shiro
Subject currentUser = SecurityUtils.getSubject();Session session = currentUser.getSession();currentUser.isAuthenticated()currentUser.getPrincipal()currentUser.hasRole("schwartz")currentUser.isPermitted("lightsaber:wield")currentUser.isPermitted("winnebago:drive:eagle5")currentUser.logout();
shiro整合springboot
1)导入依赖
<!--Subjectsshiro securityManagerRealm--><!--shiro整合spring的包--><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.8.0</version></dependency>
2)自定义Realm
//自定义realmpublic class UserRealm extends AuthorizingRealm{//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("执行了=>>授权doGetAuthorizationInfo");return null;}//认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("执行了=>>认证doGetAuthenticationInfo");return null;}}
3)配置类
@Configurationpublic class MyConfig {//ShiroFilterFactoryBean:第三步@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();//设置安全管理器bean.setSecurityManager(defaultWebSecurityManager);return bean;}//defaultWebSecurityBean:第二步@Bean(name = "securityManager")public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();//关联UserRealmsecurityManager.setRealm(userRealm);return securityManager;}//创建 realm对象,需要自定义:第一步@Beanpublic UserRealm userRealm(){return new UserRealm();}}
登录拦截
1)配置过滤器
@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();//设置安全管理器bean.setSecurityManager(defaultWebSecurityManager);//添加shiro的内置过滤器/*anno:无需认证就可访问authc:必须认证了才能访问user:必须拥有记住我功能才能用perms:拥有对某个资源的权限才能访问role:拥有某个角色权限才能访问*/Map<String, String> filterMap = new LinkedHashMap<>();filterMap.put("/user/add","authc");filterMap.put("/user/update","authc");bean.setFilterChainDefinitionMap(filterMap);bean.setLoginUrl("/toLogin");return bean;}
2)login.html及controller略
shiro整合mybatis
1)导入mybatis,mysql,lombok,log4j依赖
2)进行配置
3)mapper层,service层,controller层
4)认证
@AutowiredUserService userService;//认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("执行了=>>认证doGetAuthenticationInfo");UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;User user = userService.queryUserByName(userToken.getUsername());if(user == null){return null;}//可以加密:MD5盐值加密//密码认证 shiro做return new SimpleAuthenticationInfo("",user.getPassword(),"");}
5)授权
未授权页面
shiroConfig中设置页面的权限
自定义Realm中设置用户权限
shiro整合thymeleaf
1)导包
<dependency><groupId>com.github.theborakompanioni</groupId><artifactId>thymeleaf-extras-shiro</artifactId><version>2.1.0</version></dependency>
2)首页中使用thymeleaf与shiro的整合
命名空间(很重要)
<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro">
<!DOCTYPE html><html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:shiro="http://www.thymeleaf.org/thymeleaf-extras-shiro"><head><meta charset="UTF-8"><title>Title</title></head><body><h1>首页</h1><!--如果没认证,就显示登录按钮--><div shiro:notAuthenticated=""><a th:href="@{/toLogin}">登录</a></div><p th:text="${msg}"></p><!--如果有add页面权限,就显示add页面的按钮--><div shiro:hasPermission="user:add"><a th:href="@{/user/add}">add</a></div><!--如果有update页面权限,就显示update页面的按钮--><div shiro:hasPermission="user:update"><a th:href="@{/user/update}">update</a></div></body></html>
若有收获,就点个赞吧
0 人点赞
