Shiro
原生整合Shiro
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
自定义核心组件Realm
@H_502_15@import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; public class MyRealm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal(); if (!username.equals("zpf")) { throw new UnkNownAccountException("账户不存在!"); } return new SimpleAuthenticationInfo(username, "123", getName()); } }
在Realm中实现简单的认证操作,用户名是zpf,密码是123,满足条件就登陆成功。
配置Shiro
@H_502_15@package com.example.demo.config; import com.example.demo.MyRealm; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.spring.web.ShiroFilterfactorybean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig { // 提供一个 Realm 的实例 @Bean MyRealm myRealm(){ return new MyRealm(); } // 在 SecurityManager 中配置 Realm @Bean SecurityManager securityManager(){ DefaultWebSecurityManager manager = new DefaultWebSecurityManager(); manager.setRealm(myRealm()); return manager; } // 在 ShiroFilterfactorybean 中指定路径拦截规则等,配置登录和测试接口 @Bean ShiroFilterfactorybean shiroFilterfactorybean(){ ShiroFilterfactorybean bean = new ShiroFilterfactorybean(); bean.setSecurityManager(securityManager()); bean.setLoginUrl("/login"); //指定登录页面 bean.setSuccessUrl("/index");//指定登录成功页面 bean.setUnauthorizedUrl("/unauthorizedurl"); Map<String , String> map = new LinkedHashMap<>(); map.put("/doLogin","anon");//配置路径拦截规则 map.put("/**","authc"); bean.setFilterChainDeFinitionMap(map); return bean; } }
controller层
@H_502_15@package com.example.demo.controller; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RestController; @RestController public class LoginController { @PostMapping("/doLogin") public void doLogin(String username,String password){ Subject subject = SecurityUtils.getSubject(); try { subject.login(new UsernamePasswordToken(username,password)); System.out.println("成功"); }catch (AuthenticationException e){ e.printstacktrace(); System.out.println("失败"); } } @GetMapping("/hello") public String hello(){ return "hello"; } @GetMapping("/login") public String login(){ return "please login!"; } }
这个时候启动项目,我们如果直接访问/hello,因为没登陆的原因,会自动跳转到login接口提示登陆,现在调用doLogin传入username和password完成登陆,这时候再访问/hello就可以显示hello,成功访问到了。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
