导入依赖(pom.
<!--整合Shiro安全框架--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <!--集成jwt实现token认证--> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.2.0</version> </dependency>
创建 ShiroConfig 配置类
@Configurationpublic class ShiroConfig { /** * ShiroFilterFactoryBean */ @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) { ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean(); //设置安全管理器 factoryBean.setSecurityManager(defaultWebSecurityManager); // 添加shiro的内置过滤器 /* * anon:无需认证就可以访问 * authc:必须认证才能访问 * user:必须拥有 记住我 功能才能用 * perms:拥有对某个资源的权限能访问 * role:拥有某个角色权限能访问 */ Map<String, String> filterMap = new LinkedHashMap<>(); // 放行不需要权限认证的接口 //放行登录接口 filterMap.put("/login/**", "anon"); //放行用户接口 filterMap.put("/", "anon"); // 网站首页 //认证管理员接口 filterMap.put("/administrators/**", "authc"); factoryBean.setFilterChainDefinitionMap(filterMap); // 设置无权限时跳转的 url // 设置登录的请求 factoryBean.setLoginUrl("/login/toLogin"); return factoryBean; } /** * 注入 DefaultWebSecurityManager */ @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("customRealm") CustomRealm customRealm) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //关联CustomRealm securityManager.setRealm(customRealm); return securityManager; } /** * 注入 securityManager */ @Bean public CustomRealm customRealm() { return new CustomRealm(); }}创建密码登录时验证授权 CustomRealm 类
@Componentpublic class CustomRealm extends AuthorizingRealm { @Autowired AdministratorsService administratorsService; /* * 设置加密方式 */ { HashedCredentialsMatcher mather = new HashedCredentialsMatcher(); // 加密方式 mather.setHashAlgorithmName("md5"); // 密码进行一次运算 mather.setHashIterations(512); this.setCredentialsMatcher(mather); } /** * 授权 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("————授权————doGetAuthorizationInfo————"); return null; } /** * 认证 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("————认证————doGetAuthenticationInfo————"); UsernamePasswordToken userToken = (UsernamePasswordToken) token; // 连接数据库 查询用户数据 QueryWrapper<Administrators> wrapper = new QueryWrapper<>(); wrapper.eq("username", userToken.getUsername()); Administrators administrators = administratorsService.getOne(wrapper); if (administrators == null) { return null; // 抛出异常 UnknownAccountException } // 密码认证,shiro做 return new SimpleAuthenticationInfo("", administrators.getPassword(), ""); }}控制层用户密码登录
//用户名登录 @ApiOperation(value = "管理员登录", notes = "用户名登录--不进行拦截") @PostMapping("/doLogin") public String doLogin(@RequestParam("username") String username, @RequestParam("password") String password, HttpSession session,Model model) { // 获取当前的用户 Subject subject = SecurityUtils.getSubject(); // 封装用户的登录数据 UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { subject.login(token); //保存session会话 管理员名字 session.setAttribute("adname", username); return "admin"; } catch (UnknownAccountException e) { model.addAttribute("usererror", "用户名错误!请重新输入。"); return "login"; } catch (IncorrectCredentialsException ice) { model.addAttribute("pwerror", "密码错误!请重新输入。"); return "login"; } }SpringBoot 整合 Shiro 密码登录
原文转载:http://www.shaoqun.com/a/588591.html
瀚霖:https://www.ikjzd.com/w/2345
shirley:https://www.ikjzd.com/w/1684
导入依赖(pom.<!--整合Shiro安全框架--><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.4.0</version></dependency&g
net a porter:https://www.ikjzd.com/w/2132
gtc:https://www.ikjzd.com/w/974
55海淘:https://www.ikjzd.com/w/1723
中国跨境电商高峰论坛暨鼎堃跨境电商俱乐部年会:https://www.kjyunke.com/courses/27
姐夫呼吁竞争对手匹配亚马逊的薪酬和福利,沃尔玛喊话:你啥时候把税交了?:https://www.ikjzd.com/home/21963
解密!古怪狂人贝佐斯是如何成就亚马逊电商巨头的?:https://www.ikjzd.com/home/112921
没有评论:
发表评论
注意:只有此博客的成员才能发布评论。