牛骨文教育服务平台(让学习变的简单)
博文笔记

Springboot与Shiro的整合

创建时间:2018-10-26 投稿人: 浏览次数:582

导入pom.xml,加入Springboot和Shiro的依赖

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<!-- 继承Spring Boot的默认父工程 -->
	<!-- Spring Boot 父工程 -->
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>1.5.6.RELEASE</version>
	</parent>

	<groupId>com.liuxing</groupId>
	<artifactId>springboot-shiro</artifactId>
	<version>0.0.1-SNAPSHOT</version>

	<!-- 导入依赖 -->
	<dependencies>
		<!-- 导入web支持:SpringMVC开发支持,Servlet相关的程序 -->
		<!-- web支持,SpringMVC, Servlet支持等 -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<!-- 导入thymeleaf依赖 -->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<!-- shiro与spring整合依赖 -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>1.4.0</version>
		</dependency>
	</dependencies>
	<!-- 修改参数 -->
	<properties>
		<!-- 修改JDK的编译版本为1.8 -->
		<java.version>1.8</java.version>
		<!-- 修改thymeleaf的版本 -->
		<thymeleaf.version>3.0.2.RELEASE</thymeleaf.version>
		<thymeleaf-layout-dialect.version>2.0.4</thymeleaf-layout-dialect.version>
	</properties>
</project>

编写Springboot启动类

package com.liuxing.springbootshiro;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {
	public static void main(String[] args) {
		SpringApplication.run(Application.class,args);
	}
}

编写Controller

package com.liuxing.springbootshiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class SpringbootController {
	@RequestMapping(value = "/hello")
	@ResponseBody
	public String hello(Model model) {
		// model.addAttribute("hello","good boy");
		return "good boy";
	}

	@RequestMapping(value = "/testThemeleaf")
	public String thymeleaf(Model model) {
		model.addAttribute("hello", "helloworld");
		return "test";
	}

	@RequestMapping("/add")
	public String add() {
		return "user/add";
	}

	@RequestMapping(value = "/toLogin")
	public String toLogin() {
		return "login";
	}

	@RequestMapping("/update")
	public String update() {
		return "user/update";
	}
	@RequestMapping("/login")
	public String login(String username, String password, Model model) {
		System.out.println("username:"+username);
		Subject subject = SecurityUtils.getSubject();
		UsernamePasswordToken token = new UsernamePasswordToken(username, password);
		try {
			subject.login(token);
			return "redirect:/testThemeleaf";
		} catch (UnknownAccountException e) {
			model.addAttribute("msg", "用户名不存在");
			return "/login";

		} catch (IncorrectCredentialsException e) {
			model.addAttribute("msg", "密码错误");
			return "/login";
		}
	}
}

编写Shiro配置类

package com.liuxing.springbootshiro;

import java.util.LinkedHashMap;
import java.util.Map;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig {
	/**
	 * 
	 * 创建ShiroFilterBean
	 */
	@Bean
	public ShiroFilterFactoryBean getShiroFilterManager(@Qualifier("securityManager")DefaultWebSecurityManager dwsm){
		ShiroFilterFactoryBean sffb=new ShiroFilterFactoryBean();
		//设置安全管理器
		sffb.setSecurityManager(dwsm);
		//添加shiro内置过滤器
		/**
		 * shiro内置过滤器,可以实现权限的相关拦截
		 * 常用过滤器:
		 * anon:无需认证可以访问
		 * authc:必须认证才可以访问
		 * user:如果使用remeberMe功能可以直接访问
		 * perms:该资源必须得到资源权限才可以访问
		 * role:改资源必须得到角色权限才可以访问
		 */
		Map<String,String> filterMap=new LinkedHashMap<String,String>();
		/*filterMap.put("/add","authc");
		filterMap.put("/update", "authc");*/
		filterMap.put("/*", "anon");
		filterMap.put("/login", "anon");
		sffb.setFilterChainDefinitionMap(filterMap);
		sffb.setLoginUrl("/toLogin");
		return sffb;
	}
	/**
	 * 创建DefaultWebSecurityManager
	 * 要关联一个realm
	 */
	@Bean(name="securityManager")
	public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
		DefaultWebSecurityManager dwsm=new DefaultWebSecurityManager();
		dwsm.setRealm(userRealm);
		return dwsm;
	}

	/**
	 * 创建Realm
	 * @Bean:方法返回的对象交给spring管理
	 */
	@Bean(name="userRealm")
	public UserRealm getRealm(){
		return new UserRealm();
	}
}

自定义Realm

package com.liuxing.springbootshiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class UserRealm extends AuthorizingRealm{
	/**
	 * 执行授权逻辑
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		return null;
	}
	/**
	 * 执行认证逻辑
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		System.out.println("执行认证逻辑");
		String username="tom";
		String password="jack";
		UsernamePasswordToken upt=(UsernamePasswordToken) token;
		if(!username.equals(upt.getUsername())){
			return null;//会返回一个UnknowAccountException
		}
		return new SimpleAuthenticationInfo("",password,"");
	}

}
声明:该文观点仅代表作者本人,牛骨文系教育信息发布平台,牛骨文仅提供信息存储空间服务。
未上传头像

热门文章
CTF writeup 2_南邮网络攻防训...
SSM框架——详细整合教程(...
Linux Shell脚本编程--curl命...
HttpClient使用详解
Java面试题全集(上)
JAVA设计模式之单例模式
java.lang.OutOfMemoryError: PermGen ...
TCP协议中的三次握手和四次...
form表单的两种提交方式,su...
String,StringBuffer与StringBuilder...
最新文章
Java之品优购课程讲义_day20(7)
剑指 Offer - 8:跳台阶
Netty权威指南_札记02_NIO编程
mysql时间属性之时间戳和datetime之...
虚拟现实或许可以拯救古埃及的“...
spring cloud服务注册中心eureka---集群...
Java SE 第六章
HTTP请求+数据库
HIDL学习笔记之HIDL C++(第二天)
ubuntu系统下指定tomcat运行时为JDK1.8...
copyright © 2008-2019 亿联网络 版权所有 备案号:粤ICP备14031511号-2