这篇文章主要介绍了Springboot整合Shiro的代码实例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
1、导入依赖
org.apache.shiro shiro-spring1.4.0
2、创建ShiroRealm.java文件
(这里按照需求,只做登录认证这块)
package com.hyqfx.manager.shiro;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.hyqfx.manager.entity.po.SystemAdmin;
import com.hyqfx.manager.service.ISystemAdminService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
public class ShiroRealm extends AuthorizingRealm {
@Autowired
private ISystemAdminService adminService;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//加这一步的目的是在Post请求的时候会先进认证,然后在到请求
if (authenticationToken.getPrincipal() == null) {
return null;
}
//获取用户信息
String name = authenticationToken.getPrincipal().toString();
SystemAdmin admin = adminService.selectOne(new EntityWrapper().eq("username",name));
if (admin == null) {
return null;
} else {
//这里验证authenticationToken和simpleAuthenticationInfo的信息
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(name, admin.getPassword().toString(), getName());
return simpleAuthenticationInfo;
}
}
}
3、创建ShiroConfiguration.java文件
package com.becl.config;
import com.becl.shiro.PasswordMatcher;
import com.becl.shiro.ShiroRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfiguration {
//将自己的验证方式加入容器
@Bean
public ShiroRealm myShiroRealm() {
ShiroRealm myShiroRealm = new ShiroRealm();
myShiroRealm.setCredentialsMatcher(passwordMatcher());//装配自定义的密码验证方式
return myShiroRealm;
}
// 配置加密方式
// 配置了一下,这货就是验证不过,,改成手动验证算了,以后换加密方式也方便
@Bean
public PasswordMatcher passwordMatcher() {
return new PasswordMatcher();
}
//权限管理,配置主要是Realm的管理认证
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
return securityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Map map = new HashMap();
//登出
map.put("/logout","logout");
//不需要认证
map.put("/logout","anon");
map.put("/login*","anon");
map.put("/shiroError","anon");
//对所有用户认证
map.put("
public class PasswordMatcher extends SimpleCredentialsMatcher {
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
UsernamePasswordToken utoken=(UsernamePasswordToken) token;
//获得用户输入的密码:(可以采用加盐(salt)的方式去检验)
String inPassword = new String(utoken.getPassword());
String username = utoken.getUsername();
//获得数据库中的密码
String dbPassword = (String) info.getCredentials();
//进行密码的比对
boolean flag = BCrypt.checkpw(inPassword,dbPassword);
return flag;
}
}
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持考高分网。
