springboot整合shiro实现登录验证授权的过程解析

springboot整合shiro实现登录验证授权,内容如下所示:
1.添加依赖:

org.apache.shiroshiro-spring1.7.1

2.yml配置:
#配置服务端口server:port: 8080servlet:encoding:charset: utf-8enabled: trueforce: truecontext-path: /cxh/spring:#配置数据源datasource:driver-class-name: com.mysql.cj.jdbc.Driverurl: jdbc:mysql://localhost:3306/cxh_mall_service?characterEncoding=utf-8&useSSL=falseusername: rootpassword: 123456#配置页面mvc:view:prefix: /WEB-INF/page/suffix: .jsp#配置上传文件大小servlet:multipart:max-file-size: 10MB#配置Mybatismybatis:config-location: classpath:mybatis/mybatis-config.xmlmapper-locations: classpath:mybatis/mapper/*.xmltype-aliases-package: com.cxh.mall.entity

3.shiro配置:
import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; @Configurationpublic class ShiroConfig {@Bean@ConditionalOnMissingBeanpublic DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator(); defaultAAP.setProxyTargetClass(true); return defaultAAP; }//凭证匹配器, 密码校验交给Shiro的SimpleAuthenticationInfo进行处理public HashedCredentialsMatcher hashedCredentialsMatcher() {HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("MD5"); //散列算法:这里使用MD5算法; hashedCredentialsMatcher.setHashIterations(2); //散列的次数; return hashedCredentialsMatcher; //将自己的验证方式加入容器public LoginRealm myShiroRealm() {LoginRealm loginRealm = new LoginRealm(); //加入密码管理loginRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return loginRealm; //权限管理,配置主要是Realm的管理认证public SecurityManager securityManager() {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); return securityManager; //Filter工厂,设置对应的过滤条件和跳转条件public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map map = new HashMap<>(); //登出map.put("/logout", "logout"); //登录map.put("/loginSubmit", "anon"); //静态文件包map.put("/res/**", "anon"); //对所有用户认证map.put("/**", "authc"); shiroFilterFactoryBean.setLoginUrl("/login"); //首页shiroFilterFactoryBean.setSuccessUrl("/index"); //错误页面,认证不通过跳转shiroFilterFactoryBean.setUnauthorizedUrl("/error"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; }

4.shiro登录验证授权:
import com.cxh.mall.entity.SysUser; import com.cxh.mall.service.SysMenuService; import com.cxh.mall.service.SysRoleService; import com.cxh.mall.service.SysUserService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.crypto.hash.SimpleHash; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.util.StringUtils; import java.util.HashSet; import java.util.Set; public class LoginRealm extends AuthorizingRealm {@Autowired@Lazyprivate SysUserService sysUserService; private SysRoleService sysRoleService; private SysMenuService sysMenuService; /*** 授权*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {String username = (String) arg0.getPrimaryPrincipal(); SysUser sysUser = sysUserService.getUserByName(username); // 角色列表Set roles = new HashSet(); // 功能列表Set menus = new HashSet(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); roles = sysRoleService.listByUser(sysUser.getId()); menus = sysMenuService.listByUser(sysUser.getId()); // 角色加入AuthorizationInfo认证对象info.setRoles(roles); // 权限加入AuthorizationInfo认证对象info.setStringPermissions(menus); return info; }* 登录认证protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {if (StringUtils.isEmpty(authenticationToken.getPrincipal())) {return null; }//获取用户信息String username = authenticationToken.getPrincipal().toString(); if (username == null || username.length() == 0){SysUser user = sysUserService.getUserByName(username); if (user == null)throw new UnknownAccountException(); //未知账号//判断账号是否被锁定,状态(0:禁用;1:锁定;2:启用)if(user.getStatus() == 0)throw new DisabledAccountException(); //帐号禁用if (user.getStatus() == 1)throw new LockedAccountException(); //帐号锁定//盐String salt = "123456"; //验证SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(username, //用户名user.getPassword(), //密码ByteSource.Util.bytes(salt), //盐getName() //realm name); return authenticationInfo; public static void main(String[] args) {String originalPassword = "123456"; //原始密码String hashAlgorithmName = "MD5"; //加密方式int hashIterations = 2; //加密的次数//加密SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, originalPassword, salt, hashIterations); String encryptionPassword = simpleHash.toString(); //输出加密密码System.out.println(encryptionPassword); }

5.登录控制器:
import lombok.extern.slf4j.Slf4j; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.*; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @Controller@Slf4jpublic class LoginController {/*** 登录页面*/@GetMapping(value=https://www.it610.com/article/{"/", "/login"})public String login(){return "admin/loginPage"; }* 登录操作@RequestMapping("/loginSubmit")public String login(String username, String password, ModelMap modelMap){//参数验证if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)){modelMap.addAttribute("message", "账号密码必填!"); return "admin/loginPage"; }//账号密码令牌AuthenticationToken token = new UsernamePasswordToken(username, password); //获得当前用户到登录对象,现在状态为未认证Subject subject = SecurityUtils.getSubject(); try//将令牌传到shiro提供的login方法验证,需要自定义realmsubject.login(token); //没有异常表示验证成功,进入首页return "admin/homePage"; catch (IncorrectCredentialsException ice)modelMap.addAttribute("message", "用户名或密码不正确!"); catch (UnknownAccountException uae)modelMap.addAttribute("message", "未知账户!"); catch (LockedAccountException lae)modelMap.addAttribute("message", "账户被锁定!"); catch (DisabledAccountException dae)modelMap.addAttribute("message", "账户被禁用!"); catch (ExcessiveAttemptsException eae)modelMap.addAttribute("message", "用户名或密码错误次数太多!"); catch (AuthenticationException ae)modelMap.addAttribute("message", "验证未通过!"); catch (Exception e)//返回登录页* 登出操作@RequestMapping("/logout")public String logout()//登出清除缓存subject.logout(); return "redirect:/login"; }

6.前端登录页面:
cxh电商平台管理后台
${message}

//提交登录function SubmitLogin() {//判断用户名是否为空if (!loginForm.username.value) {alert("请输入用户姓名!"); loginForm.username.focus(); return false; }//判断密码是否为空if (!loginForm.password.value) {alert("请输入登录密码!"); loginForm.password.focus(); return false; }return true; }

【springboot整合shiro实现登录验证授权的过程解析】到此这篇关于springboot整合shiro实现登录验证授权的文章就介绍到这了,更多相关springboot整合shiro登录验证内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!

    推荐阅读