类的完整代码如下所示
package com.zlz.controller;
import com.zlz.entity.SysUser;
import com.zlz.mapper.SysUserMapper;
import com.zlz.service.ISysUserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.stereotype.Controller;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import javax.servlet.http.HttpSession;
@Controller
@RequestMapping("/sysUser")
public class SysUserController {
@Autowired
SysUserMapper sysUserMapper;
@RequestMapping("login")
public String login(String username, String password, RedirectAttributes ra, HttpSession session){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken(username,password);
try {
subject.login(token);
SysUser users = sysUserMapper.findUserByUsername(username);
session.setAttribute("users", users);
return "index";
} catch (UnknownAccountException e) {
ra.addFlashAttribute("msg", "用户名错误");
} catch (LockedAccountException e) {
ra.addFlashAttribute("msg", "该用户被锁定,请联系管理员解锁");
} catch (IncorrectCredentialsException e) {
ra.addFlashAttribute("msg", "密码错误");
}
return "redirect:/";
}
@RequestMapping("tologin")
public String tologin(){
return "login";
}
@RequestMapping("unlogin")
public String unlogin(RedirectAttributes ra){
ra.addFlashAttribute("msg","请先登录");
return "redirect:/sysUser/tologin";
}
}
2.2 变更index.html页面
2.2.1 增加的代码如下所示
<div th:if="${session.users!=null}">
已登录 用户名:<span th:text="${session.users.username}"></span>
<a href="/zhuxiao">注销</a>
</div>
<div th:if="${session.users==null}">未登录</div>
2.2.2 变更后的index.html页面的完整代码如下所示
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>这是主页!!!!</h1>
<div th:if="${session.users!=null}">
已登录 用户名:<span th:text="${session.users.username}"></span>
<a href="/zhuxiao">注销</a>
</div>
<div th:if="${session.users==null}">未登录</div>
<a href="/product/find">查询商品</a>
<a href="/product/insert">添加商品</a>
<a href="/product/update">修改商品</a>
<a href="/product/delete">删除商品</a>
</body>
</html>
2.3 变更ShiroConfig类
2.3.1 增加的部分
map.put("/zhuxiao", "logout");
2.3.2 变更后完整的ShiroConfig类代码如下所示
package com.zlz.config;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
@Bean
public DefaultWebSecurityManager securityManager(){
DefaultWebSecurityManager dws=new DefaultWebSecurityManager();
dws.setRealm(mysqlRealm());
dws.setSessionManager(new DefaultWebSessionManager());
return dws;
}
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean factoryBean(){
ShiroFilterFactoryBean sffb=new ShiroFilterFactoryBean();
sffb.setSecurityManager(securityManager());
sffb.setLoginUrl("/sysUser/unlogin");
Map<String,String> map=new LinkedHashMap<>();
map.put("/zhuxiao", "logout");
map.put("/product/find", "anon");
map.put("/product/*", "user");
sffb.setFilterChainDefinitionMap(map);
return sffb;
}
@Bean
public MysqlRealm mysqlRealm(){
MysqlRealm mysqlRealm=new MysqlRealm();
HashedCredentialsMatcher hsm = new HashedCredentialsMatcher();
hsm.setHashAlgorithmName("sha-256");
hsm.setHashIterations(100);
mysqlRealm.setCredentialsMatcher(hsm);
return mysqlRealm;
}
}
2.4 测试
2.4.1 当访问localhost:8080时进入如下界面,此时页面显示未登录

2.4.2 当用户点击添加链接,进入登录界面并成功登录后,此时页面显示已登录和登录的用户名
a 点击添加链接后,进入登录界面

b 登录成功后进入如下所示的界面

2.4.3 点击注销按钮,会退回到默认访问界面(localhost:8080)
