SpringBoot Shiro免密登录

SpringBoot整合Shiro后实现免密登录

1，说明一下步骤，需要在原来基础新增三个文件

2，新增CustomToken，重写UsernamePasswordToken免密登录调用方法和密码登录调用方法都在里面。

3，新增MyRetryLimitCredentialsMatcher，重写HashedCredentialsMatcher，主要是判定登录是否是免密登录。

4，新增LoginType，登录类型枚举

5，修改ShiroConfig文件，即Shiro配置文件，主要关注：57,63，65-90行

CustomToken.java

package com.fc.test.shiro.nopassword;

import org.apache.shiro.authc.UsernamePasswordToken;
/**
 * 重写UsernamePasswordToken
 * @ClassName: UsernamePasswordToken
 * @author zlxls
 * @date 2020年04月11日
 */
public class CustomToken extends UsernamePasswordToken {
    private static final long serialVersionUID = -2564928913725078138L;
    private LoginType type;
    public CustomToken() {
        super();
    }
    public CustomToken(String username, String password, LoginType type, boolean rememberMe, String host) {
        super(username, password, rememberMe,  host);
        this.type = type;
    }
    public LoginType getType() {
        return type;
    }
    public void setType(LoginType type) {
        this.type = type;
    }
    /**
     * 免密登录
     * @param username
     */
    public CustomToken(String username) {
        super(username, "", false, null);
        this.type = LoginType.NOPASSWD;
    }

    /**
     * 账号密码登录
     * @param username
     * @param pwd
     */
    public CustomToken(String username, String pwd) {
        super(username, pwd, false, null);
        this.type = LoginType.PASSWORD;
    }
}

 MyRetryLimitCredentialsMatcher.java

package com.fc.test.shiro.nopassword;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.springframework.context.annotation.Configuration;
/**
 * 重写HashedCredentialsMatcher，不需要密码登录
 * @ClassName: HashedCredentialsMatcher
 * @author zlxls
 * @date 2020年04月11日
 */
@Configuration
public class MyRetryLimitCredentialsMatcher extends HashedCredentialsMatcher {
    @Override
    public boolean doCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) {
        CustomToken tk = (CustomToken) authcToken;
        if(tk.getType().equals(LoginType.NOPASSWD)){
            return true;
        }
        boolean matches = super.doCredentialsMatch(authcToken, info);
        return matches;
    }
}

LoginType.java 

package com.fc.test.shiro.nopassword;
/**
 * 登录类型枚举
 * @ClassName: LoginType
 * @author zlxls
 * @date 2020年04月11日
 */
public enum LoginType {
    PASSWORD("password"), // 密码登录
    NOPASSWD("nopassword"); // 免密登录

    private String code;// 状态值

    private LoginType(String code) {
        this.code = code;
    }
    public String getCode () {
        return code;
    }
}

修改ShiroConfig文件，即Shiro配置文件

主要关注：57,63，65-90行

即：

形参matcher：@Qualifier("myRetryLimitCredentialsMatcher") MyRetryLimitCredentialsMatcher matcher

写入Realm：securityManager.setRealm(myShiroRealm(matcher));

自定义 CredentialsMatcher方法：MyRetryLimitCredentialsMatcher();

自定义 Realm方法：myShiroRealm();

package com.fc.test.shiro.config;

import com.fc.test.shiro.nopassword.MyRetryLimitCredentialsMatcher;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.fc.test.shiro.service.MyShiroRealm;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;

/**
 * 权限配置文件
 * @ClassName: ShiroConfig
 * @author zlxls
 * @date 2020年04月11日
 */
@Configuration
public class ShiroConfig {
	/**
	 * 这是shiro的大管家，相当于mybatis里的SqlSessionFactoryBean
	 * @param securityManager
	 * @return
	 */
	@Bean
	public ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager) {
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		//登录
		shiroFilterFactoryBean.setLoginUrl("/admin/login");
		//首页
		shiroFilterFactoryBean.setSuccessUrl("/");
		//错误页面，认证不通过跳转
		shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");
		//页面权限控制
		shiroFilterFactoryBean.setFilterChainDefinitionMap(ShiroFilterMapFactory.shiroFilterMap());

		shiroFilterFactoryBean.setSecurityManager(securityManager);
		return shiroFilterFactoryBean;
	}

	/**
	 * web应用管理配置
	 * @param matcher
	 * @param cacheManager
	 * @param manager
	 * @return
	 */
	@Bean
	public DefaultWebSecurityManager securityManager(@Qualifier("myRetryLimitCredentialsMatcher") MyRetryLimitCredentialsMatcher matcher, CacheManager cacheManager, RememberMeManager manager) {
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setCacheManager(cacheManager);
		securityManager.setRememberMeManager(manager);//记住Cookie
		securityManager.setSessionManager(sessionManager());
		securityManager.setRealm(myShiroRealm(matcher));
		return securityManager;
	}
	/**
	 * 加密算法
	 * 密码匹配凭证管理器
	 * @return
	 */
	@Bean(name = "myRetryLimitCredentialsMatcher")
	public MyRetryLimitCredentialsMatcher hashedCredentialsMatcher() {
		MyRetryLimitCredentialsMatcher hashedCredentialsMatcher = new MyRetryLimitCredentialsMatcher();
		// 采用MD5方式加密
		hashedCredentialsMatcher.setHashAlgorithmName("MD5");
		// 设置加密次数
		hashedCredentialsMatcher.setHashIterations(1);
		return hashedCredentialsMatcher;
	}
	/**
	 * 自定义的Realm 将参数HashedCredentialsMatcher修改成重写后的类
	 * 配置realm，用于认证和授权
	 * @param matcher
	 * @return
	 */
	@Bean
	public MyShiroRealm myShiroRealm(MyRetryLimitCredentialsMatcher matcher){
		MyShiroRealm myShiroRealm = new MyShiroRealm();
		myShiroRealm.setCredentialsMatcher(matcher);
		return myShiroRealm;
	}
	/**
	 * session过期控制
	 * @return
	 */
	@Bean
	public DefaultWebSessionManager sessionManager() {
		DefaultWebSessionManager defaultWebSessionManager=new DefaultWebSessionManager();
		Long timeout=60L*1000*60;//毫秒级别 设置session过期时间3600s
		defaultWebSessionManager.setGlobalSessionTimeout(timeout);
		return defaultWebSessionManager;
	}
	/**
	 * 记住我的配置
	 * @return
	 */
	@Bean
	public RememberMeManager rememberMeManager() {
		Cookie cookie = new SimpleCookie("rememberMe");
        cookie.setHttpOnly(true);//通过js脚本将无法读取到cookie信息
        cookie.setMaxAge(60 * 60 * 24);//cookie保存一天
		CookieRememberMeManager manager=new CookieRememberMeManager();
		manager.setCookie(cookie);
		return manager;
	}
	/**
	 * 缓存配置
	 * @return
	 */
	@Bean
	public CacheManager cacheManager() {
		MemoryConstrainedCacheManager cacheManager=new MemoryConstrainedCacheManager();//使用内存缓存
		return cacheManager;
	}
	/**
	 * 启用shiro方言，这样能在页面上使用shiro标签
	 * @return
	 */
	@Bean
    public ShiroDialect shiroDialect() {
        return new ShiroDialect();
    }

	/**
	 * 启用shiro注解 加入注解的使用，不加入这个注解不生效
	 * @param securityManager
	 * @return
	 */
    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
}

完整整合包下载地址

https://download.csdn.net/download/zlxls/12322070