一、环境搭建
1.1、沿用上一篇博客项目
1.2、新建maven模块springboot-shiro
1.3、导入相关依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.1.RELEASE</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>springboot-shiro</artifactId>
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.9.0</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.47</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.24</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
</project>
1.4、在resource目录下编写application.yml配置文件
mybatis-plus:
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
mapper-locations: classpath:mapper/*.xml
spring:
datasource:
type: com.zaxxer.hikari.HikariDataSource
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/shirodb?characterEncoding=utf-8&useSSl=false
username: root
password: 123456
jackson:
date-format: yyyy-MM-dd HH:mm:ss
time-zone: GMT+8
shiro:
loginUrl: /myController/login
1.5、编写ShiroApplication
package com.massimo.shiro;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
@MapperScan("com.massimo.shiro.mapper")
public class ShiroApplication {
public static void main(String[] args) {
SpringApplication.run(ShiroApplication.class,args);
}
}
二、登录认证实现
2.1、准备相应的数据库和表
CREATE DATABASE shirodb
USE shirodb
CREATE TABLE `user`(
id BIGINT(20) NOT NULL AUTO_INCREMENT,
`name` VARCHAR(30) DEFAULT NULL,
pwd VARCHAR(50) DEFAULT NULL,
rid BIGINT(20) DEFAULT NULL,
PRIMARY KEY(id)
)ENGINE=INNODB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- 这里插入的密文,是前面示例中由明文z3通过‘加盐’massimo以及三次加密而来
INSERT INTO `user`(id,`name`,pwd) VALUES(1,'张三','aaab486420ca70b94353b2fda6cdb4af');
INSERT INTO `user`(id,`name`,pwd) VALUES(2,'李四','aaab486420ca70b94353b2fda6cdb4af');
2.2、编写对应的实体类User
package com.massimo.shiro.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
public class User {
private Integer id;
private String name;
private String pwd;
private Integer rid;
}
2.3、编写UserMapper
package com.massimo.shiro.mapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.massimo.shiro.entity.User;
import org.springframework.stereotype.Repository;
@Repository
public interface UserMapper extends BaseMapper<User> {
}
2.4、编写业务UserService
package com.massimo.shiro.service;
import com.massimo.shiro.entity.User;
public interface UserService {
//用户登录
User getUserInfoByName(String name);
}
2.5、编写Shiro配置类
package com.massimo.shiro.config;
import com.massimo.shiro.realm.MyRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
@Autowired
private MyRealm myRealm;
//配置SecurityManager
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager(){
//1.创建defaultWebSecurityManager对象
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//2.创建加密对象,设置相关属性
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
//2.1.采用md5加密
matcher.setHashAlgorithmName("md5");
//2.2.迭代加密的次数
matcher.setHashIterations(3);
//3.将加密对象存储到myRealm中
myRealm.setCredentialsMatcher(matcher);
//4.将myRealm存入defaultWebSecurityManager对象
defaultWebSecurityManager.setRealm(myRealm);
//5.返回
return defaultWebSecurityManager;
}
//配置Shiro内置过滤拦截范围
@Bean
public DefaultShiroFilterChainDefinition shiroFilterChainDefinition(){
DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition();
//设置不认证可以访问的资源
definition.addPathDefinition("/myController/userLogin","anon");
definition.addPathDefinition("/login","anon");
//设置需要进行登录认证的拦截范围
definition.addPathDefinition("/**","authc");
return definition;
}
}
2.6、编写自定义Realm
package com.massimo.shiro.realm;
import com.massimo.shiro.entity.User;
import com.massimo.shiro.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class MyRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
//自定义授权方法
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//自定义登录认证方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//1.获取用户身份信息
String name = authenticationToken.getPrincipal().toString();
//2.调用业务层获取用户信息(数据库)
User user = userService.getUserInfoByName(name);
//3.非空判断,将数据封装返回
if (user != null){
AuthenticationInfo info = new SimpleAuthenticationInfo(
authenticationToken.getPrincipal(),
user.getPwd(),
ByteSource.Util.bytes("massimo"),
authenticationToken.getPrincipal().toString()
);
return info;
}
return null;
}
}
2.7、编写Controller层
package com.massimo.shiro.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("myController")
public class MyController {
@GetMapping("userLogin")
@ResponseBody
public String userLogin(String name,String pwd){
//1.获取subject对象
Subject subject = SecurityUtils.getSubject();
//2.封装请求数据到token
AuthenticationToken token = new UsernamePasswordToken(name,pwd);
//3.调用login方法进行登录验证
try {
subject.login(token);
return "登录成功";
} catch (AuthenticationException e) {
e.printStackTrace();
System.out.println("登陆失败");
return "登录失败";
}
}
}
2.8、测试
登录成功测试:
登陆失败测试:
三、项目结构
