Shiro-demo
2024-04-22 12:39:20
Shiro-demo
1.将环境搭建好
<dependencies><!--lombok--><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><version>1.18.10</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.4.1</version></dependency><!--mysql连接--><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>8.0.28</version></dependency><!--log4j日志--><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.16</version></dependency><dependency><groupId>com.alibaba</groupId><artifactId>druid</artifactId><version>1.2.11</version></dependency><!--mybatis-plus 持久层--><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.0.5</version></dependency><!-- velocity 模板引擎, Mybatis Plus 代码生成器需要 --><dependency><groupId>org.apache.velocity</groupId><artifactId>velocity-engine-core</artifactId><version>2.0</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><!--thymeleaf-spring5模板--><dependency><groupId>org.thymeleaf</groupId><artifactId>thymeleaf-spring5</artifactId></dependency><dependency><groupId>org.thymeleaf.extras</groupId><artifactId>thymeleaf-extras-java8time</artifactId></dependency><!--shiro--><dependency><groupId>com.github.theborakompanioni</groupId><artifactId>thymeleaf-extras-shiro</artifactId><version>2.0.0</version></dependency><!--security--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency></dependencies>2.配置shiroconfig类
package com.leijie.config;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;/*** @auther leijie* @create 2022 - 06 - 25 10:14*/
@Configuration
public class ShiroConfig {@Beanpublic ShiroFilterFactoryBean getFactoryBean(@Qualifier("getWebSecurity") DefaultWebSecurityManager webSecurityManager){ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();//设置安全管理器bean.setSecurityManager(webSecurityManager);//添加Shiro内置过滤器Map<String, String> filterMap=new LinkedHashMap<>();//正常未授权,进入到未授权页面filterMap.put("/user/add","perms[user:add]");filterMap.put("/user/update","perms[user:update]");filterMap.put("/user/*","authc");
// filterMap.put("/user/update","authc");bean.setFilterChainDefinitionMap(filterMap);//设置登录页面bean.setLoginUrl("/tologin");//设置拦截页面bean.setUnauthorizedUrl("/nonauth");return bean;}@Bean(name = "getWebSecurity")public DefaultWebSecurityManager getWebSecurityManager(@Qualifier("getUserRealm") UserRealm userRealm){DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();//关联RealmsecurityManager.setRealm(userRealm);return securityManager;}@Beanpublic UserRealm getUserRealm() {return (new UserRealm());}
}3.配置自定义的UserRealm
package com.leijie.config;import com.leijie.pojo.User;
import com.leijie.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;import java.util.List;/*** @auther leijie* @create 2022 - 06 - 25 10:18*/
public class UserRealm extends AuthorizingRealm {@Autowiredprivate UserService userService;//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("执行了doGetAuthorizationInfo方法");SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// info.addStringPermission("user:add");Subject subject = SecurityUtils.getSubject();User current = (User)subject.getPrincipal();//拿到User对象info.addStringPermission(current.getPerms());return info;}@Override//认证操作protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("执行了doGetAuthenticationInfo方法");UsernamePasswordToken userToken=(UsernamePasswordToken)authenticationToken;//连接真实的数据库List<User> userByName = userService.getUserByName(userToken.getUsername());//密码Shiro框架自动做if(userByName.isEmpty()){return null;}return new SimpleAuthenticationInfo(userByName, userToken.getPassword(),"");}
}4.自定义Controller
package com.leijie.controller;import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;/*** @auther leijie* @create 2022 - 06 - 25 9:48*/
@Controller
//首页
public class MyController {@RequestMapping({"/","/index"})public String toIndex(Model model){model.addAttribute("msg","hello,shiro");return "index";}//add页面@RequestMapping("/user/add")public String add(){return "user/add";}//update页面@RequestMapping("/user/update")public String update(){return "user/update";}//登录界面@RequestMapping("/tologin")public String tologin(){return "user/login";}//对用户进行认证@RequestMapping("/login")public String login(String username,String password,Model model){//获取当前的用户Subject subject = SecurityUtils.getSubject();//获取登录数据的封装UsernamePasswordToken token = new UsernamePasswordToken(username, password);try {subject.login(token); //执行登录的方法,没有异常就说明ok了return "index";} catch (UnknownAccountException e) { //用户名不存在//快捷键 ctrl+Ait+tmodel.addAttribute("msg","用户名不存在");return "user/login";}catch (IncorrectCredentialsException e){ //密码不存在model.addAttribute("msg","密码错误");return "user/login";}}@RequestMapping("/nonauth")@ResponseBodypublic String nonauth(){return "未授权,不可以进行操作";}
}
5.各种html页面
add.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h1>add</h1>
</body>
</html>
update.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h1>update</h1>
</body>
</html>
login.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h1>登录</h1>
<hr>
<!--/*@thymesVar id="msg" type="ch"*/-->
<p th:text="${msg}" style="color: red"></p>
<form th:action="@{/login}"><p>用户名: <input type="text" name="username"></p><p>密码: <input type="text" name="password"></p><p> <input type="submit" ></p>
</form>
</body>
</html>
index.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h1>首页</h1>
<!--/*@thymesVar id="msg" type="ch"*/-->
<p th:text="${msg}"></p>
<a th:href="@{/user/add}">add</a>
<br>
<a th:href="@{/user/update}">update</a>
</body>
</html>
6.mysql配置
spring.profiles.active=dev
# mysql数据库连接
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://192.168.56.10:3306/Shiro?serverTimezone=GMT%2B8
spring.datasource.username=root
spring.datasource.password=root
#mybatis日志
spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
spring.jackson.time-zone=GMT+8#在SpringBoot中整合mapper.xml
#配置mapper xml文件的路径
mybatis-plus.mapper-locations=classpath:com/leijie/mapper/xml/*.xml//目录格式为(...表示一样的目录)
.../userMapper.java
.../xml/userMapper.xml//MyBatis-plus在MyBatis的基础上只做增强
- MyBatis中可以面向接口操作数据,要保证两个一致- mapper接口的全类名和映射文件的命名空间(namespace)保持一致- mapper接口中方法的方法名和映射文件中编写SQL的标签的id属性保持一致Shiro-demo相关推荐
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(二)
2019独角兽企业重金招聘Python工程师标准>>> 一.Shiro配置的简要说明. <!-- 項目自定义的Realm --><bean id="shi ...
- Shiro 教程,Shiro教程0.2 下载,Shiro功能修复与升级说明。
2019独角兽企业重金招聘Python工程师标准>>> Shiro + SSM(框架) + Freemarker(jsp)讲解的权限控制Demo,还不赶快去下载? 原文链接:http ...
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)
2019独角兽企业重金招聘Python工程师标准>>> 一.新建ValidateCode.java验证码工具类 package org.shiro.demo.util;import ...
- 将 Shiro 作为应用的权限基础 三:基于注解实现的授权认证过程
授权即访问控制,它将判断用户在应用程序中对资源是否拥有相应的访问权限. 如,判断一个用户有查看页面的权限,编辑数据的权限,拥有某一按钮的权限等等. 一.用户权限模型 为实现一个较为灵活的用户权限数据模 ...
- SpringBoot 整合 Shiro实践
Shiro相比Springsecurity来说是一个比较轻量级的权限控制框架,项目中可能会用到,今天入门学习一下: 官方架构图: 准备工作 新建一个springboot工程,导入所 需要的依赖 shi ...
- SpringBoot2.x集成Apache Shiro并完成简单的Case开发
SpringBoot集成Apache Shiro环境快速搭建 在上文 Apache Shiro权限框架理论介绍 中,我们介绍了Apache Shiro的基础理论知识.本文我们将在 SpringBoot ...
- [Shiro教程] Shiro 教程基于SSM(SpringMVC + Spring + Mybatis)EHCache版本
一.Shiro简介 Apache Shiro 是 Java 的一个安全框架.我们经常看到它被拿来和 Spring 的 Security 来对比.大部分人认为 Shiro 比 Security ...
- [Shiro教程] Shiro 教程基于SSM(SpringMVC + Spring + Mybatis)
一.Shiro简介 Apache Shiro 是 Java 的一个安全框架.我们经常看到它被拿来和 Spring 的 Security 来对比.大部分人认为 Shiro 比 Security ...
- shiro中基于注解实现的权限认证过程
授权即访问控制,它将判断用户在应用程序中对资源是否拥有相应的访问权限. 如,判断一个用户有查看页面的权限,编辑数据的权限,拥有某一按钮的权限等等. 一.用户权限模型 为实现一个较为灵活的用户权限数据模 ...
- 使用 Smart Security 实现安全控制
2019独角兽企业重金招聘Python工程师标准>>> 很多朋友都问过我同样一个问题:"Smart 目前有身份认证与权限管理等安全控制功能吗?" 当听到这样的问题 ...
最新文章
- CNN模型之SqueezeNet
- (43)内存装载驱动
- 程序员怎么样保证自己的程序没有BUG
- 计算机网络 | 网络层 :IP协议详解
- 每日一笑 | 你知道你爸妈当年是怎么在一起的吗?
- mysql中独立表空间与共享表空间之前如何切换
- Hibernate Search v.4.2.0.CR1 发布
- wcf中如何Host多个WCF服务?
- Java面试题中高级,java简历技术栈怎么写
- 3.5吋树莓派显示屏安装设置
- 简单介绍一下HBase、Cassandra、Voldemort、Redis、VoltDB、MySQL
- termux安装kali
- 便宜质量又好的学生蓝牙耳机有哪些?内行推荐四款便宜好用的蓝牙耳机
- 设计模式第10式:状态模式
- keras Mask Rcnn代码走读(九)-detect方法介绍
- jpg图片转换为eps_如何将JPG图像转换为EPS
- 设计一个Shape及其子类Oval
- 【杭电oj】-1234开门人关门人(快排,结构体)
- 开源多波束前视声呐目标识别数据集
- 5G/NR 学习笔记: 基本问答 RACH PRACH