shiro小笔记
新建两个配置类
package com.mybatisplus.demo.config;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.mybatisplus.demo.employee.entity.Employee;
import com.mybatisplus.demo.employee.mapper.UserMapper;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import javax.annotation.Resource;
import java.util.Map;
/**
* @author cai
* @version 1.0
* @date 2020/8/3 7:52
*/
public class UserRealm extends AuthorizingRealm {
@Resource
UserMapper userMapper;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行授权");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// info.addStringPermission("user:add");
Subject subject = SecurityUtils.getSubject();//这边获取的是下面方法返回的对象
Employee principal = (Employee) subject.getPrincipal();
info.addStringPermission(principal.getAuth());//添加数据库内的权限字段判断权限是否符合
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("执行认证");
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
QueryWrapper<Employee> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("name",userToken.getUsername());
Employee employee = userMapper.selectOne(queryWrapper);
if (employee==null){
return null;//抛出异常
}
return new SimpleAuthenticationInfo(employee,employee.getPassword(),"");
}
}
package com.mybatisplus.demo.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @author cai
* @version 1.0
* @date 2020/8/3 7:51
*/
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//设置安全管理器
bean.setSecurityManager(defaultWebSecurityManager);
//设置拦截器 内置过滤器
Map<String, String> fileterMap = new LinkedHashMap<>();
/*rest:例子/admins/user*//**=rest[user],根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等。
port:例子/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString
是你访问的url里的?后面的参数。
perms:例子/admins/user/**=perms[user:add:*],perms参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,例如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于
isPermitedAll()方法。
roles:例子/admins/user/**=roles[admin],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,例如/admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。
anon:例子/admins/**=anon 没有参数,表示可以匿名使用。
authc:例如/admins/user/**=authc表示需要认证才能使用,没有参数
authcBasic:例如/admins/user/**=authcBasic没有参数表示httpBasic认证
ssl:例子/admins/user/**=ssl没有参数,表示安全的url请求,协议为https
user:例如/admins/user/**=user没有参数表示必须存在用户,当登入操作时不做检查
这些过滤器分为两组,一组是认证过滤器,一组是授权过滤器。其中anon,authcBasic,auchc,user是第一组,
perms,roles,ssl,rest,port是第二组*/
fileterMap.put("/user/add","perms[add]");
fileterMap.put("/user/update","perms[update]");
// fileterMap.put("/user/add","perms[update]");
//fileterMap.put("/user/*","authc");
bean.setFilterChainDefinitionMap(fileterMap);
bean.setLoginUrl("/tologin");//设置登陆的请求
bean.setUnauthorizedUrl("/tologin");//未授权页面
return bean;
}
//DefaultWebSecurityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联UserRealm
securityManager.setRealm(userRealm);
return securityManager;
}
//创建realm对象,自定义的
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
登陆controller
package com.mybatisplus.demo.login.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import java.net.UnknownHostException;
/**
* @author cai
* @version 1.0
* @date 2020/8/3 8:09
*/
@Controller
public class LoginController {
//首页
@RequestMapping({"/","index"})
public String toindex(Model model){
model.addAttribute("msg","hekko");
return "index";
}
//进入登陆页
@RequestMapping({"/tologin"})
public String login(){
return "login";
}
//登陆功能验证
@RequestMapping("/login")
public String tologin(String username,String password,Model model){
//获取当前用户
Subject subject = SecurityUtils.getSubject();
//封装用户的登陆数据
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
try{
subject.login(token);
return "index";
}catch (UnknownAccountException e){//用户名不存在
model.addAttribute("msg","用户名错误");
return "login";
}catch (IncorrectCredentialsException e)//密码错误
{
model.addAttribute("msg","密码错误");
return "login";
}
}
}
实体类
package com.mybatisplus.demo.employee.entity;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
* @author cai
* @version 1.0
* @date 2020/8/1 11:28
*/
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class Employee {
private String userid;
private String password;
private String name;
private String auth;//权限
}
//登出
@RequestMapping("/logout")
public void logout(HttpServletResponse response) {
Subject lvSubject=SecurityUtils.getSubject();
lvSubject.logout();
response.setStatus(302);
//response.setStatusCode(HttpStatus.FOUND);
response.setHeader("location", Util.fillNullStr(mContextPath)+ mLoginPage);