springboot整合shiro,后面集成vue
realm
package pri.niddles.utils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class Realm extends AuthorizingRealm {
//授权
//认证
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("授权");
//这里给权力
SimpleAuthorizationInfo sazi = new SimpleAuthorizationInfo();
sazi.addStringPermission("user:add"); //add相当于一个认证令牌 数据库可以加pers字段这样他就可以去访问
//拿到当前的用户
//设置用户的权限
return sazi;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("认证");
//这里可能要走认证
//数据库查到
//伪造
String username = "admin";
String password = "admin";
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
if (!userToken.getUsername().equals(username)){
return null; //UnknownAccountException自动识别
}
//密码shiro自动处理
//第一个参数应该给
return new SimpleAuthenticationInfo("",password,"");
}
}
shiroConfig
package pri.niddles.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import pri.niddles.utils.Realm;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
//这个配置类就是定义拦截的
//Realm那边是给放行的
//第三步ShiroFilterFactoryBean
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//设置安全管理器
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
//内置过滤器
// anon 无需认证 /user记住我 /authc需要认证 /perms资源权限 /role角色权限
Map<String,String> filterMap = new HashMap<>();
filterMap.put("/login/permit","perms[user:add]");
filterMap.put("/login/access","authc");
filterMap.put("/login/shiro","anon");
shiroFilterFactoryBean.setUnauthorizedUrl("/login/noauth");
// shiroFilterFactoryBean.setLoginUrl("/login/access");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
//第二步 DefaultWebSecurityManager
@Bean(name = "defaultWebSecurityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("selfDefiniteRealm") Realm realm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
//关联realm
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
//第一步是自定义realm
@Bean(name = "selfDefiniteRealm")
public Realm returnrealm(){
return new Realm();
}
}
controller
package pri.niddles.controller;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import pri.niddles.common.Response;
import pri.niddles.service.UserVoI;
import pri.niddles.vo.LoginVo;
@Controller
@Slf4j
@RequestMapping("/login")
@CrossOrigin
public class LoginShiroController {
@RequestMapping("/shiro")
@ResponseBody
public Response login(String username,String password){
//获取当前请求的用户
Subject subject = SecurityUtils.getSubject();
//封装用户的数据
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
System.out.println(token);
try {
subject.login(token);
}catch (UnknownAccountException e){
return Response.failurerequest(null,"用户名不存在");
}catch (IncorrectCredentialsException e){
return Response.failurerequest(null,"密码错误");
}
return Response.success();
}
@RequestMapping("/noauth")
@ResponseBody
public Response permit(){
return Response.failurerequest(null,"未经授权禁止访问");
}
}
