简单使用Shiro登录验证

• Apache Shiro是一个Java安全权限框架
• Shiro不仅可以用在JavaSE环境，也可以用在JavaEE环境
• Shiro可以完成，认证，授权，加密，会话管理，Web集成，缓存等。

实现登录拦截

1、导入依赖

    org.springframework.boot
    spring-boot-starter-web



    org.springframework.boot
    spring-boot-starter



    org.projectlombok
    lombok
    true



    org.springframework.boot
    spring-boot-starter-test
    test



    mysql
    mysql-connector-java



    log4j
    log4j
    1.2.17



    com.alibaba
    druid
    1.1.12


    com.baomidou
    mybatis-plus-boot-starter
    3.4.2


    com.baomidou
    mybatis-plus-core
    3.4.2
    compile



    org.apache.shiro
    shiro-spring
    1.4.2


    org.mybatis
    mybatis-spring
    2.0.6
    compile




    org.thymeleaf
    thymeleaf-spring5


    org.thymeleaf.extras
    thymeleaf-extras-java8time

2、编写Shiro配置文件：ShiroConfig

@Configuration
public class ShiroConfig {

//ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean factoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
    ShiroFilterFactoryBean factoryBean=new ShiroFilterFactoryBean();
    //将security放入bean中
    factoryBean.setSecurityManager(securityManager);
    
    //拦截页面
    Map filterMap=new linkedHashMap();
    filterMap.put("/user/login","anon");
    filterMap.put("/user/add","authc");
    filterMap.put("/user/update","authc");
    //使用通用符
//        filterMap.put("/user
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    return null;
}


@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

    //获取当前用户名/账号
    UsernamePasswordToken token=(UsernamePasswordToken)authenticationToken;
    String username = token.getUsername();
    //连接数据库，通过用户名得到密码
    Map map=new HashMap<>();
    map.put("username",username);
    List users = userMapper.selectByMap(map);
    UserShiro userShiro=null;
    for (UserShiro user : users) {
        userShiro=user;
    }
    //得到密码
    String password=userShiro.getPassword();
    //密码认证，shiro做
    return new SimpleAuthenticationInfo("",password,"");
}
}

4、登录时需要将账号密码放入token中

@RequestMapping("/user/login")
public String login(String username,String password,Model model){
    //获取当前对象
    Subject subject= SecurityUtils.getSubject();
    //封装用户登陆数据
    UsernamePasswordToken token = new UsernamePasswordToken(username,password);
    try{
        subject.login(token);
        return "user/login";
    }catch (UnknownAccountException e){
        //用户名不存在
        model.addAttribute("msg","用户名不存在");
        return "user/login";
    }catch (IncorrectCredentialsException e){
        //密码错误
        model.addAttribute("msg","密码错误");
        return "index";
    }
}