1,添加依赖
pom.xml中加入
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.1</version>
</dependency>
2,ShiroConfig配置类
@Configuration
public class ShiroConfig {
/**
* 创建ShiroFilterFactoryBean
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean =new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
//设置shiro内置过滤器
/**
* shiro内置过滤器,可以实现权限相关的拦截器
* 常用过滤器
* anon:无需认证(登录)即可访问
* authc:必须认证才能访问
* user:如果使用rememberMe的功能可以直接访问
* perms:该资源必须得到资源权限才可以访问
* role:该资源必须得到角色权限才可以访问
*/
Map<String,String> filterMap=new LinkedHashMap<String,String>();
filterMap.put("/user/add","authc");
filterMap.put("/user/update","perms[user:add]");//授权拦截,拦截之后会调到一个未授权页面
//设置登录页面
shiroFilterFactoryBean.setLoginUrl("toLogin");
//设置未授权页面
shiroFilterFactoryBean.setUnauthorizedUrl("noAuth");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
/**
* 创建DefaultWebSecurityManager
*/
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager defaultWebSecurityManager=new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(userRealm);
return defaultWebSecurityManager;
}
/**
* 创建Realm
* @return
*/
@Bean(name = "userRealm")
public UserRealm getRealm(){
return new UserRealm();
}
}
3,UserRealm类
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
/**
* 执行授权逻辑
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权逻辑");
SimpleAuthorizationInfo info =new SimpleAuthorizationInfo();
info.addStringPermission("user:add");
return info;
}
/**
* 执行认证逻辑
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行认证逻辑");
UsernamePasswordToken token= (UsernamePasswordToken) authenticationToken;
User user=userService.find(token.getUsername());
//1,用户名不存在
if (user==null){
return null;
}
//2,密码错误
String pwd=user.getPwd();
return new SimpleAuthenticationInfo(user,pwd,"");
}
}
3,UserController
@Controller
@RequestMapping("/user")
public class UserController {
@Autowired
UserService userService;
@RequestMapping("/login")
public String login(String username, String pwd, Model model){
//1,获取Subject
Subject subject= SecurityUtils.getSubject();
//2,讲用户数据封装
UsernamePasswordToken token=new UsernamePasswordToken(username,pwd);
//3,执行登录方法
try {
subject.login(token);//调用login时,执行UserRealm认证逻辑
return "index";
}catch (UnknownAccountException e){
//用户名不存在
model.addAttribute("msg","用户名不存在");
return "login";
}catch (IncorrectCredentialsException e){
//密码错误
model.addAttribute("msg","密码错误");
return "/login";
}
}
@RequestMapping("/noAuth")
public String noAuth(){
System.out.println("noAuth");
return "noAuth";
}
/*public static void main(String[] args) {
SpringApplication.run(UserController.class,args);
}*/
}
4,app
@EnableAutoConfiguration//自动配置,相当于写了spring配置文件
@MapperScan(basePackages = "com.dao")//自动扫描mapper包
@ComponentScan(basePackages = {"com.aspect","com.unit","com.shiro","com.service","com.controller","com.exception"})//自动扫描包下注解
@EnableAspectJAutoProxy(proxyTargetClass=true)
public class App {
public static void main(String[] args) {
SpringApplication.run(App.class,args);
}
}
版权声明:本文为qq_38361863原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。