SpringBoot 2.0 整合shiro1.4 手记


---spring boot2.0 整合 shiro1.4 手记----------------

1.---pom.xml添加依赖----------------------------------

<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>

2.---建立ShiroConfig类--------------------------------

2.1.建立shiroFilter Bean--->设置securityManager并且把请求规则加入Filter过滤链中

@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){

ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();

bean.setSecurityManager(securityManager);

Map<String,String> filterMap=new LinkedHashMap<>();

filterMap.put("/news","perms[news]");

filterMap.put("/admin","roles[admin]");

filterMap.put("/index","anon");

filterMap.put("/**","authc");


bean.setFilterChainDefinitionMap(filterMap);

bean.setLoginUrl("/login");

bean.setSuccessUrl("/news");

bean.setUnauthorizedUrl("/unauth");

return bean;
}

2.2.//给SecurityManager设置需要管理的Realm,可以有多个Realm

@Bean
public SecurityManager securityManager(){

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

securityManager.setRealm(new MyRealm());

return securityManager;
}

3.---实现自定义Realm重写登录验证方法和授权访问方法--------------------------------------------

public class MyRealm extends AuthorizingRealm {


@Override //登录认证处理方法
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken;

UserDao userDao=new UserDao();

SysUser user=new SysUser();

if(!token.getUsername().equals("")){

user =(SysUser) userDao.findByName(token.getUsername());
}

if(!user.getUsername().equals(token.getUsername())){

return null;
}
else {

SimpleAuthenticationInfo simpleAuthenticationInfo=new SimpleAuthenticationInfo(
user.getUsername(), //这个参数是给login回传的信息。不是类对象什么的。
user.getPassword(),
getName());
return simpleAuthenticationInfo;
}


}

@Override //权限验证处理方法
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

// 这个值是认证方法中的SimpleAuthenticationInfo对象的第一个参数的值即user.getUsername()
String username=(String) principalCollection.getPrimaryPrincipal();

System.out.print(username+">>>执行了授权方法\n");

SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();

simpleAuthorizationInfo.addRole("admin"); //可以根据username查询数据库改用户所有角色,可以根据username查询数据库改用户所有资源权限


simpleAuthorizationInfo.addStringPermission("news");

return simpleAuthorizationInfo;
}
}


4.---controller中实现------------------------------------------------------------

@RequestMapping(value = "/login",method = RequestMethod.POST)
@ResponseBody
public String login(@RequestBody SysUser sysUser){

String name=sysUser.getUsername();
String pwd=sysUser.getPassword();
//包装用户名和密码以备后边其他类使用
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(name,pwd);

Subject subject = SecurityUtils.getSubject();

//shiro通过try catch 捕获异常判断login过程中的各种状况。
try {

subject.login(usernamePasswordToken);

return "news2";
}
catch (UnknownAccountException e){

return "账户不正确";
}
catch (IncorrectCredentialsException e){

return "密码不正确";
}
catch (Exception e){
System.out.print(e.toString()+"\n");
return e.toString();
}

}

 

参考:https://www.cnblogs.com/boonya/p/7521754.html

posted @ 2018-05-08 15:02  阿强是小兵  阅读(4587)  评论(2编辑  收藏  举报