springboot shiro 基本整合

springboot shiro 基本整合

https://www.w3cschool.cn/shiro/c52r1iff.html
http://shiro.apache.org/configuration.html#Configuration-ProgrammaticConfiguration

步骤

依赖和配置

定义 org.apache.shiro.realm.Realm 使用 IniRealm

定义 org.apache.shiro.mgt.SecurityManager

定义 org.apache.shiro.spring.web.ShiroFilterFactoryBean

指定登录页面 shiroFilterFactoryBean.setLoginUrl("/login.html")

放行登录相关接口和静态资源

定义登录Controller

Map<String, String> map = new HashMap<>();
map.put("/login/pc", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);

依赖

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.4.0</version>
</dependency>

配置

server:
  servlet:
    context-path: /mozq

# user.ini
[users]
liubei=123

添加Bean

package com.mozq.sb.shiro03.config;

import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.apache.shiro.mgt.SecurityManager;

import java.util.HashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    //自定义 org.apache.shiro.realm.Realm
    @Bean
    public IniRealm iniRealm(){
        IniRealm iniRealm = new IniRealm("classpath:user.ini");
        return iniRealm;
    }
    //定义 org.apache.shiro.mgt.SecurityManager
    @Bean
    public SecurityManager securityManager(Realm realm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm);
        return securityManager;
    }

    //定义 org.apache.shiro.spring.web.ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //过滤的路径
        Map<String, String> map = new HashMap<>();
        map.put("/**", "authc");
        map.put("/login/pc", "anon");//放行登录相关接口
        map.put("/js/jquery-3.4.1.js", "anon");//放行登录页面静态资源，不然登录页报错。

        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        shiroFilterFactoryBean.setLoginUrl("/login.html");//登录页面
        return shiroFilterFactoryBean;
    }
}

登录页面

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
    <script src="js/jquery-3.4.1.js"></script>
</head>
<body>
    <form action="/login/pc" method="post">
        <input id="username" name="username">
        <input id="password" name="password">
<!--        <input type="button" value="登录"> -->
        <input type="button" value="登录" onclick="login()">
    </form>
<script>
    var serverPath = "/mozq";
    function login() {
        var username = $("#username").val();
        var password = $("#password").val();
        console.log(username);
        console.log(password);
        $.ajax({//Content-Type: application/x-www-form-urlencoded; charset=UTF-8
            url: serverPath + "/login/pc",
            type: "post",
            data: {"username": username, "password": password},
            success: function (res) {
                if(res === "success"){
                    window.location.href = "http://www.baidu.com";
                }else{
                    alert(res);
                }
            }
        });
    }
</script>
</body>
</html>

登录Controller

package com.mozq.sb.shiro03.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;


@RestController
@RequestMapping("/login")
public class LoginController {
    @RequestMapping("/pc")
    public String login(@RequestParam String username, @RequestParam String password){
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
        try {
            subject.login(usernamePasswordToken);
        } catch (AuthenticationException e) {
            e.printStackTrace();
            return "身份验证错误";
        }
        return "success";
    }
}

bugs

1.
Caused by: org.apache.shiro.config.ConfigurationException: java.io.IOException: Resource [classpath: user.ini] could not be found.
原因：[classpath: user.ini] 路径中加了空格

2.
不配置登录跳转页面，则默认跳转到 http://localhost:8080/login.jsp
配置登录接口：shiroFilterFactoryBean.setLoginUrl("/login.html");//则这个接口成为放行的，即anon
如果项目路径为： localhost/mozq
则此时登录跳转到：localhost/mozq/login.html

3.
如果登录相关的其他接口不放行，则重定向到登录页面。
放行登录相关的接口：map.put("/login/pc", "anon");
如果项目路径为： localhost/mozq
则此时放行路径：localhost/mozq/login/pc

4.
org.apache.shiro.authc.UnknownAccountException: Realm [org.apache.shiro.realm.text.IniRealm@4c9f4ee9] was unable to find account data for the submitted AuthenticationToken [org.apache.shiro.authc.UsernamePasswordToken - 1, rememberMe=false].
原因：user.ini中什么都没有写。则登录验证失败。
方案：添加用户信息
    [users]
    liubei=123

5.
Uncaught SyntaxError: Unexpected token <
原因：shiro 将login.html的资源 jquery-3.4.1.js 拦截了，无法访问，所以报了这个错误。
方案：
	放行静态资源
	map.put("/js/jquery-3.4.1.js", "anon")