springboot整合Shiro的步驟
阿新 • • 發佈:2021-01-14
1.建立一個springboot專案
選中web和thymeleaf
1.1新建index.html
<!DOCTYPEhtml> <htmllang="en"xmlns:th="http://www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>首頁</h1> <pth:text="${msg}"></p> </body> </html>
1.2建立一個controller
packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/","/index"}) publicStringtoIndex(Modelmodel){ model.addAttribute("msg","hello,Shiro"); return"index"; } }
一定要記住shiro的三大物件
1.subject:使用者
2.SecurityManager:管理所有使用者
3.Realm:連線資料
1.3匯入整合用的依賴包
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.1</version> </dependency>
1.4建立一個config(ShiroConfig),並編寫他
packagecom.yao.config; importorg.springframework.context.annotation.Configuration; @Configuration publicclassShiroConfig{ //ShiroFilterFactoryBean //DefaultWebSecurityManager //建立realm物件,這個realm物件需要自定義 }
1.5建立自己的一個realmconfig,也就是在config中建立另外一個配置類UserRealm
packagecom.yao.config; importorg.apache.shiro.authc.AuthenticationException; importorg.apache.shiro.authc.AuthenticationInfo; importorg.apache.shiro.authc.AuthenticationToken; importorg.apache.shiro.authz.AuthorizationInfo; importorg.apache.shiro.realm.AuthorizingRealm; importorg.apache.shiro.subject.PrincipalCollection; //自定義的UserRealm publicclassUserRealmextendsAuthorizingRealm{ //授權 @Override protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){ System.out.println("授權。。。"); returnnull; } //認證 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokenauthenticationToken)throwsAuthenticationException{ System.out.println("認證。。。"); returnnull; } }
1.6將UserRealm註冊到ShiroConfig裡面去,是我們自己寫的這個類被spring託管
1.7新建兩個測試頁面並重新寫一下index頁面
add.html
<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>add</h1> </body> </html>
update.html
<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>update</h1> </body> </html>
index.html
<!DOCTYPEhtml> <htmllang="en"xmlns:th="http://www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>首頁</h1> <pth:text="${msg}"></p> <hr> <ath:href="@{/user/add}" rel="external nofollow" >add</a>|<ath:href="@{/user/update}" rel="external nofollow" >update</a> </body> </html>
1.8編寫controller層
packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/",Shiro"); return"index"; } @RequestMapping("/user/add") publicStringadd(){ return"user/add"; } @RequestMapping("/user/update") publicStringupdate(){ return"user/update"; } }
1.9新增過濾器
還是在shiroconfig中加入:
//新增Shiro的內建過濾器 /* anon:無需認證就可以訪問 authc:必須認證了才能通過 user:必須擁有記住我功能才能用 perms:擁有對某個資源的許可權才可以訪問 role:擁有某個角色許可權才能訪問 */ Map<String,String>filterMap=newLinkedHashMap<>(); //filterMap.put("/user/add","authc"); //filterMap.put("/user/update","authc"); filterMap.put("/user/*","authc"); bean.setFilterChainDefinitionMap(filterMap); //設定登入的請求 bean.setLoginUrl("/toLogin"); returnbean;
這裡希望沒有認證就從add和update跳到login頁面因此還要寫一個login頁面和改寫controller
controller層:
@RequestMapping("/toLogin") publicStringtoLogin(){ return"login"; }
login頁面:
<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>登入</title> </head> <body> <form> <p>使用者名稱:<inputtype="text"name="username"></p> <p>密碼:<inputtype="text"name="password"></p> <p><inputtype="submit"></p> </form> </body> </html>
1.10上面已經完成了頁面攔截的功能接下來實現使用者認證的工作
login.html:
<!DOCTYPEhtml> <htmllang="en"xmlns:th="http://www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>登入</title> </head> <body> <pth:text="${msg}"></p> <formth:action="@{/login}"> <p>使用者名稱:<inputtype="text"name="username"></p> <p>密碼:<inputtype="text"name="password"></p> <p><inputtype="submit"></p> </form> </body> </html>
controller:
@RequestMapping("/login") publicStringlogin(Stringusername,Stringpassword,Modelmodel){ //獲取當前使用者 Subjectsubject=SecurityUtils.getSubject(); //封裝使用者的登入資料(令牌),這裡是存在全局裡面,都可以調的到 UsernamePasswordTokentoken=newUsernamePasswordToken(username,password); try{ subject.login(token);//執行登陸的方法,如果沒有異常就ok了 return"index"; }catch(UnknownAccountExceptione){ model.addAttribute("msg","使用者名稱錯誤"); return"login"; }catch(IncorrectCredentialsExceptione){ model.addAttribute("msg","密碼錯誤"); return"login"; } }
UserRealm:
//認證 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokentoken)throwsAuthenticationException{ System.out.println("認證。。。"); //使用者名稱,密碼資料庫中取 Stringname="root"; Stringpassword="123456"; UsernamePasswordTokenuserToken=(UsernamePasswordToken)token; if(!userToken.getUsername().equals(name)){ returnnull;//它這裡會自動丟擲前面的使用者名稱錯誤的異常 } //密碼認證不讓你做,它自己做,他不讓你接觸密碼 returnnewSimpleAuthenticationInfo("",password,""); } }
直接測試即可發現以上功能基本實現。
packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/",Shiro"); return"index"; } }
2.springboot整合mybatis
2.1匯入依賴
<dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.12</version> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency>
2.2編寫配置檔案application.yml
spring: datasource: username:root password:892095368llq #?serverTimezone=UTC解決時區的報錯 url:jdbc:mysql://localhost:3306/yao?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8 driver-class-name:com.mysql.cj.jdbc.Driver type:com.alibaba.druid.pool.DruidDataSource #SpringBoot預設是不注入這些屬性值的,需要自己繫結 #druid資料來源專有配置 initialSize:5 minIdle:5 maxActive:20 maxWait:60000 timeBetweenEvictionRunsMillis:60000 minEvictableIdleTimeMillis:300000 validationQuery:SELECT1FROMDUAL testWhileIdle:true testOnBorrow:false testOnReturn:false poolPreparedStatements:true #配置監控統計攔截的filters,stat:監控統計、log4j:日誌記錄、wall:防禦sql注入 #如果允許時報錯java.lang.ClassNotFoundException:org.apache.log4j.Priority #則匯入log4j依賴即可,Maven地址:https://mvnrepository.com/artifact/log4j/log4j filters:stat,wall,log4j maxPoolPreparedStatementPerConnectionSize:20 useGlobalDataSourceStat:true connectionProperties:druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
2.3編寫配置檔案application.properties並新建mapper資料夾
application.properties
mybatis.type-aliases-package=com.yao.pojo mybatis.mapper-locations=classpath:mapper/*.xml
2.4建立pojo層,並配置lombok
<dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.16.10</version> </dependency>
編寫一個User.java
packagecom.yao.pojo; importlombok.AllArgsConstructor; importlombok.Data; importlombok.NoArgsConstructor; @Data @AllArgsConstructor @NoArgsConstructor publicclassUser{ privateintid; privateStringname; privateStringpwd; }
2.4建立mapper層,並寫出相對應的mapper介面和resources中的對應的mapper實現
UserMapper介面
packagecom.yao.mapper; importcom.yao.pojo.User; importorg.apache.ibatis.annotations.Mapper; importorg.springframework.stereotype.Repository; @Repository @Mapper publicinterfaceUserMapper{ publicUserqueryUserByName(Stringname); } mapper。xml <?xmlversion="1.0"encoding="UTF-8"?> <!DOCTYPEmapper PUBLIC"-//mybatis.org//DTDMapper3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mappernamespace="com.yao.mapper.UserMapper"> <selectid="queryUserByName"parameterType="String"resultType="User"> select*fromuserwherename=#{name} </select> </mapper>
UserService.interface
packagecom.yao.service; importcom.yao.pojo.User; publicinterfaceUserService{ publicUserqueryUserByName(Stringname); } UserServiceImpl.java packagecom.yao.service; importcom.yao.mapper.UserMapper; importcom.yao.pojo.User; importorg.springframework.beans.factory.annotation.Autowired; importorg.springframework.stereotype.Service; @Service publicclassUserServiceImplimplementsUserService{ @Autowired UserMapperuserMapper; @Override publicUserqueryUserByName(Stringname){ returnuserMapper.queryUserByName(name); } }
2.6在test中測試
packagecom.yao; importcom.yao.service.UserService; importcom.yao.service.UserServiceImpl; importorg.junit.jupiter.api.Test; importorg.springframework.beans.factory.annotation.Autowired; importorg.springframework.boot.test.context.SpringBootTest; @SpringBootTest classShiroSpringbootApplicationTests{ @Autowired UserServiceImpluserService; @Test voidcontextLoads(){ System.out.println(userService.queryUserByName("么么")); } }
測試成功,繼續寫
2.7更改UserRealm
packagecom.yao.config; importcom.yao.pojo.User; importcom.yao.service.UserService; importorg.apache.shiro.SecurityUtils; importorg.apache.shiro.authc.*; importorg.apache.shiro.authz.AuthorizationInfo; importorg.apache.shiro.realm.AuthorizingRealm; importorg.apache.shiro.subject.PrincipalCollection; importorg.apache.shiro.subject.Subject; importorg.springframework.beans.factory.annotation.Autowired; //自定義的UserRealm publicclassUserRealmextendsAuthorizingRealm{ @Autowired UserServiceuserService; //授權 @Override protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){ System.out.println("授權。。。"); returnnull; } //認證 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokentoken)throwsAuthenticationException{ System.out.println("認證。。。"); UsernamePasswordTokenuserToken=(UsernamePasswordToken)token; //連線真實資料庫 Useruser=userService.queryUserByName(userToken.getUsername()); if(user==null){ returnnull; } //密碼認證不讓你做,它自己做,他不讓你接觸密碼 returnnewSimpleAuthenticationInfo("",user.getPwd(),""); } }
2.8新增密碼加密
//還有一個md5加密,集成了hashcode是不可逆的 //比如你的密碼是123456 //md5(123456,32)=e10adc3949ba59abbe56e057f20f883e //md5(123456,16)=49ba59abbe56e057 //MD5鹽值加密e10adc3949ba59abbe56e057f20f883eusername //密碼認證不讓你做,它自己做,他不讓你接觸密碼 returnnewSimpleAuthenticationInfo("","");
2.9請求授權實現
==============
2.10繫結thymeleaf
packagecom.yao.mapper; importcom.yao.pojo.User; importorg.apache.ibatis.annotations.Mapper; importorg.springframework.stereotype.Repository; @Repository @Mapper publicinterfaceUserMapper{ publicUserqueryUserByName(Stringname); }
以上就是springboot整合Shiro的步驟的詳細內容,更多關於springboot整合Shiro的資料請關注我們其它相關文章!