【Shiro】框架所遇到的问题

  1. 用户表如下
CREATE TABLE `shiro_user` (
  `user_id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  PRIMARY KEY (`user_id`),
  KEY `username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8

#这里的密码是经过md5加密过的实际密码均为111
insert into shiro_user(username,password) values("Alice","84df234b30ed5ff9753f4a3b044ca11c");
insert into shiro_user(username,password) values("Jack","84df234b30ed5ff9753f4a3b044ca11c");
  1. 此次测试只使用只使用两个页面login.htmlsuccess.html

login页面


<html lang="en">
<head>
    <meta charset="UTF-8"/>
    <title>Titletitle>
head>
<script src="/static/js/jquery-3.3.1.js">script>
<body>
<form>
    用户名:<input type="text" name="name"/><br>
    密码:<input type="text" name="password"/><br>
    <input type="button" value="提交"/>
form>
body>
<script>
    $("input:button").click(function () {
        $.ajax({
            url: "/enter",
            type: "post",
            data: $("form").serialize(),
            success: function (result) {
                if(result.status=='SUCCESS'){//后端返回验证成功信息跳转页面
                    window.location.href='/success';
                }else{
                    alert("重新登录");
                }
            }
        });
    });
script>
html>

success页面就只提示验证成功


<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Titletitle>
head>
<body>
<h1>验证成功h1>
body>
html>
  1. Controller层主要接口如下
	/**
	 * 验证成功跳转页面
	 */
	@RequestMapping("/success")
    public String success() {
        return "success";
    }

	/**
	 * 进行用户验证
	 */
	@RequestMapping(value = "/enter", method = RequestMethod.POST)
	@ResponseBody
    public DataMsg login(User user, Model model) {
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(user.getName(), user.getPassword());
        try {
            subject.logout();
            subject.login(token);
            boolean authenticated = subject.isAuthenticated();
            System.out.println("登录状态" + authenticated);
        } catch (Exception e) {
            return DataMsg.error("登录失败");
        }
        return DataMsg.success("登录成功");
    }

如果只是这样,那么我们的success也相当于可以随便方法,这里我们使用shiro给它赋予权限


	
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager"/>
		<property name="loginUrl" value="/"/>
		<property name="unauthorizedUrl" value="/"/>
		<property name="successUrl" value="/success"/>
		<property name="filterChainDefinitions">
			<value>
				/toPage = anon
                 
				/enter = anon  
				
				/static/** = anon
                 
				/** = authc
				
			value>
		property>
	bean>


	
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="realm"/>
		<property name="rememberMeManager" ref="cookieRememberMe"/>

	bean>

	
	<bean id="matcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
		<property name="hashAlgorithmName" value="md5"/>
		<property name="hashIterations" value="1"/>
	bean>

	
	<bean id="realm" class="com.shaw.realm.ShiroRealm">
		<property name="credentialsMatcher" ref="matcher"/>
	bean>

	
	<bean id="cookieRememberMe" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
		<property name="cookie" ref="cookie">property>
	bean>

	<bean id="cookie" class="org.apache.shiro.web.servlet.SimpleCookie">
		<constructor-arg value="rememberMe">constructor-arg>
		<property name="maxAge" value="960000">property>
		<property name="httpOnly" value="true"/>
	bean>

这里关于realm认证我只贴出用户部分

public class ShiroRealm extends AuthorizingRealm {

    private final static Logger logger = LoggerFactory.getLogger(AuthorizingRealm.class);


    @Autowired
    private UserService userService;

    /**
     * 权限角色、权限的验证
     *
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    /**
     * 登录的验证,前段的的登陆请求会在这进行验证
     *
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String name = token.getPrincipal().toString();
        User user = userService.findUserByName(name);
        try{
            SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getName(),user.getPassword(),"customRealm");
            info.setCredentialsSalt(ByteSource.Util.bytes(name));//md5加密,salt
            return info;
        }catch (Exception e){
            logger.error("------------shiro验证出错---------------");
        }
        return null;
    }
}

这里尝试一下

【Shiro】框架所遇到的问题_第1张图片

然后我们尝试不登录的情况下访问success页面

【Shiro】框架所遇到的问题_第2张图片
可以看到,没有登录的状态下访问会被重定向到登录界面,这就是之前shiroFilter设置的

我们再尝试登录

【Shiro】框架所遇到的问题_第3张图片

【Shiro】框架所遇到的问题_第4张图片
然后登录成功!

【Shiro】框架所遇到的问题_第5张图片

SQL语句也正常查询,此次Shiro测试成功!!!

总结:今天讲的只是shiro的冰山一角,shiro还可以做角色授权等等知识,我遇到的问题是之前一直没有加/static/** = anon静态资源放行,导致我jquery导入一直报错

代码已经上传GitHub:https://github.com/Shaw325/Shiro

你可能感兴趣的:(java,mybatis,Spring)