Springboot与Shiro的整合
导入pom.xml,加入Springboot和Shiro的依赖
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<!-- 继承Spring Boot的默认父工程 -->
<!-- Spring Boot 父工程 -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.6.RELEASE</version>
</parent>
<groupId>com.liuxing</groupId>
<artifactId>springboot-shiro</artifactId>
<version>0.0.1-SNAPSHOT</version>
<!-- 导入依赖 -->
<dependencies>
<!-- 导入web支持:SpringMVC开发支持,Servlet相关的程序 -->
<!-- web支持,SpringMVC, Servlet支持等 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- 导入thymeleaf依赖 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!-- shiro与spring整合依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
</dependencies>
<!-- 修改参数 -->
<properties>
<!-- 修改JDK的编译版本为1.8 -->
<java.version>1.8</java.version>
<!-- 修改thymeleaf的版本 -->
<thymeleaf.version>3.0.2.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.0.4</thymeleaf-layout-dialect.version>
</properties>
</project>
编写Springboot启动类
package com.liuxing.springbootshiro;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class,args);
}
}
编写Controller
package com.liuxing.springbootshiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SpringbootController {
@RequestMapping(value = "/hello")
@ResponseBody
public String hello(Model model) {
// model.addAttribute("hello","good boy");
return "good boy";
}
@RequestMapping(value = "/testThemeleaf")
public String thymeleaf(Model model) {
model.addAttribute("hello", "helloworld");
return "test";
}
@RequestMapping("/add")
public String add() {
return "user/add";
}
@RequestMapping(value = "/toLogin")
public String toLogin() {
return "login";
}
@RequestMapping("/update")
public String update() {
return "user/update";
}
@RequestMapping("/login")
public String login(String username, String password, Model model) {
System.out.println("username:"+username);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
subject.login(token);
return "redirect:/testThemeleaf";
} catch (UnknownAccountException e) {
model.addAttribute("msg", "用户名不存在");
return "/login";
} catch (IncorrectCredentialsException e) {
model.addAttribute("msg", "密码错误");
return "/login";
}
}
}
编写Shiro配置类
package com.liuxing.springbootshiro;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
/**
*
* 创建ShiroFilterBean
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterManager(@Qualifier("securityManager")DefaultWebSecurityManager dwsm){
ShiroFilterFactoryBean sffb=new ShiroFilterFactoryBean();
//设置安全管理器
sffb.setSecurityManager(dwsm);
//添加shiro内置过滤器
/**
* shiro内置过滤器,可以实现权限的相关拦截
* 常用过滤器:
* anon:无需认证可以访问
* authc:必须认证才可以访问
* user:如果使用remeberMe功能可以直接访问
* perms:该资源必须得到资源权限才可以访问
* role:改资源必须得到角色权限才可以访问
*/
Map<String,String> filterMap=new LinkedHashMap<String,String>();
/*filterMap.put("/add","authc");
filterMap.put("/update", "authc");*/
filterMap.put("/*", "anon");
filterMap.put("/login", "anon");
sffb.setFilterChainDefinitionMap(filterMap);
sffb.setLoginUrl("/toLogin");
return sffb;
}
/**
* 创建DefaultWebSecurityManager
* 要关联一个realm
*/
@Bean(name="securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
DefaultWebSecurityManager dwsm=new DefaultWebSecurityManager();
dwsm.setRealm(userRealm);
return dwsm;
}
/**
* 创建Realm
* @Bean:方法返回的对象交给spring管理
*/
@Bean(name="userRealm")
public UserRealm getRealm(){
return new UserRealm();
}
}
自定义Realm
package com.liuxing.springbootshiro;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class UserRealm extends AuthorizingRealm{
/**
* 执行授权逻辑
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// TODO Auto-generated method stub
return null;
}
/**
* 执行认证逻辑
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行认证逻辑");
String username="tom";
String password="jack";
UsernamePasswordToken upt=(UsernamePasswordToken) token;
if(!username.equals(upt.getUsername())){
return null;//会返回一个UnknowAccountException
}
return new SimpleAuthenticationInfo("",password,"");
}
}
声明:该文观点仅代表作者本人,牛骨文系教育信息发布平台,牛骨文仅提供信息存储空间服务。