1.SpringBoot-shiro登录拦截
package com.wjm.config;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
//ShiroFilterFactoryBean 3. 认证
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//关联DefaultWebSecurityManager
//设置安全管理器
bean.setSecurityManager(defaultWebSecurityManager);
bean.setLoginUrl("/login");//提供登录到url
bean.setSuccessUrl("/index");//提供登陆成功的url
//添加shiro内置过滤器
/**
* anno 无需认证就可以访问
* authc 认证了才能访问
* user 必须有记住我功能才能用
* perms 拥有对某个资源的权限才能访问
*/
Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
// filterChainDefinitionMap.put("/user/add", "user");
// filterChainDefinitionMap.put("/user/update", "user");
filterChainDefinitionMap.put("/user/*", "authc");
bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
//设置登录的请求
bean.setLoginUrl("/toLogin");
return bean;
}
/**
* @Qualifier(“实现类名称”)表明注入的是哪一个实现类的bean
*/
//DafaultWebSecurityManager 2.
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm realm) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//关联userRealm
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
//创建 Realm 对象自定义 1.
@Bean
public UserRealm userRealm() {
return new UserRealm();
}
}


2.用户认证
本来代码应该写入 Realm 自定义类中
但是为了看起来比较舒服
@RequestMapping("/login")
public String login(String username,String password,Model model) {
// 获取当前用户
Subject subject = SecurityUtils.getSubject();
// 封装用户数据
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
//执行登录方法
try {
subject.login(token);
return "index";
} catch (UnknownAccountException e) {//用户名不存在
model.addAttribute("msg","用户名不存在");
return "login";
} catch (IncorrectCredentialsException e) {//用户名不存在
model.addAttribute("msg","账号或者密码错误");
return "login";
}
}

直接在UserRealm 进行认证
package com.wjm.config;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* 自定义的 UserRealm
* 授权领域
*/
public class UserRealm extends AuthorizingRealm{
//获取授权信息
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection token) {
System.out.println("执行了=》授权doGetAuthorizationInfo");
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行了=》认证doGetAuthorizationInfo");
//数据库中 获取用户名 密码
String name = "root";
String password = "123456";
//这里直接 拿到UsernamePasswordToken
UsernamePasswordToken user = (UsernamePasswordToken)token;
if (!user.getUsername().equals(name)) {
return null; //抛出异常UnknownAccountException
}
//密码认证,shiro做,不需要我来操作
return new SimpleAuthenticationInfo("",password,"");
}
}
整合Mybatis
1.pom坐标
<!-- shiro整合spring -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<!-- mybatis -->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
<!-- druid -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.12</version>
</dependency>
2.mybatis的基本步骤
完成
该博客介绍了如何在SpringBoot应用中使用Shiro进行用户登录拦截和认证。配置了ShiroFilterFactoryBean以设置登录、成功后的URL及过滤器链,实现了DefaultWebSecurityManager与自定义UserRealm的关联,UserRealm中覆盖了认证方法doGetAuthenticationInfo进行用户身份验证。同时,提到了Mybatis的整合步骤,但未深入展开。
171

被折叠的 条评论
为什么被折叠?



