目录

1、Shiro简介

1.1、Shiro是什么?

1.2、有哪些功能?

1.3、Shiro架构(外部)

2、快速入门(QuickStartShiro)

2.1、项目结构

2.2、导入shiro依赖,这是我的pom所有依赖。(pom.xml)

2.3、相关配置文件

(1)log4j.properties——官网

(2)shiro.ini——官网

(3)启动类 Quickstart——官网

3、SpringBoot集成Shiro框架

3.1SpringBoot整合Shiro环境搭建

1、项目结构

2、新建一个项目或模块,勾选依赖。(省略.......)

3、数据库(Mysql)

3、pom.xml依赖。(这是我pom所有依赖)

4、ShiroConfig(ShiroConfig配置)

5、UserRealm(自定义UserRealm)

6、MyController(用户控制层)

7、UserMapper(用户映射层)

8、User(用户实体类)

9、UserServiceImpl(业务逻辑)

10、UserService(用户接口实现层)

11、SpringbootshiroApplication(启动类)

12、UserMapper.xml

13、style.css

14、img  ---> background.jpg

15、add.html

16、update.html

17、index.html

18、login.html(登录页)

19、application.properties(配置)

20、application.yml(配置)

1、Shiro简介

1.1、Shiro是什么?

  • Apache Shiro 是 Java 的一个安全(权限)框架。

  • Shiro可以非常容易的开发出足够好的应用,其不仅可以用在JavaSE环境,也可以用在JavaEE环境。

  • Shiro 可以完成:认证、授权、加密、会话管理、与Web 集成、缓存等。

  • 下载地址

    • 官网:http://shiro.apache.org/
    • github:https://github.com/apache/shiro

1.2、有哪些功能?

  • Authentication:身份认证/登录,验证用户是不是拥有相应的身份

  • Authorization:授权,即权限验证,验证某个已认证的用户是否拥有某个权限;即判断用户是否能进行什么操作,如:验证某个用户是否拥有某个角色。或者细粒度的验证某个用户对某个资源是否具有某个权限

  • Session Management:会话管理,即用户登录后就是一次会话,在没有退出之前,它的所有信息都在会话中;会话可以是普通JavaSE环境,也可以是Web 环境的

  • Cryptography:加密,保护数据的安全性,如密码加密存储到数据库,而不是明文存储

  • Web Support:Web 支持,可以非常容易的集成到Web 环境

  • Caching:缓存,比如用户登录后,其用户信息、拥有的角色/权限不必每次去查,这样可以提高效率

  • Concurrency:Shiro支持多线程应用的并发验证,即如在一个线程中开启另一个线程,能把权限自动传播过去

  • Testing:提供测试支持

  • “Run As”:允许一个用户假装为另一个用户(如果他们允许)的身份进行访问

  • Remember Me:记住我,这个是非常常见的功能,即一次登录后,下次再来的话不用登录了

1.3、Shiro架构(外部)

从外部来看Shiro,即从应用程序角度的来观察如何使用Shiro完成工作

  • Subject:应用代码直接交互的对象是Subject,也就是说Shiro的对外API 核心就是Subject。Subject 代表了当前“用户”,这个用户不一定是一个具体的人,与当前应用交互的任何东西都是Subject,如网络爬虫,机器人等;与Subject 的所有交互都会委托给SecurityManager;Subject 其实是一个门面,SecurityManager才是实际的执行者

  • SecurityManager:安全管理器;即所有与安全有关的操作都会与SecurityManager交互;且其管理着所有Subject;可以看出它是Shiro的核心,它负责与Shiro的其他组件进行交互,它相当于SpringMVC中DispatcherServlet的角色

  • Realm:Shiro从Realm 获取安全数据(如用户、角色、权限),就是说SecurityManager要验证用户身份,那么它需要从Realm 获取相应的用户进行比较以确定用户身份是否合法;也需要从Realm 得到用户相应的角色/权限进行验证用户是否能进行操作;可以把Realm 看成DataSource

1.4、Shiro架构(内部)

  • Subject:任何可以与应用交互的“用户”;
  • SecurityManager:相当于SpringMVC中的DispatcherServlet;是Shiro的心脏;所有具体的交互都通过SecurityManager进行控制;它管理着所有Subject、且负责进行认证、授权、会话及缓存的管理。
  • Authenticator:负责Subject 认证,是一个扩展点,可以自定义实现;可以使用认证策略(Authentication Strategy),即什么情况下算用户认证通过了;
  • Authorizer:授权器、即访问控制器,用来决定主体是否有权限进行相应的操作;即控制着用户能访问应用中的哪些功能;
  • Realm:可以有1 个或多个Realm,可以认为是安全实体数据源,即用于获取安全实体的;可以是JDBC 实现,也可以是内存实现等等;由用户提供;所以一般在应用中都需要实现自己的Realm;
  • SessionManager:管理Session 生命周期的组件;而Shiro并不仅仅可以用在Web 环境,也可以用在如普通的JavaSE环境
    CacheManager:缓存控制器,来管理如用户、角色、权限等的缓存的;因为这些数据基本上很少改变,放到缓存中后可以提高访问的性能
  • Cryptography:密码模块,Shiro提高了一些常见的加密组件用于如密码加密/解密。

2、快速入门(QuickStartShiro)

2.1、项目结构

2.2、导入shiro依赖,这是我的pom所有依赖。(pom.xml)

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.quickstartshiro</groupId><artifactId>shiro</artifactId><version>0.0.1-SNAPSHOT</version><name>shiro</name><description>Demo project for Spring Boot</description><properties><java.version>1.8</java.version><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding><spring-boot.version>2.3.7.RELEASE</spring-boot.version></properties><dependencies><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.5.3</version></dependency><!-- configure logging --><dependency><groupId>org.slf4j</groupId><artifactId>jcl-over-slf4j</artifactId><version>1.7.26</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.26</version></dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-freemarker</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-thymeleaf</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><scope>runtime</scope><optional>true</optional></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope><exclusions><exclusion><groupId>org.junit.vintage</groupId><artifactId>junit-vintage-engine</artifactId></exclusion></exclusions></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-autoconfigure</artifactId><version>2.4.3</version></dependency></dependencies><dependencyManagement><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>${spring-boot.version}</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.8.1</version><configuration><source>1.8</source><target>1.8</target><encoding>UTF-8</encoding></configuration></plugin><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><version>2.3.7.RELEASE</version><configuration><mainClass>com.quickstartshiro.ShiroApplication</mainClass></configuration><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>

这段是关键代码:

2.3、相关配置文件

(1)log4j.properties——官网

log4j.rootLogger=INFO, stdoutlog4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n# General Apache libraries
log4j.logger.org.apache=WARN# Spring
log4j.logger.org.springframework=WARN# Default Shiro logging
log4j.logger.org.apache.shiro=INFO# Disable verbose logging
log4j.logger.org.apache.shiro.util.ThreadContext=WARN
log4j.logger.org.apache.shiro.cache.ehcache.EhCache=WARN

(2)shiro.ini——官网

[users]
# user 'root' with password 'secret' and the 'admin' role
root = secret, admin
# user 'guest' with the password 'guest' and the 'guest' role
guest = guest, guest
# user 'presidentskroob' with password '12345' ("That's the same combination on
# my luggage!!!" ;)), and role 'president'
presidentskroob = 12345, president
# user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz'
darkhelmet = ludicrousspeed, darklord, schwartz
# user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz'
lonestarr = vespa, goodguy, schwartz# -----------------------------------------------------------------------------
# Roles with assigned permissions
#
# Each line conforms to the format defined in the
# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
# -----------------------------------------------------------------------------
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = *
# The 'schwartz' role can do anything (*) with any lightsaber:
schwartz = lightsaber:*
# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with
# license plate 'eagle5' (instance specific id)
goodguy = winnebago:drive:eagle5

(3)启动类 Quickstart——官网

package com.quickstartshiro;/** Licensed to the Apache Software Foundation (ASF) under one* or more contributor license agreements.  See the NOTICE file* distributed with this work for additional information* regarding copyright ownership.  The ASF licenses this file* to you under the Apache License, Version 2.0 (the* "License"); you may not use this file except in compliance* with the License.  You may obtain a copy of the License at**     http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing,* software distributed under the License is distributed on an* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY* KIND, either express or implied.  See the License for the* specific language governing permissions and limitations* under the License.*/import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;/*** Simple Quickstart application showing how to use Shiro's API.* 简单入门Shiro使用API** @since 0.9 RC2*/
public class QuickStart {private static final transient Logger log = LoggerFactory.getLogger(QuickStart.class);public static void main(String[] args) {// The easiest way to create a Shiro SecurityManager with configured// realms, users, roles and permissions is to use the simple INI config.// We'll do that by using a factory that can ingest a .ini file and// return a SecurityManager instance:// Use the shiro.ini file at the root of the classpath// (file: and url: prefixes load from files and urls respectively):// 读取配置文件:Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");SecurityManager securityManager = factory.getInstance();// for this simple example quickstart, make the SecurityManager// accessible as a JVM singleton.  Most applications wouldn't do this// and instead rely on their container configuration or web.xml for// webapps.  That is outside the scope of this simple quickstart, so// we'll just do the bare minimum so you can continue to get a feel// for things.SecurityUtils.setSecurityManager(securityManager);// Now that a simple Shiro environment is set up, let's see what you can do:// get the currently executing user:// 获取当前的用户对象 SubjectSubject currentUser = SecurityUtils.getSubject();// Do some stuff with a Session (no need for a web or EJB container!!!)//通过当前用户拿到Shiro的Session 可以脱离web存值取值Session session = currentUser.getSession();session.setAttribute("someKey", "aValue");String value = (String) session.getAttribute("someKey");if (value.equals("aValue")) {log.info("Retrieved the correct value! [" + value + "]");}// let's login the current user so we can check against roles and permissions://判断当前的用户是否被认证if (!currentUser.isAuthenticated()) {//Token 令牌UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");//设置记住我token.setRememberMe(true);try {//执行登录操作currentUser.login(token);} catch (UnknownAccountException uae) {log.info("There is no user with username of " + token.getPrincipal());} catch (IncorrectCredentialsException ice) {log.info("Password for account " + token.getPrincipal() + " was incorrect!");} catch (LockedAccountException lae) {log.info("The account for username " + token.getPrincipal() + " is locked.  " +"Please contact your administrator to unlock it.");}// ... catch more exceptions here (maybe custom ones specific to your application?catch (AuthenticationException ae) {//unexpected condition?  error?}}//say who they are://print their identifying principal (in this case, a username):log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");//test a role:// 检查角色if (currentUser.hasRole("schwartz")) {log.info("May the Schwartz be with you!");} else {log.info("Hello, mere mortal.");}//test a typed permission (not instance-level)//粗粒度if (currentUser.isPermitted("lightsaber:wield")) {log.info("You may use a lightsaber ring.  Use it wisely.");} else {log.info("Sorry, lightsaber rings are for schwartz masters only.");}//a (very powerful) Instance Level permission://细粒度if (currentUser.isPermitted("winnebago:drive:eagle5")) {log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " +"Here are the keys - have fun!");} else {log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");}//all done - log out!//注销currentUser.logout();//结束System.exit(0);}
}

3、SpringBoot集成Shiro框架

3.1SpringBoot整合Shiro环境搭建

1、项目结构

2、新建一个项目或模块,勾选依赖。(省略.......)

Web  --->  Spring Web

Template Engines   --->  Thymeleaf

3、数据库(Mysql)

CREATE TABLE `user` (`id` int(11) NOT NULL,`username` varchar(255) DEFAULT NULL COMMENT '用户名',`password` varchar(255) DEFAULT NULL COMMENT '密码',`perms` varchar(255) DEFAULT NULL,PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

3、pom.xml依赖。(这是我pom所有依赖)

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.springbootshiro</groupId><artifactId>springbootshiro</artifactId><version>0.0.1-SNAPSHOT</version><name>springbootshiro</name><description>Demo project for Spring Boot</description><properties><java.version>1.8</java.version><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding><spring-boot.version>2.3.7.RELEASE</spring-boot.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-freemarker</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-thymeleaf</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><!--shiro-thymeleaf整合--><dependency><groupId>com.github.theborakompanioni</groupId><artifactId>thymeleaf-extras-shiro</artifactId><version>2.0.0</version></dependency><!--Subject  用户SecurityManager 管理所有用户Realm 连接数据库
-->
<!--        <dependency>-->
<!--            <groupId>org.projectlombok</groupId>-->
<!--            <artifactId>lombok</artifactId>-->
<!--        </dependency>--><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId></dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>com.alibaba</groupId><artifactId>druid</artifactId><version>1.1.23</version></dependency><!--引入mybatis,这是MyBatis官方提供的适配spring Boot的,而不是spring Boot自己的--><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>2.1.3</version></dependency><!--shiro整合spring的包--><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.5.3</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><scope>runtime</scope><optional>true</optional></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope><exclusions><exclusion><groupId>org.junit.vintage</groupId><artifactId>junit-vintage-engine</artifactId></exclusion></exclusions></dependency></dependencies><dependencyManagement><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>${spring-boot.version}</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.8.1</version><configuration><source>1.8</source><target>1.8</target><encoding>UTF-8</encoding></configuration></plugin><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><version>2.3.7.RELEASE</version><configuration><mainClass>com.springbootshiro.SpringbootshiroApplication</mainClass></configuration><executions><execution><id>repackage</id><goals><goal>repackage</goal></goals></execution></executions></plugin></plugins></build></project>

4、ShiroConfig(ShiroConfig配置)

package com.springbootshiro.config;import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import java.util.LinkedHashMap;
import java.util.Map;@Configuration
public class ShiroConfig {//1、创建realm对象,需要自定义类@Beanpublic UserRealm userRealm(){return new UserRealm();}//2、DefaultWebSecurityManager@Beanpublic DefaultWebSecurityManager getdefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();//关联userRealmsecurityManager.setRealm(userRealm);return securityManager;}//3、shiroFilterFactoryBean@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getdefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();//设置安全管理器bean.setSecurityManager(defaultWebSecurityManager);//实现shiro的内置过滤器/*** anon:无需认证就可以访问* authc:必须认证了才能访问* user:必须拥有记住我功能才能用* perms:拥有对某个资源的权限才能访问* role:拥有某个角色权限*///拦截Map<String, String> filter = new LinkedHashMap<>();//授权,正常的情况下,未授权跳转到未授权页面filter.put("/user/add","perms[user:add]");filter.put("/user/update","perms[user:update]");filter.put("/user/*","authc");bean.setFilterChainDefinitionMap(filter);//设置登录的请求bean.setLoginUrl("/toLogin");//未授权页面bean.setUnauthorizedUrl("/noauth");return bean;}// 整合ShiroDialect: 用来整合 Shiro thymeleaf@Beanpublic ShiroDialect getShiroDialect() {return new ShiroDialect();}}

5、UserRealm(自定义UserRealm)

package com.springbootshiro.config;import com.springbootshiro.pojo.User;
import com.springbootshiro.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;//自定义的UserRealm
public class UserRealm extends AuthorizingRealm {@AutowiredUserService userService;//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection){System.out.println("执行了=>授权doGetAuthorizationInfo");//SimpleAuthorizationInfoSimpleAuthorizationInfo info =  new SimpleAuthorizationInfo();//拿到当前登录的这个对象Subject subject = SecurityUtils.getSubject();//拿到UserUser currentUser = (User)subject.getPrincipal();//设置当前用户的权限info.addStringPermission(currentUser.getPerms());return info;}//认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {System.out.println("执行了=>认证doGetAuthorizationInfo");UsernamePasswordToken userToken = (UsernamePasswordToken) token;//连接真实数据库User user = userService.queryUserByName(userToken.getUsername());//没有这个人if (user == null){//UnknownAccountExceptionreturn null;}//        Subject currentSubject = SecurityUtils.getSubject();
//        Session session = currentSubject.getSession();
//        session.setAttribute("loginUser",user);//可以加密,MD5:e10adc3949ba59abbe56e057f20f883e  MD5:盐值加密//密码认证,shiro做return new SimpleAuthenticationInfo(user,user.getPassword(),"");}
}

6、MyController(用户控制层)

package com.springbootshiro.controller;import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;@Controller
public class MyController {//    @RequestMapping({"/","/index"})
//    public String toIndex(Model model){
//        model.addAttribute("msg","hello,Shiro");
//        return "index";
//    }@RequestMapping("/user/add")public String add() {return "user/add";}@RequestMapping("/user/update")public String update() {return "user/update";}@RequestMapping({"/","/toLogin"})public String toLogin() {return "login";}@RequestMapping("/login")public String login(String username,String password,Model model){//获取一个用户Subject subject = SecurityUtils.getSubject();//封装用户登录的数据UsernamePasswordToken token = new UsernamePasswordToken(username,password );try{subject.login(token);return "index";}catch (UnknownAccountException e){//用户名不存在model.addAttribute("msg","用户名错误");return "login";}catch (IncorrectCredentialsException e){//密码不存在model.addAttribute("msg","密码错误");return "login";}}@RequestMapping("/noauth")@ResponseBodypublic String unauthorized(){return "未经授权无法访问此页面";}}

7、UserMapper(用户映射层)

package com.springbootshiro.mapper;import com.springbootshiro.pojo.User;
import org.apache.ibatis.annotations.Mapper;
import org.springframework.stereotype.Repository;@Repository
@Mapper
public interface UserMapper {public User queryUserByName(String username);
}

8、User(用户实体类)

package com.springbootshiro.pojo;import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;/*** 用户密码实体类*/@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {private int id;private String username;private String password;private String perms;
}

9、UserServiceImpl(业务逻辑)

package com.springbootshiro.service.impl;import com.springbootshiro.mapper.UserMapper;
import com.springbootshiro.pojo.User;
import com.springbootshiro.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;/*** 业务逻辑*/
@Service
public class UserServiceImpl implements UserService {@AutowiredUserMapper userMapper;@Overridepublic User queryUserByName(String username) {return userMapper.queryUserByName(username);}
}

10、UserService(用户接口实现层)

package com.springbootshiro.service;import com.springbootshiro.pojo.User;/*** 用户接口实现层*/
public interface UserService {public User queryUserByName(String username);
}

11、SpringbootshiroApplication(启动类)

package com.springbootshiro;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplication
public class SpringbootshiroApplication {public static void main(String[] args) {SpringApplication.run(SpringbootshiroApplication.class, args);}}

12、UserMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<!--namespace=绑定一个对应的Dao/Mapper接口-->
<mapper namespace="com.springbootshiro.mapper.UserMapper"><!--    <select id="queryUserList" resultType="com.springbootshiro.pojo.User">-->
<!--        select * from user;-->
<!--    </select>--><!--    <select id="queryUserById" resultType="com.springbootshiro.pojo.User">-->
<!--        select * from user where id = #{id};-->
<!--    </select>--><!--    <insert id="addUser" parameterType="com.springbootshiro.pojo.User">-->
<!--        insert into user (id, username, password) values (#{id},#{username},#{password});-->
<!--    </insert>--><!--    <update id="updateUser" parameterType="com.springbootshiro.pojo.User">-->
<!--        update user set username=#{username},password = #{password} where id = #{id};-->
<!--    </update>--><!--    <delete id="deleteUser" parameterType="int">-->
<!--        delete from user where id = #{id}-->
<!--    </delete>--><select id="queryUserByName" parameterType="String" resultType="com.springbootshiro.pojo.User">select * from user where username = #{username}</select>
</mapper>

13、style.css

、
html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,dl,dt,dd,ol,nav ul,nav li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,video{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline;}
article, aside, details, figcaption, figure,footer, header, hgroup, menu, nav, section {display: block;}
ol,ul{list-style:none;margin:0px;padding:0px;}
blockquote,q{quotes:none;}
blockquote:before,blockquote:after,q:before,q:after{content:'';content:none;}
table{border-collapse:collapse;border-spacing:0;}a{text-decoration:none;}
.txt-rt{text-align:right;}
.txt-lt{text-align:left;}
.txt-center{text-align:center;}
.float-rt{float:right;}
.float-lt{float:left;}
.clear{clear:both;}
.pos-relative{position:relative;}
.pos-absolute{position:absolute;}
.vertical-base{vertical-align:baseline;}
.vertical-top{vertical-align:top;}
nav.vertical ul li{display:block;}
nav.horizontal ul li{display: inline-block;}
img{max-width:100%;}body {background:url('../img/background.jpg') no-repeat 0px 0px;background-size: cover;font-family: 'Open Sans', sans-serif;background-attachment: fixed;background-position: center;
}body a {transition: 0.5s all;-webkit-transition: 0.5s all;-moz-transition: 0.5s all;-o-transition: 0.5s all;-ms-transition: 0.5s all;
}h1 {color: #FFF;text-align: center;letter-spacing: 6px;font-size: 40px;margin-top: 75px;
}.container {width: 32%;margin: 50px auto;text-align: center;background:rgba(0, 0, 0, 0.43);-webkit-box-shadow: 10px 10px 5px 0px rgba(0,0,0,0.75);-moz-box-shadow: 10px 10px 5px 0px rgba(0,0,0,0.75);box-shadow: 10px 10px 5px 0px rgba(0,0,0,0.75);
}h2 {font-size: 30px;color: #FFF;padding-top: 45px;letter-spacing:3px;
}
form {padding: 65px;
}form span {width: 23%;float: left;background: #fed14e;padding: 10.2px 10px;position: relative;color: #005377;font-size: 15px;letter-spacing: 1px;
}form span:after {content: '';position: absolute;width: 0;height: 0;right: -11px;border-top: 6px solid rgba(0, 0, 0, 0);border-left: 11px solid #fed14e;border-bottom: 6px solid rgba(0, 0, 0, 0);top: 14px;
}
input.name {width: 65%;padding:10px 10px 10px 15px;border: none;outline: none;font-size: 17px;letter-spacing: 1px;margin-bottom: 35px;float:left;
}input.password {width: 65%;padding:10px 10px 10px 15px;border: none;outline: none;font-size: 17px;letter-spacing: 1px;margin-bottom: 35px;float:left;
}
.rem-for-agile{width:50%;float:left;text-align:left;font-size:13px;color:rgb(238, 223, 179);
}
.rem-for-agile a{color:rgb(238, 223, 179);margin-top:3px;display:inline-block;padding-left:18px;
}
.rem-for-agile a:hover{color: #fff;
}
input[type="checkbox"] {margin: 10px 5px 0px 0px;vertical-align: sub;
}.login-w3{width:50%;float:right;
}
input[type="submit"]{background-color:#005377;color:#fff;padding:11px;outline: none;border:none;font-size: 17px;width:50%;cursor:pointer;margin-top:5px;transition: 0.5s all;-webkit-transition: 0.5s all;-moz-transition: 0.5s all;-o-transition: 0.5s all;-ms-transition: 0.5s all;
}
input[type="submit"]:hover{background:#fed14e;color:#000;}
.footer-w3l{margin-top: 150px;margin-bottom: 20px;
}
.footer-w3l p {color:white;text-align:center;font-size:13px;letter-spacing:1px;
}
.footer-w3l a{color:white;text-decoration:none;
}
.footer-w3l a:hover{text-decoration:underline;
}
@media screen and (max-width: 1440px) {form span {font-size:14px;padding:10.5px 10px;}input.name{width: 63%;}input.password {width: 63%;}}
@media screen and (max-width: 1366px) {.container {width: 37%;}}@media screen and (max-width: 1080px) {.container {width: 46%;}}
@media screen and (max-width: 991px) {h1{margin-top:50px;}.container {width: 52%;}}@media screen and (max-width: 800px) {.container {width: 63%;}form {padding: 55px;}}@media screen and (max-width: 736px) {h1 {letter-spacing: 4px;font-size: 35px;}h2 {font-size: 28px;padding-top: 35px;letter-spacing: 2px;}}
@media screen and (max-width: 667px) {.container {width: 66%;}form {padding: 53px;}}
@media screen and (max-width: 640px) {form {padding: 42px;}
}
@media screen and (max-width: 600px) {.container {width: 70%;}
}
@media screen and (max-width: 568px) {.container {width: 74%;}
}
@media screen and (max-width: 480px) {h1 {letter-spacing: 2px;font-size: 31px;}.container {width: 78%;}form {padding: 30px;}input.name {width: 62%;}input.password{width: 62%;}input[type="submit"] {margin-top:8px;}
}
@media screen and (max-width: 414px) {.container {width: 85%;}form span {font-size: 12px;}input.name {width: 58.5%;padding: 9px 9px 9px 15px;}input.password{width: 58.5%;padding: 9px 9px 9px 15px;}.footer-w3l p {letter-spacing:0;}
}@media screen and (max-width: 384px) {form span {width: 25%;}input.name {width: 57.5%;}input.password{width: 57.5%;}
}@media screen and (max-width: 375px) {h1 {font-size: 27px;}h2 {font-size: 24px;}input.name {width: 57%;}input.password{width: 57%;}form span{padding-left:5px;}}
@media screen and (max-width: 320px) {h1 {font-size: 23px;letter-spacing:1px;}h2 {font-size: 19px;letter-spacing:1px;padding-top:25px;}form {padding: 20px;}form span {font-size: 11px;width:27%;}input.name {padding: 8px 9px 8px 15px;width:55%;}input.password {padding: 8px 9px 8px 15px;width:55%;}.rem-for-agile{font-size:11px;}input[type="submit"] {padding: 9px;font-size: 16px;width: 60%;margin-top:10px;}
}

14、img  ---> background.jpg

15、add.html

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h1>add</h1>
</body>
</html>

16、update.html

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h1>update</h1>
</body>
</html>

17、index.html

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
<head><meta charset="UTF-8"><title>首页</title>
</head>
<body><div><h1>首页</h1><p th:text="${msg}"></p><!--    &lt;!&ndash;用session实现,配合UserRealm中的session实现&ndash;&gt;-->
<!--&lt;!&ndash;    <div th:if="${session.loginUser==null}">&ndash;&gt;-->
<!--&lt;!&ndash;        <a th:href="@{/toLogin}">登录</a>&ndash;&gt;-->
<!--&lt;!&ndash;    </div>&ndash;&gt;--><!--    <div shiro:notAuthenticated>-->
<!--        <a th:href="@{/toLogin}">登录</a>-->
<!--    </div>--><hr><div shiro:hasPermission="user:add"><a th:href="@{/user/add}">add</a></div><div shiro:hasPermission="user:update"><a th:href="@{/user/update}">update</a></div></div>
</body>
</html>

18、login.html(登录页)

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head><title>某某公司后台登录系统</title><link rel="stylesheet" href="/css/style.css"><meta name="viewport" content="width=device-width, initial-scale=1" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="author" content="order by dede58.com"/><meta name="keywords" content="Simple Login Form Widget Responsive, Login Form Web Template, Flat Pricing Tables, Flat Drop-Downs, Sign-Up Web Templates, Flat Web Templates, Login Sign-up Responsive Web Template, Smartphone Compatible Web Template, Free Web Designs for Nokia, Samsung, LG, Sony Ericsson, Motorola Web Design" /><script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); } </script></head><body>
<h1>某某公司后台登录系统</h1>
<div class="container w3"><h2>登录</h2><p th:text="${msg}" style="color: red;"></p><form th:action="@{/login}"><div class="username"><span class="username" style="height:19px">用户:</span><input type="text" name="username" class="name" placeholder="" required><div class="clear"></div></div><div class="password-agileits"><span class="username"style="height:19px">密码:</span><input type="password" name="password" class="password" placeholder="" required><div class="clear"></div></div><div class="rem-for-agile"><input type="checkbox" name="remember" class="remember">记得我<br><a href="#">忘记了密码</a><br></div><div class="login-w3"><input type="submit" class="login" value="Login"></div><div class="clear"></div></form>
</div>
<div class="footer-w3l"><p> 某某公司后台登录系统</p>
</div>
</body>
</html>

19、application.properties(配置)

# 应用名称
spring.application.name=springbootshiro
#指定freemarker的模板路径和模板的后缀
spring.freemarker.template-loader-path=classpath:/webapp/
spring.freemarker.suffix=.ftl
# 指定字符集
spring.freemarker.charset=utf-8
# 指定是否要启用缓存
spring.freemarker.cache=false
#指定是否要暴露请求和会话属性
spring.freemarker.expose-request-attributes=true
spring.freemarker.expose-session-attributes=true
# spring 静态资源扫描路径
spring.resources.static-locations=classpath:static/
server.port=8080
# THYMELEAF (ThymeleafAutoConfiguration)
# 开启模板缓存(默认值: true )
spring.thymeleaf.cache=true
# 检查模板是否存在,然后再呈现
spring.thymeleaf.check-template=true
# 检查模板位置是否正确(默认值 :true )
spring.thymeleaf.check-template-location=true
#Content-Type 的值(默认值: text/html )
spring.thymeleaf.content-type=text/html
# 开启 MVC Thymeleaf 视图解析(默认值: true )
spring.thymeleaf.enabled=true
# 模板编码
spring.thymeleaf.encoding=UTF-8
# 要被排除在解析之外的视图名称列表,⽤逗号分隔
spring.thymeleaf.excluded-view-names=
# 要运⽤于模板之上的模板模式。另⻅ StandardTemplate-ModeHandlers( 默认值: HTML5)
spring.thymeleaf.mode=HTML5
# 在构建 URL 时添加到视图名称前的前缀(默认值: classpath:/templates/ )
spring.thymeleaf.prefix=classpath:/templates/
# 在构建 URL 时添加到视图名称后的后缀(默认值: .html )
spring.thymeleaf.suffix=.html

20、application.yml(配置)

spring:datasource:username: rootpassword: 123456#?serverTimezone=UTC解决时区的报错url: jdbc:mysql://localhost:3306/mybatis_shiro?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8driver-class-name: com.mysql.cj.jdbc.Drivertype: com.alibaba.druid.pool.DruidDataSource#Spring Boot 默认是不注入这些属性值的,需要自己绑定#druid 数据源专有配置initialSize: 5minIdle: 5maxActive: 20maxWait: 60000timeBetweenEvictionRunsMillis: 60000minEvictableIdleTimeMillis: 300000validationQuery: SELECT 1 FROM DUALtestWhileIdle: truetestOnBorrow: falsetestOnReturn: falsepoolPreparedStatements: true#配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入#如果允许时报错  java.lang.ClassNotFoundException: org.apache.log4j.Priority#则导入 log4j 依赖即可,Maven 地址:https://mvnrepository.com/artifact/log4j/log4jfilters: stat,wall,log4jmaxPoolPreparedStatementPerConnectionSize: 20useGlobalDataSourceStat: trueconnectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500mybatis:type-aliases-package: nuc.ss.pojomapper-locations: classpath:mapper/*.xml

效果:

SpringBoot整合Shiro框架相关推荐

  1. 狂神说Java 之SpringBoot整合Shiro框架笔记!

    参考:https://www.bilibili.com/video/BV1NE411i7S8 1,通过·subject获取用户.还有session获取! 2,判断登录用户. 未注册 密码不对 账号被锁 ...

  2. springboot整合shiro和session的详细过程和自定义登录拦截器

    文章目录 1.shiro依赖 2.shiro配置 shiro过滤器配置: 关联自定义的其他管理器 自定义会话工厂: 3.登陆时记录用户信息 4.shiro一些工具类的学习 5.自定义登录拦截器 shi ...

  3. 补习系列(6)- springboot 整合 shiro 一指禅

    欢迎添加华为云小助手微信(微信号:HWCloud002 或 HWCloud003),输入关键字"加群",加入华为云线上技术讨论群:输入关键字"最新活动",获取华 ...

  4. SpringBoot 整合Shiro 一指禅

    目标 了解ApacheShiro是什么,能做什么: 通过QuickStart 代码领会 Shiro的关键概念: 能基于SpringBoot 整合Shiro 实现URL安全访问: 掌握基于注解的方法,以 ...

  5. SpringBoot整合Shiro搭建登录注册认证授权权限项目模板

    主要内容: 1 SpringBoot整合Shiro安全框架; 2 Shiro主要学习内容总结;(执行流程.主要对象接口.注意事项等) 3 Redis实现对权限信息缓存; ! 温馨提示: 想要快速搭Sh ...

  6. SpringBoot整合Shiro学习(上)

    SpringBoot整合Shiro(上) 基于[编程不良人]2020最新版Shiro教程,整合SpringBoot项目实战教程 哔哩哔哩链接:https://www.bilibili.com/vide ...

  7. springboot整合shiro

    springboot整合shiro 导入依赖 <!-- shiro鉴权框架--> <dependency><groupId>org.apache.shiro< ...

  8. 关于SpringBoot整合Shiro并入redis缓存

    关于SpringBoot整合Shiro并入redis缓存 最近做一个小项目加入shiro权限框架, Shiro是Apache下的一个开源项目,提供了认证.授权.加密.会话管理,与spring Secu ...

  9. Springboot整合Shiro前后端分离跨域问题

    Springboot整合Shiro前后端分离跨域问题 前言:SpringBoot整合shiro进行前后端分离开发时(前端是Vue),项目做了跨域配置,但还是前端请求会出现cros err–显示的跨域问 ...

  10. 补习系列-SpringBoot 整合Shiro 一指禅

    目标 了解ApacheShiro是什么,能做什么: 通过QuickStart 代码领会 Shiro的关键概念: 能基于SpringBoot 整合Shiro 实现URL安全访问: 掌握基于注解的方法,以 ...

最新文章

  1. 200多位专家热议“智慧城市” 建议尽快完善标准体系
  2. 在RHEL4上安装subversion1.4.2
  3. 计算机信息通信基础知识,计算机基础-(数据通信基础知识)
  4. 5G 信令流程 — 5GC 的业务请求(Service Request)
  5. docker可以把应用及其相关的_Docker相关命令应用
  6. 安装gcc 4.8.2 for cxx 11
  7. 谋定技术加工领域 中国-巴对话(国际)农民丰收节贸易会
  8. php去掉内部空格_php中去掉头尾空格3种方法
  9. “我想要用我余生,换夜空繁星闪耀”
  10. sublime的使用
  11. MySQL数据库基础(简介、操作规范、基本指令)
  12. Iperf 网络性能测试
  13. EGE基础入门篇(五):换上我的彩色画笔
  14. Keil MDK编译后生产的.axf文件用什么打开?
  15. Nginx与网关的区别
  16. 春节无法回家,为中国残疾人联合会春晚文字直播活动、为全国聋人朋友提供网络软件技术服务...
  17. 单元测试探析:什么是Stubs、Mocks、Spies、Dummies?带你了解4个核心工具
  18. agv系统介绍_智能自动化物流系统AGV基础知识(完整介绍)
  19. 手机UC禁止左右滑动切页
  20. 基于FPGA的密码锁开发——(3)密码设置模块驱动

热门文章

  1. python笔试题目及答案_python笔试题(附带答案)
  2. 牛客网最终python笔试题_牛客笔试题之Python
  3. 34 个免费学习编程的最佳网站
  4. python打开excel执行vba代码_xlwings:操作Excel,通过宏调用Pyhton(VBA调Python)-Go语言中文社区...
  5. windows加linux双系统安装方法
  6. matlab 模式识别(第四版),模式识别与智能计算—MATLAB技术实现(第4版)
  7. 【推荐系统】音乐推荐系统02
  8. ADSL宽带拨号密码恢复
  9. 总结——达内视频项目
  10. 锐起无盘XP安装与配置图文(一)