spring boot整合shiro(附带简单demo)

shiro是目前主流的java安全框架,主要用来更便捷的认证,授权,加密,会话管理。废话不多说,下面是一个简单的案例,Soring boot整合shiro;

首先搭建一个spring boot框架,具体步骤请参考点击打开链接;

然后配置shiro依赖(顺便整合mybatis)

               
org.springframework.boot
spring-boot-starter-web

               
org.springframework.boot
spring-boot-starter-test
test

               
mysql
mysql-connector-java
5.1.6


org.springframework.boot
spring-boot-devtools


org.mybatis.spring.boot
mybatis-spring-boot-starter
1.1.1


com.alibaba
druid
1.0.28


junit
junit
3.8.1
test


org.apache.shiro
shiro-spring
1.4.0


org.springframework.boot
spring-boot-starter-thymeleaf

配置文件(application.xml)

#spring集成Mybatis环境
mybatis.type-aliases-package=com.huangjia.domain
#加载Mybatis配置文件
mybatis.mapper-locations = classpath:mapper/*Mapper.xml
#spring.datasource.type = com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name= com.mysql.jdbc.Driver
spring.datasource.url = jdbc:mysql://localhost:3306/student?useUnicode=true&characterEncoding=utf-8
spring.datasource.username = root
spring.datasource.password = root

然后简历一个数据库表,主要字段为用户名密码及权限状态;

spring boot整合shiro(附带简单demo)_第1张图片

下面建包,把各个层建好

spring boot整合shiro(附带简单demo)_第2张图片

编写shiro配置类

ShiroConfig:

package com.huangjia.shiro;
import java.util.HashMap;
import java.util.Map;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
 * shiro配置类
 * @author jianping.lu
 *
 */
@Configuration
public class ShiroConfig {
	
	//创建ShiroFilterFactoryBean
	@Bean(name="shiroFilterFactoryBean")
	public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		//设置安全管理器
		shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
		
		//添加shiro内置过滤器
        /*
         * anon:表示可以匿名使用。 
           authc:表示需要认证(登录)才能使用,没有参数 
           roles:参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,例如admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。 
           perms:参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,例如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于isPermitedAll()方法。 
           rest:根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等。 
           port:当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString是你访问的url里的?后面的参数。 
           authcBasic:没有参数表示httpBasic认证 
           ssl:表示安全的url请求,协议为https 
           user:当登入操作时不做检查
         */
		Map fMap = new HashMap();
		//拦截页面
		fMap.put("/one", "authc");
		fMap.put("/two", "authc");
	
		
		//拦截未授权
	    fMap.put("/one", "perms[user:one]");
	    fMap.put("/two", "perms[user:two]");
		//被拦截返回登录页面
		shiroFilterFactoryBean.setLoginUrl("/login");
		//授权拦截返回页面
		shiroFilterFactoryBean.setUnauthorizedUrl("/permission");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(fMap);
		return shiroFilterFactoryBean;
		
	}
	@Bean(name="defaultWebSecurityManager")
	//创建DefaultWebSecurityManager
	public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
		DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
		defaultWebSecurityManager.setRealm(userRealm);
		return defaultWebSecurityManager;
		
	}
	
	//创建Realm
	@Bean(name="userRealm")
	public UserRealm getUserRealm(){
		return new UserRealm();
	}
	

}

UserRealm:

package com.huangjia.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

import com.huangjia.domain.User;
import com.huangjia.service.UserService;

/**
 * 自定义realm
 * @author jianping.lu
 *
 */
public class UserRealm extends AuthorizingRealm{
	@Autowired
	private UserService UserService;
	//执行授权
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
		// TODO Auto-generated method stub
		System.out.println("授权");
		//获取当前登录用户
		Subject subject = SecurityUtils.getSubject();
		User user = (User) subject.getPrincipal();
		//给资源授权
		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
		simpleAuthorizationInfo.addStringPermission(user.getPerms());
		return simpleAuthorizationInfo;
	}
    //执行认证逻辑
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
		// TODO Auto-generated method stub
		System.out.println("认证");
		
		//shiro判断逻辑
		UsernamePasswordToken user = (UsernamePasswordToken) arg0;
	    User realUser = new User();
	    realUser.setName(user.getUsername());
	    realUser.setPassword(String.copyValueOf(user.getPassword()));
		User newUser = UserService.findUser(realUser);
		//System.out.println(user.getUsername());
		if(newUser == null){
			//用户名错误
			//shiro会抛出UnknownAccountException异常
			return null;
		}
		
		return new SimpleAuthenticationInfo(newUser,newUser.getPassword(),"");
	}

	
}

编写所需功能模块

Controller:

package com.huangjia.controller;


import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import com.huangjia.domain.User;
import com.huangjia.service.UserService;

@Controller
public class UserController {
	@Autowired
	private UserService UserService;
	@RequestMapping("what")
	public String why(){
		return "sse";
	}
	@RequestMapping("one")
	public String getOne(){
		return "one";
	}
	@RequestMapping("two")
	public String getTwo(){
		return "two";
	}
	@RequestMapping("login")
	public String login(){
		return "login";
	}
	@RequestMapping("permission")
	public String permission(){
		return "permission";
	}
	
	@RequestMapping("toLogin")
	public String toLogin(User user,Model model){
		
		//System.out.println(newUser.getName()+newUser.getPassword());
		//shiro用户认证
	    //获取subject
		Subject subject = SecurityUtils.getSubject();
		//封装用户数据
		UsernamePasswordToken userToken = new UsernamePasswordToken(user.getName(),user.getPassword());
		//执行登录方法,用捕捉异常去判断是否登录成功
		try {
			subject.login(userToken);
			return "redirect:/what.do";
		} catch (UnknownAccountException e) {
			//用户名不存在
			model.addAttribute("msg","用户名不存在");
			return "login";
		}catch (IncorrectCredentialsException e) {
			//密码错误
			model.addAttribute("msg","密码错误");
			return "login";
		}
		
	}

}

Service(偷个懒,没有定义服务接口):

package com.huangjia.service;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.huangjia.domain.User;
import com.huangjia.mapper.UserMapper;

@Service
public class UserService {
	@Autowired
	private UserMapper userMapper;
	public User findUser(User user){
		return userMapper.findUser(user);
	}

}

Dao:

package com.huangjia.mapper;

import java.util.List;

import org.apache.ibatis.annotations.Mapper;

import com.huangjia.domain.User;

@Mapper
public interface UserMapper {
     public User findUser(User user);
}

Mapper.xml





		
		
		
	
	

下面写几个简单页面

login.html(登陆页面)





Insert title here


用户名:
密 码:

sse.html(功能选择)





Insert title here


用户名:
密 码:

one.html(功能一)





Insert title here


欢迎来到one

two.html





Insert title here


欢迎来到two

permission.html(权限拦截页面)





Insert title here


对不起,你没有该权限


你可能感兴趣的:(spring boot整合shiro(附带简单demo))