springboot+thymeleaf+shiro标签的实例

springboot+thymeleaf+shiro标签的实例

目录1、pom中加入依赖2、用户-角色-权限的表关系3、编写shiro核心类4、登录控制器5、thymeleaf页面权限控制6、标签说明

1、pom中加入依赖

org.springframework.boot

spring-boot-starter-thymeleaf

1.5.6.RELEASE

org.thymeleaf

thymeleaf

${thymeleaf.version}

org.apache.shiro

shiro-spring

1.4.0

com.github.theborakompanioni

thymeleaf-extras-shiro

1.2.1

2、用户-角色-权限的表关系

//用户表

public class User {

private Integer userId;

private String userName;

private Set roles = new HashSet<>();

}

//角色表

public class User {

private Integer id;

private String role;

private Set modules = new HashSet<>();

private Set users = new HashSet<>();

}

//权限表

public class Module {

private Integer mid;

private String mname;

private Set roles = new HashSet<>();

}

//用户查询

//查询用户信息，返回结果会自动分组，得到用户信息

SELECT

u.*, r.*, m.*

FROM

sys_user u

INNER JOIN sys_user_role ur ON ur.userId = u.user_id

INNER JOIN sys_role r ON r.rid = ur.roleid

INNER JOIN sys_role_module mr ON mr.rid = r.rid

INNER JOIN sys_module m ON mr.mid = m.mid

WHERE

u.user_name=#{username} or u.phone=#{username};

3、编写shiro核心类

@Configuration

public class ShiroConfiguration {

//用于thymeleaf模板使用shiro标签

@Bean

public ShiroDialect shiroDialect() {

return new ShiroDialect();

}

@Bean(name="shiroFilter")

public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager manager) {

ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();

bean.setSecurityManager(manager);

//配置登录的url和登录成功的url

bean.setLoginUrl("/loginpage");

bean.setSuccessUrl("/indexpage");

//配置访问权限

LinkedHashMap filterChainDefinitionMap=new LinkedHashMap<>();

// filterChainDefinitionMap.put("/loginpage*", "anon"); //表示可以匿名访问

filterChainDefinitionMap.put("/admin/*", "authc");//表示需要认证才可以访问

filterChainDefinitionMap.put("/logout*","anon");

filterChainDefinitionMap.put("/img/**","anon");

filterChainDefinitionMap.put("/js/**","anon");

filterChainDefinitionMap.put("/css/**","anon");

filterChainDefinitionMap.put("/fomts/**","anon");

filterChainDefinitionMap.put("/**", "anon");

bean.setFilterChainDefinitionMap(filterChainDefinitionMap);

return bean;

}

//配置核心安全事务管理器

@Bean(name="securityManager")

public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm) {

System.err.println("--------------shiro已经加载----------------");

DefaultWebSecurityManager manager=new DefaultWebSecurityManager();

manager.setRealm(authRealm);

return manager;

}

//配置自定义的权限登录器

@Bean(name="authRealm")

public AuthRealm authRealm(@Qualifier("credentialsMatcher") CredentialsMatcher matcher) {

AuthRealm authRealm=new AuthRealm();

authRealm.setCredentialsMatcher(matcher);

return authRealm;

}

//配置自定义的密码比较器

@Bean(name="credentialsMatcher")

public CredentialsMatcher credentialsMatcher() {

return new CredentialsMatcher();

}

@Bean

public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){

return new LifecycleBeanPostProcessor();

}

@Bean

public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){

DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator();

creator.setProxyTargetClass(true);

return creator;

}

@Bean

public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager manager) {

AuthorizationAttributeSourceAdviyJghOnwsor advisor=new AuthorizationAttributeSourceAdvisor();

advisor.setSecurityManager(manager);

return advisor;

}

}

— - - -- - -- - -- - -- - - -- - - - --

public class AuthRealm extends AuthorizingRealm {

@Autowired

private UserService userService;

//认证.登录

@Override

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

UsernamePasswordToken utoken=(UsernamePasswordToken) token;//获取用户输入的token

String username = utoken.getUsername();

User user = userService.selectByPhone(username);

return new SimpleAuthenticationInfo(user, user.getPassword(),this.getClass().getNyJghOnwame());//放入shiro.调用CredentialsMatcher检验密码

}

//授权

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {

User user=(User) principal.fromRealm(this.getClass().getName()).iterator().next();//获取session中的用户

List permissions=new ArrayList<>();

Set roles = user.getRoleList();

SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();

List listrole = new ArrayList<>();

if(roles.size()>0) {

for(Role role : roles) {

if(!listrole.contains(role.getRole())){

listrole.add(role.getRole());

}

Set modules = role.getModules();

if(modules.size()>0) {

for(Module module : modules) {

permissions.add(module.getMname());

}

}

}

}

info.addRoles(listrole); //将角色放入shiro中.

info.addStringPermissions(permissions); //将权限放入shiro中.

return info;

}

}

//自定义密码比较器

public class CredentialsMatcher extends SimpleCredentialsMatcher {

private Logger logger = Logger.getLogger(CredentialsMatcher.class);

@Override

public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {

UsernamePasswordToken utoken=(UsernamePasswordToken) token;

//所需加密的参数 即 用户输入的密码

String source = String.valueOf(utoken.getPassword());

//[盐] 一般为用户名 或 随机数

String salt = utoken.getUsername();

//加密次数

int hashIterations = 50;

SimpleHash sh = new SimpleHash("md5", source, salt, hashIterations);

String Strsh =sh.toHex();

//打印最终结果

logger.info("正确密码为："+Strsh);

//获得数据库中的密码

String dbPassword= (String) getCredentials(info);

logger.info("数据库密码为："+dbPassword);

//进行密码的比对

return this.equals(Strsh, dbPassword);

}

}

4、登录控制器

@RequestMapping("/loginUser")

public String loginUser(String username,String password,HttpSession session) {

UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken(username,password);

Subject subject = SecurityUtils.getSubject();

Map map=new HashMap()yJghOnw;

try {

subject.login(usernamePasswordToken); //完成登录

User user=(User) subject.getPrincipal();

session.setAttribute("user", user);

return "index";

} catch (IncorrectCredentialsException e) {

map.put("msg", "密码错误");

} catch (LockedAccountException e) {

map.put("msg", "登录失败，该用户已被冻结");

} catch (AuthenticationException e) {

map.put("msg", "该用户不存在");

} catch (Exception e) {

return "login";//返回登录页面

}

return map.toString();

}

5、thymeleaf页面权限控制

xmlns:shiro="http://pollix.at/thymeleaf/shiro">

//作为属性控制

//作为标签

6、标签说明

guest标签

　　用户没有身份验证时显示相应信息，即游客访问信息。

user标签

　　用户已经身份验证/记住我登录后显示相应的信息。

authenticated标签

　　yJghOnw

　　用户已经身份验证通过，即Subject.login登录成功，不是记住我登录的。

notAuthenticated标签

　　用户已经身份验证通过，即没有调用Subject.login进行登录，包括记住我自动登录的也属于未进行身份验证。

principal标签

　　相当于((User)Subject.getPrincipals()).getUsername()。

lacksPermission标签

　　如果当前Subject没有权限将显示body体内容。

hasRole标签

　　如果当前Subject有角色将显示body体内容。

hasAnyRoles标签

　　如果当前Subject有任意一个角色（或的关系）将显示body体内容。

lacksRole标签

　　如果当前Subject没有角色将显示body体内容。

hasPermission标签

　　如果当前Subject有权限将显示body体内容

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。