springboot+thymeleaf+shiro标签

1,pom中加入依赖

	
			org.springframework.boot
			spring-boot-starter-thymeleaf
			1.5.6.RELEASE
		
		
		
			org.thymeleaf
			thymeleaf
			${thymeleaf.version}
		
        
		
			org.apache.shiro
			shiro-spring
			1.4.0
		
		
		
			com.github.theborakompanioni
			thymeleaf-extras-shiro
			1.2.1
		

2,用户-角色-权限的表关系

//用户表
public class User {
    private Integer userId;
    private String userName;
    private Set roles = new HashSet<>();
}
//角色表
public class User {
    private Integer id;
    private String role;
    private Set modules = new HashSet<>();
    private Set users = new HashSet<>();
}
//权限表
public class Module {
    private Integer mid;
    private String mname;
    private Set roles = new HashSet<>();
}
    
    
//用户查询

    
    
    
    
      
      
      
        
        
      
    
  
  
//查询用户信息,返回结果会自动分组,得到用户信息
  

3,编写shiro核心类

@Configuration
public class ShiroConfiguration {
    
    //用于thymeleaf模板使用shiro标签
    @Bean
    public ShiroDialect shiroDialect() {
        return new ShiroDialect();
    }

    @Bean(name="shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {
        ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
        bean.setSecurityManager(manager);
        //配置登录的url和登录成功的url
        bean.setLoginUrl("/loginpage");
        bean.setSuccessUrl("/indexpage");
        //配置访问权限
        LinkedHashMap filterChainDefinitionMap=new LinkedHashMap<>();
//        filterChainDefinitionMap.put("/loginpage*", "anon"); //表示可以匿名访问
        filterChainDefinitionMap.put("/admin/*", "authc");//表示需要认证才可以访问
        filterChainDefinitionMap.put("/logout*","anon");
        filterChainDefinitionMap.put("/img/**","anon");
        filterChainDefinitionMap.put("/js/**","anon");
        filterChainDefinitionMap.put("/css/**","anon");
        filterChainDefinitionMap.put("/fomts/**","anon");
        filterChainDefinitionMap.put("/**", "anon");
        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return bean;
    }
    //配置核心安全事务管理器
    @Bean(name="securityManager")
    public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm) {
        System.err.println("--------------shiro已经加载----------------");
        DefaultWebSecurityManager manager=new DefaultWebSecurityManager();
        manager.setRealm(authRealm);
        return manager;
    }
    //配置自定义的权限登录器
    @Bean(name="authRealm")
    public AuthRealm authRealm(@Qualifier("credentialsMatcher") CredentialsMatcher matcher) {
        AuthRealm authRealm=new AuthRealm();
        authRealm.setCredentialsMatcher(matcher);
        return authRealm;
    }
    //配置自定义的密码比较器
    @Bean(name="credentialsMatcher")
    public CredentialsMatcher credentialsMatcher() {
        return new CredentialsMatcher();
    }
    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){
        return new LifecycleBeanPostProcessor();
    }
    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager manager) {
        AuthorizationAttributeSourceAdvisor advisor=new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(manager);
        return advisor;
    }
}

— - - -- - -- - -- - -- - - -- - - - -- 
public class AuthRealm extends AuthorizingRealm {
    @Autowired
    private UserService userService;

    //认证.登录
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken utoken=(UsernamePasswordToken) token;//获取用户输入的token
        String username = utoken.getUsername();
        User user = userService.selectByPhone(username);
        return new SimpleAuthenticationInfo(user, user.getPassword(),this.getClass().getName());//放入shiro.调用CredentialsMatcher检验密码
    }
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
        User user=(User) principal.fromRealm(this.getClass().getName()).iterator().next();//获取session中的用户
        List permissions=new ArrayList<>();
        Set roles = user.getRoleList();
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        List listrole = new ArrayList<>();
        if(roles.size()>0) {
            for(Role role : roles) {
                if(!listrole.contains(role.getRole())){
                    listrole.add(role.getRole());
                }
                Set modules = role.getModules();
                if(modules.size()>0) {
                    for(Module module : modules) {
                        permissions.add(module.getMname());
                    }
                }
            }
        }
        info.addRoles(listrole);                       //将角色放入shiro中.
    info.addStringPermissions(permissions);         //将权限放入shiro中.
        return info;
    }

}


//自定义密码比较器
public class CredentialsMatcher extends SimpleCredentialsMatcher {

    private  Logger logger = Logger.getLogger(CredentialsMatcher.class);

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        UsernamePasswordToken utoken=(UsernamePasswordToken) token;
        //所需加密的参数  即  用户输入的密码
        String source = String.valueOf(utoken.getPassword());
        //[盐] 一般为用户名 或 随机数
        String salt = utoken.getUsername();
        //加密次数
        int hashIterations = 50;
        SimpleHash sh = new SimpleHash("md5", source, salt, hashIterations);
        String Strsh =sh.toHex();
        //打印最终结果
        logger.info("正确密码为:"+Strsh);
        //获得数据库中的密码
        String dbPassword= (String) getCredentials(info);
        logger.info("数据库密码为:"+dbPassword);
        //进行密码的比对
        return this.equals(Strsh, dbPassword);
    }

}

4,登录控制器

    @RequestMapping("/loginUser")
    public String loginUser(String username,String password,HttpSession session) {
        UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken(username,password);
        Subject subject = SecurityUtils.getSubject();
        Map map=new HashMap();
        try {
            subject.login(usernamePasswordToken);   //完成登录
            User user=(User) subject.getPrincipal();
            session.setAttribute("user", user);
            return "index";
        } catch (IncorrectCredentialsException e) {
            map.put("msg", "密码错误");
        } catch (LockedAccountException e) {
            map.put("msg", "登录失败,该用户已被冻结");
        } catch (AuthenticationException e) {
            map.put("msg", "该用户不存在");
        } catch (Exception e) {
            return "login";//返回登录页面
        }
        return map.toString();
    }

5,thymeleaf页面权限控制


	  
//作为属性控制

//作为标签

	

6,标签说明

guest标签
  
  
  用户没有身份验证时显示相应信息,即游客访问信息。

user标签
    
  
  用户已经身份验证/记住我登录后显示相应的信息。

authenticated标签
    
  
  用户已经身份验证通过,即Subject.login登录成功,不是记住我登录的。

notAuthenticated标签
  
  
  
  用户已经身份验证通过,即没有调用Subject.login进行登录,包括记住我自动登录的也属于未进行身份验证。

principal标签
  
  
  
  相当于((User)Subject.getPrincipals()).getUsername()。

lacksPermission标签
  
 
  
  如果当前Subject没有权限将显示body体内容。

hasRole标签
    
  
  如果当前Subject有角色将显示body体内容。

hasAnyRoles标签
  
   
  
  如果当前Subject有任意一个角色(或的关系)将显示body体内容。

lacksRole标签
    
  
  如果当前Subject没有角色将显示body体内容。

hasPermission标签
    
  
  如果当前Subject有权限将显示body体内容

你可能感兴趣的:(功能性需求)