Springboot之Shiro配置
Shiro 安全认证1.导入jar这个包是shiro的核心包org.apache.shiroshiro-spring1.4.0这个jar是页面设置有权限才显示的jarcom.github.theborakompanionithymeleaf-extras-shiro2.0.02.配置类import at.pollux.thymeleaf.shiro.dialect.S...
·
Shiro 安全认证 (基于idea、maven、springboot)
1.导入jar
这个包是shiro的核心包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
这个jar是页面设置有权限才显示的jar
<dependency>
<groupId>com.github.theborakompanioni</groupId>
<artifactId>thymeleaf-extras-shiro</artifactId>
<version>2.0.0</version>
</dependency>
2.配置类
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
@Configuration
public class ShiorConfig {
//shiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
bean.setSecurityManager(defaultWebSecurityManager);
//添加shiro的内置过滤器
/*anon:无需认证就可以访问
authc 必须认证才能访问
user 必须拥有记住我的功能才用
perms 拥有某个资源的权限才能访问
role拥有某个角色权限才能访问
* */
LinkedHashMap<String, String> filtermap = new LinkedHashMap<>();
filtermap.put("/TA/toadd","perms[user:add]");//表示只有user:add字段的才能查看
filtermap.put("/TA/toupdata","perms[user:updata]");//表示只要登陆授权了,就可以查看
bean.setFilterChainDefinitionMap(filtermap);
bean.setLoginUrl("/tologin");//表示没有登陆就跳回去
/*为授权页面*/
bean.setUnauthorizedUrl("/not");//表示没有授权的
return bean;
}
//DafaultWebSecurityManaage:2
@Bean(name="securityManager")
public DefaultWebSecurityManager getdefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
//创建realm对象,需要自定义类:1
@Bean(name="userRealm")
public UserRealm userRealm(){
return new UserRealm();
}
/*在页面显示中是否有权限,有就显示*/
@Bean
public ShiroDialect shiroDialect(){
return new ShiroDialect();
}
}
3.编写Realm类
package com.taxing.mb.my.config;
import com.taxing.mb.my.mapper.UserMapper;
import com.taxing.mb.my.pojo.UserP;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
public class UserRealm extends AuthorizingRealm {
@Autowired
UserMapper userMapper;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
UserP up = (UserP) subject.getPrincipal();//获得认证方法中传递的参数
String[] rm = up.getRealm().split(";");
for (int i=0;i<rm.length;i++){
System.out.println("用户权限:"+rm[i]);
info.addStringPermission( rm[i]);//添加授权
}
return info;
}
/*认证*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken userToken = (UsernamePasswordToken) token;//次参数可得到 Subject subject = SecurityUtils.getSubject();对象中存的值
UserP user = userMapper.getUserByName(userToken.getUsername());//用户名验证
if (user==null){
return null;
}
/*密码shiro自动做*/
//参数1可以把参数传递给授权方法中,参数2为shiro给我的做密码判断
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}
}
4.进行登陆
/*
* 获得登陆信息
* */
@RequestMapping("/tohome")
public String tohome(String name,String password){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(name, password);
try{
subject.login(token);//执行登陆方法,如果没有异常就ok
return "home";
}catch (UnknownAccountException e){
/*名字错误*/
return "index";
}catch (IncorrectCredentialsException e){
/*密码错误*/
return "index";
}
}
5.设置页面有权限的显示
<!DOCTYPE html>
<html lang="en"
xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">//注意要这个命名空间
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
//表示有这个权限才显示,否则不显示
<div shiro:hasPermission="user:add">
<a href="/TA/toadd">添加</a>
</div>
<div shiro:hasPermission="user:updata" >
<a href="/TA/toupdata">更新页面</a>
</div>
</body>
</html>
更多推荐
已为社区贡献1条内容
所有评论(0)