Springboot整合Shiro的代码实例

Springboot整合Shiro的代码实例

这篇文章主要介绍了Springboot整合Shiro的代码实例,文中通过示例代码介绍的非常详细，对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下

1、导入依赖

org.apache.shiro

shiro-spring

1.4.0

2、创建ShiroRealm.java文件

（这里按照需求，只做登录认证这块）

package com.hyqfx.manager.shiro;

import com.baomidou.mybatisplus.mapper.EntityWrapper;

import com.hyqfx.manager.entity.po.SystemAdmin;

import com.hyqfx.manager.service.ISystemAdminService;

import org.apache.shiro.authc.*;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.springframework.beans.factory.annotation.Autowired;

public class ShiroRealm extends AuthorizingRealm {

@Autowired

private ISystemAdminService adminService;

//授权

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection prindSGwiUIcipalCollection) {

/*

//获取登录用户名

String name= (String) principalCollection.getPrimaryPrincipal();

//查询用户名称

User user = loginService.findByName(name);

//添加角色和权限

SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();

for (Role role:user.getRoles()) {

//添加角色

simpleAuthorizationInfo.addRole(role.getRoleName());

for (Permission permission:role.getPermissions()) {

//添加权限

simpleAuthorizationInfo.addStringPermission(permission.getPermission());

}

}

return simpleAuthorizationInfo;*/

return null;

}

//认证

@Override

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

//加这一步的目的是在Post请求的时候会先进认证，然后在到请求

if (authenticationToken.getPrincipal() == nulhttp://l) {

return null;

}

//获取用户信息

String name = authenticationToken.getPrincipal().toString();

SystemAdmin admin = adminService.selectOne(new EntityWrapper().eq("username",name));

if (admin == null) {

return null;

} else {

//这里验证authenticationToken和simpleAuthenticationInfo的信息

SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, admin.getPassword().toString(), getName());

return simpleAuthenticationInfo;

}

}

}

3、创建ShiroConfiguration.java文件

package com.becl.config;

import com.becl.shiro.PasswordMatcher;

import com.becl.shiro.ShiroRealm;

import org.apache.shiro.mgt.SecurityManager;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import java.util.HashMap;

import java.util.Map;

@Configuration

public class ShiroConfiguration {

//将自己的验证方式加入容器

@Bean

public ShiroRealm myShiroRealm() {

ShiroRealm myShiroRealm = new ShiroRealm();

myShiroRealm.setCredentialsMatcher(passwordMatcher());//装配自定义的密码验证方式

return myShiroRealm;

}

// 配置加密方式

// 配置了一下，这货就是验证不过，，改成手动验证算了，以后换加密方式也方便

@Bean

public PasswordMatcher passwordMatcher() {

return new PasswordMatcher();

}

//权限管理，配置主要是Realm的管理认证

@Bean

public SecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

securityManager.setRealm(myShiroRealm());

return securityManager;

}

//Filter工厂，设置对应的过滤条件和跳转条件

@Bean

public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {

ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactorhttp://yBean();

shiroFilterFactoryBean.setSecurityManager(securityManager);

Map map = new HashMap();

//登出

map.put("/logout","logout");

//不需要认证

map.put("/logout","anon");

map.put("/login*","anon");

map.put("/shiroError","anon");

//对所有用户认证

map.put("/**","authc");

//map.put("/**","anon");

//登录

shiroFilterFactoryBean.setLoginUrl("/login");

//首页

shiroFilterFactoryBean.setSuccessUrl("/index");

//错误页面，认证不通过跳转

shiroFilterFactoryBean.setUnauthorizedUrl("/shiroError");

shiroFilterFactoryBean.setFilterChainDefinitionMap(map);

return shiroFilterFactoryBean;

}

//加入注解的使用，不加入这个注解不生效

@Bean

public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {

AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();

authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);

return authorizationAttributeSourceAdvisor;

}

}

4、自定义Shiro的密码比较器

package com.becl.shiro;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;

import org.mindrot.jbcrypt.BCrypt;

/**

* 自定义密码比较器

*/

public class PasswordMatcher extends SimpleCredentialsMatcher {

@Override

public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {

UsernamePasswordToken utoken=(UsernamePasswordToken) token;

//获得用户输入的密码:(可以采用加盐(salt)的方式去检验)

String inPassword = new String(utoken.getPassword());

String username = utoken.getUsername();

//获得数据库中的密码

String dbPassword = (String) info.getCredentials();

//进行密码的比对

boolean flag = BCrypt.checkpw(inPassword,dbPassword);

return flag;

}

}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。