1.1、创建一个springboot-shrio，并在pom.xml导入如下依赖。

    
        org.springframework.boot
        spring-boot-starter-web
    

    
        org.projectlombok
        lombok
        true
    
    
        org.springframework.boot
        spring-boot-starter-test
        test
    

        
        
            org.mybatis.spring.boot
            mybatis-spring-boot-starter
            2.2.0
        

        
        
        
            com.alibaba
            druid
            1.2.6
        

        
        
            mysql
            mysql-connector-java
            5.1.47
        

        
        
        
            log4j
            log4j
            1.2.17
        

        
        
            org.apache.shiro
            shiro-spring
            1.5.3
        

        
        
            com.github.theborakompanioni
            thymeleaf-extras-shiro
            2.0.0
        
        
            org.springframework.boot
            spring-boot-starter-thymeleaf
        

    

    
        
            
                org.springframework.boot
                spring-boot-maven-plugin
                
                    
                        
                            org.projectlombok
                            lombok
                        
                    
                
            
        
    

spring:
  datasource:
    username: root
    password: 123456
    #?serverTimezone=UTC解决时区的报错
    url: jdbc:mysql://localhost:3306/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource

    #Spring Boot 默认是不注入这些属性值的，需要自己绑定
    #druid 数据源专有配置
    initialSize: 5
    minIdle: 5
    maxActive: 20
    maxWait: 60000
    timeBetweenEvictionRunsMillis: 60000
    minEvictableIdleTimeMillis: 300000
    validationQuery: SELECt 1 FROM DUAL
    testWhileIdle: true
    testOnBorrow: false
    testOnReturn: false
    poolPreparedStatements: true

    #配置监控统计拦截的filters，stat:监控统计、log4j：日志记录、wall：防御sql注入
    #如果允许时报错  java.lang.ClassNotFoundException: org.apache.log4j.Priority
    #则导入 log4j 依赖即可，Maven 地址：https://mvnrepository.com/artifact/log4j/log4j
    filters: stat,wall,log4j
    maxPoolPreparedStatementPerConnectionSize: 20
    useGlobalDataSourceStat: true
    connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500

2.2创建需要的包，如以下结构

2.3在pojo包下创建User实体类，并添加以下全局变量。

@Data
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class User {
    private Integer id;
    private String username;
    private String password;
    private String perms;
}

2.4在dao包下创建一个UserMapper接口，并添加以下抽象方法。

@Mapper
@Repository
public interface UserMapper {
    //登录，根据用户名查询用户信息
    public User queryUserByName(String name);
    //注册
    public User insertUserName(User user);
}

2.5在resources资源目录下创建mapper文件，然后在mapper包下创建UserMapper.xml配置文件，并在其中添加sql。

    
    
        
        
        
        
    
    
    
        select * from r_user where username = #{username};
  	

    
    
        insert into r_user(id,username,password,perms)values (#{id},#{username},#{password},#{perms});
    

2.5在application.properties配置文件中，添加夹如下配置。

#配置端口
server.port=8081

#添加application-db.yml
spring.profiles.active=db

#为实体类设置别名
mybatis.type-aliases-package=com.itlhc.pojo

#绑定mapper.xml
mybatis.mapper-locations=classpath:mapper

        Map filterMap = new linkedHashMap<>();

        //用户授权,正常情况下没有授权会跳转到授权页面
        filterMap.put("/admin/创建 realm 对象, 需要自定义类：Step1
    @Bean
    public UserRealm userRealm(){
        return new UserRealm();
    }*/

    //整合 ShiroDialect:用来整合shiro thymeleaf
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }

    //自定义密码认证
    @Bean
    public MyCredentialsMatcher myCredentialsMatcher(){
        return new MyCredentialsMatcher();
    }

}

3.2在config包下创建UserRealm用户授权认证类，并添加相关代码。

//自定义的 UserRealm
public class UserRealm extends AuthorizingRealm {

    @Autowired
    UserServiceImpl userService;

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了 => doGetAuthorizationInfo");

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 拿到当前登录的这个对象
        Subject subject = SecurityUtils.getSubject();
        // 拿到User对象
        User currentUser = (User) subject.getPrincipal();
        // 设置当前用户的权限
        System.out.println(currentUser.getUsername() + "的权限为 " + currentUser.getPerms());
        info.addStringPermission(currentUser.getPerms());
        //设置用户角色
        info.addRole(currentUser.getUsername());

        return info;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行了 => 认证AuthenticationToken");

        UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;
        //连接真实的数据库
        User user = userService.queryUserByName(userToken.getUsername());
        if(user == null){
            //没有这个人
            return null; //抛出异常 UnknownAccountException
        }

        // 登录成功 将用户信息存入session
        Subject currentSubject = SecurityUtils.getSubject();
        Session session = currentSubject.getSession();
        session.setAttribute("loginUser",user.getUsername());

        // 密码认证，shiro做，可以自己定义密码比对类完成密码认证
        return new SimpleAuthenticationInfo(user,user.getPassword(),"");
    }


}

3.3在config包下创建MyCredetialsMatcher自定义密码校验类，并添加如下校验规则代码，我这里用MD5密码校验方式。

//自定义密码比对类
public class MyCredentialsMatcher extends SimpleCredentialsMatcher {
    @Autowired
    UserServiceImpl userService;

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        UsernamePasswordToken uToken = (UsernamePasswordToken)token;
        //这个密码是客户提交的密码，即下面main函数中用new UsernamePasswordToken("javass","bb")提交的“bb”
        String inPassword = new String(uToken.getPassword());
        //这个密码是上面realm中给出的数据库密码，也就是正确的密码：String passWord = "428729c9b80aa3198300caabb24f8a88"
        //连接真实的数据库
        User user = userService.queryUserByName(uToken.getUsername());

        String encryptInPassword = MD5Util.pwdMd5(inPassword);
        return encryptInPassword.equals(user.getPassword());
    }

}

3.4在uitls包下创建MD5Util密码加密解密工具类，并添加如下加密代码。

//MD5加密解密工具类
public class MD5Util {
    private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
            "8", "9", "a", "b", "c", "d", "e", "f"};

    
    public static String byteArrayToHexString(byte[] b) {
        StringBuilder resultSb = new StringBuilder();
        for (byte aB : b) {
            resultSb.append(byteToHexString(aB));
        }
        return resultSb.toString();
    }

    
    private static String byteToHexString(byte b) {
        int n = b;
        if (n < 0) {
            n = 256 + n;
        }
        int d1 = n / 16;
        int d2 = n % 16;
        return hexDigits[d1] + hexDigits[d2];
    }


    
    public static String pwdMd5(String password) {
        String pwdMd5 = null;
        try {
            MessageDigest md = MessageDigest.getInstance("MD5");
            byte[] array = md.digest(password.getBytes("UTF-8"));
            StringBuilder sb = new StringBuilder();
            for (byte item : array) {
                sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));
            }
            pwdMd5 = sb.toString().toLowerCase();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return pwdMd5;
    }
}

3.5在controller包下创建MyController控制类，并添加如下控制代码。

@Controller
public class MyController {

    @Autowired
    private UserService service;

    @RequestMapping({"/","/index"})
    public String toIndex(Model model){
        model.addAttribute("msg","hello,Shrio");
        return "index";
    }

    @RequestMapping("/user/add")
    public String add(){
        return "user/add";
    }

    @RequestMapping("/user/update")
    public String update(){
        return "user/update";
    }

    @RequestMapping("/toLogin")
    public String toLogin(){
        return "login";
    }

    @RequestMapping("/login")
    public String login(@RequestParam("username") String name, @RequestParam("password") String password, Model model){
        //获取当前的用户
        Subject subject = SecurityUtils.getSubject();
        //封装用户的登录数据
        UsernamePasswordToken token = new UsernamePasswordToken(name, password);
        try {
            subject.login(token); // 执行登录方法，如果没有异常就说明OK了
            return "index";
        }catch (UnknownAccountException accountException){
            // 用户名不存在
            model.addAttribute("msg","用户名错误");
            return "login";
        }catch (IncorrectCredentialsException e){
            // 密码错误
            model.addAttribute("msg","密码错误");
            return "login";
        }
    }

    @RequestMapping("/noauth")
    @ResponseBody
    public String unauthorized(){
        return "未经授权无法访问此页面！";
    }

    @RequestMapping("/ZRegister")
    public String ZRegister(){
        return "register";
    }

    @RequestMapping("/register")
    public String register(User user){
        service.insertUserName(user);
        return "index";
    }
    @RequestMapping("logout")
    public String logout(){
        // 拿到当前登录的这个对象
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "index";
    }

    @RequestMapping("/adminUser")
    public String adminUser(){
        return "admin/adminUser";
    }
}

    
    


首页




    登录


    注销
    注册


    add


    update


    admin

4.2login.html

    
    





    
 用户名： 
    
 密码： 
    
  

4.3register.html

    
    



    
 用户名： 
    
 密码： 
    
 权限： 
    
  

4.4user文件中的add.html

    
    


add

4.5user文件中的update.html

    
    


update

4.6admin文件下的adminUser.html

    
    


hello,admin