Shiro 教程
...2021年10月12日大约 18 分钟
文章链接
https://gitee.com/fakerlove/Shiro
Shiro 教程
1. Shiro 介绍
1.1 什么是 Shiro
Shiro是Apache旗下的一个开源项目,它是一个非常易用的安全框架,提供了包括认证、授权、加密、会话管理等功能,与Spring Security一样属基于权限的安全框架,但是与Spring Security 相比,Shiro使用了比较简单易懂易于使用的授权方式。Shiro属于轻量级框架,相对于Spring Security简单很多,并没有security那么复杂。
1.2 Shiro 好处
它是一个功能强大、灵活的、优秀的、开源的安全框架。
它可以胜任身份验证、授权、企业会话管理和加密等工作。
它易于使用和理解,与Spring Security相比,入门门槛低。
1.3 Shiro 认证流程
Realm 中的具体实现
- Subject:代表当前用户,Subject 可以是一个人,也可以是第三方服务、守护进程帐户、时钟守护任务或者其它当前和软件交互的任何事件。
- SecurityManager:管理所有Subject,SecurityManager 是 Shiro 架构的核心,配合内部安全组件共同组成安全伞。
- Realms:用于进行权限信息的验证,我们自己实现。Realm 本质上是一个特定的安全 DAO:它封装与数据源连接的细节,得到Shiro 所需的相关的数据。在配置 Shiro 的时候,你必须指定至少一个Realm 来实现认证(authentication)和/或授权(authorization)。
2. Shiro 单机版使用
2.1 创建项目
1. 添加依赖
<dependencies>
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.5.3</version>
</dependency>
</dependencies>
2. 创建配置文件 shiro.ini
[users]
xiao=123
joker=123456
3. 创建测试类TextAuthenticator.java
package com.joker;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
public class TextAuthenticator {
public static void main(String[] args) {
// 创建安全管理器对象
DefaultSecurityManager securityManager=new DefaultSecurityManager();
// 2. 给安全管理器设置Realm
securityManager.setRealm(new IniRealm("classpath:shiro.ini"));
// 给SecurityUtils 给全局安全工具类 设置安全管理器
SecurityUtils.setSecurityManager(securityManager);
// 关键对象 Subject 主体
Subject subject=SecurityUtils.getSubject();
// 创建令牌
UsernamePasswordToken token=new UsernamePasswordToken("joker","123456");
try {
System.out.println("认证状态"+subject.isAuthenticated());
subject.login(token);
System.out.println("认证状态"+subject.isAuthenticated());
}catch (Exception e){
e.printStackTrace();
}
}
}
4. 项目结构如下
2.2 源码验证流程
2.2.1 Realm 关系图
2.2.2 源码讲解
SimpleAccountRealm.java 中doGetAuthenticationInfo 方法验证用户名
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken)token;
SimpleAccount account = this.getUser(upToken.getUsername());
if (account != null) {
if (account.isLocked()) {
throw new LockedAccountException("Account [" + account + "] is locked.");
}
if (account.isCredentialsExpired()) {
String msg = "The credentials for account [" + account + "] are expired";
throw new ExpiredCredentialsException(msg);
}
}
return account;
}
AuthenticatingRealm.java 中assertCredentialsMatch 这个方法 ,校验账户密码
protected void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException {
CredentialsMatcher cm = this.getCredentialsMatcher();
if (cm != null) {
if (!cm.doCredentialsMatch(token, info)) {
String msg = "Submitted credentials for token [" + token + "] did not match the expected credentials.";
throw new IncorrectCredentialsException(msg);
}
} else {
throw new AuthenticationException("A CredentialsMatcher must be configured in order to verify credentials during authentication. If you do not wish for credentials to be examined, you can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance.");
}
}
2.2.3 继承关系的讲解
AuthenticatingRealm 认证 getAuthenticationInfo 方法
AuthorizingRealm 授权 getAuthorizationInfo 方法
SimpleAccountRealm 为什么能够实现认证+授权呢??
SimpleAccountRealm 继承于AuthorizingRealm ,AuthorizingRealm 继承于AuthenticatingRealm
public class SimpleAccountRealm extends AuthorizingRealm
如果想要实现 自定义的Realm ,就必须要自己继承AuthorizingRealm 这个类,模仿SimpleAccountRealm
2.3 实现自定义的Realm
1. 首先自定义Realm
package com.joker.myrealm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.SimpleAccountRealm;
import org.apache.shiro.subject.PrincipalCollection;
/**
* 上章讲解过 自定义Realm 就需要 继承 AuthorizingRealm 中的两个方法
*/
public class CumstomRealm extends AuthorizingRealm {
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 取到用户名
String name=(String)authenticationToken.getPrincipal();
System.out.println("自定义Realm "+name+" ");
// 判断用户是否存在,连接数据库
if(name.equals("joker")){
// 这里的 “123456” 是数据库中查到的密码
SimpleAuthenticationInfo simpleAccountRealm=new SimpleAuthenticationInfo(name,"123456",this.getName());
return simpleAccountRealm;
}
return null;
}
}
2. 使用自定义Realm
package com.joker.myrealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
/**
* 在这里我们使用 自定义的Realm
*/
public class TestAuthorRealm {
public static void main(String[] args) {
DefaultSecurityManager securityManager=new DefaultSecurityManager();
// 2. 给安全管理器设置Realm
securityManager.setRealm(new CumstomRealm());
// 给SecurityUtils 给全局安全工具类 设置安全管理器
SecurityUtils.setSecurityManager(securityManager);
// 关键对象 Subject 主体
Subject subject=SecurityUtils.getSubject();
// 创建令牌
UsernamePasswordToken token=new UsernamePasswordToken("joker","123456");
try {
// 如果输入的 token 是错误的信息,会报错
System.out.println("自定义认证状态"+subject.isAuthenticated());
subject.login(token);
System.out.println("自定义认证状态"+subject.isAuthenticated());
Realm realm;
}catch (UnknownAccountException e){
e.printStackTrace();
System.out.println("用户名错误");
} catch (IncorrectCredentialsException e){
System.out.println("密码错误");
e.printStackTrace();
}catch (Exception e){
e.printStackTrace();
}
}
}
2.4 Md5 +Salt 认证流程
1. Service 层 业务层中算出Md5 算出来的结果
package com.joker.md5p;
import org.apache.shiro.crypto.hash.Md5Hash;
public class Md5Test {
public static void main(String[] args) {
/**
* 第一个参数 source ,就是密码
* 第二个参数 salt ,加盐 ,随机字符串
* 第三个参数 hashlterations ,哈希散列 ,越大散列越均匀
*/
Md5Hash hash=new Md5Hash("123456","xod",1024);
System.out.println(hash.toHex());
}
}
2.设置自定义的Realm
package com.joker.md5p;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
public class CumstomMd5Realm extends AuthorizingRealm {
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 取到用户名
String name=(String)authenticationToken.getPrincipal();
System.out.println("自定义Realm "+name+" ");
// 判断用户是否存在,连接数据库
if(name.equals("joker")){
// 这里的 “f3aed468e9246cbdff61fc59084154e0” Md5Test 算出来的 ,是数据库中查到的密码
// ByteSource.Util.bytes("xod") 这个是随机盐salt
SimpleAuthenticationInfo simpleAccountRealm=new SimpleAuthenticationInfo(name,"f3aed468e9246cbdff61fc59084154e0", ByteSource.Util.bytes("xod"),this.getName());
return simpleAccountRealm;
}
return null;
}
}
3. 使用 Realm
package com.joker.md5p;
import com.joker.myrealm.CumstomRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.Subject;
/**
* 在这里我们使用 自定义的Realm
*/
public class TestMd5AuthorRealm {
public static void main(String[] args) {
DefaultSecurityManager securityManager=new DefaultSecurityManager();
CumstomMd5Realm cumstomMd5Realm=new CumstomMd5Realm();
// 设置匹配策略,
HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher();
//设置Md5 加密
hashedCredentialsMatcher.setHashAlgorithmName("md5");
// 设置hash 散列度
hashedCredentialsMatcher.setHashIterations(1024);
cumstomMd5Realm.setCredentialsMatcher(hashedCredentialsMatcher);
// 2. 给安全管理器设置Realm
securityManager.setRealm(cumstomMd5Realm);
// 给SecurityUtils 给全局安全工具类 设置安全管理器
SecurityUtils.setSecurityManager(securityManager);
// 关键对象 Subject 主体
Subject subject=SecurityUtils.getSubject();
// 创建令牌
UsernamePasswordToken token=new UsernamePasswordToken("joker","123456");
try {
// 如果输入的 token 是错误的信息,会报错
System.out.println("自定义认证状态"+subject.isAuthenticated());
subject.login(token);
System.out.println("自定义认证状态"+subject.isAuthenticated());
Realm realm;
}catch (UnknownAccountException e){
e.printStackTrace();
System.out.println("用户名错误");
} catch (IncorrectCredentialsException e){
System.out.println("密码错误");
e.printStackTrace();
}catch (Exception e){
e.printStackTrace();
}
}
}
2.5 授权流程
1. 基于角色的控制访问
2. 基于资源的控制访问
3. 权限字符串
命名规则 资源标识符:操作:资源实例标识符
4. 授权实现方式
编程式
package com.joker.other; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; public class MyRealm extends AuthorizingRealm { /** * 授权 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("授权道路开始了"); String pr=(String)principalCollection.getPrimaryPrincipal(); System.out.println("身份信息为 "+pr); SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo(); simpleAuthorizationInfo.addRole("admin"); simpleAuthorizationInfo.addRole("user"); // 这个用户对于 001 这个资源有着所有的操作权限 simpleAuthorizationInfo.addStringPermission("user:*:001"); return simpleAuthorizationInfo; } /** * 认证 * @param authenticationToken * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { // 取到用户名 String name=(String)authenticationToken.getPrincipal(); System.out.println("自定义Realm "+name+" "); // 判断用户是否存在,连接数据库 if(name.equals("joker")){ // 这里的 “f3aed468e9246cbdff61fc59084154e0” Md5Test 算出来的 ,是数据库中查到的密码 // ByteSource.Util.bytes("xod") 这个是随机盐salt SimpleAuthenticationInfo simpleAccountRealm=new SimpleAuthenticationInfo(name,"f3aed468e9246cbdff61fc59084154e0", ByteSource.Util.bytes("xod"),this.getName()); return simpleAccountRealm; } return null; } }package com.joker.other; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.realm.Realm; import org.apache.shiro.subject.Subject; import java.util.Arrays; /** * 在这里我们使用 自定义的Realm */ public class TestMAuthorRealm { public static void main(String[] args) { DefaultSecurityManager securityManager=new DefaultSecurityManager(); MyRealm cumstomMd5Realm=new MyRealm(); // 设置匹配策略, HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher(); //设置Md5 加密 hashedCredentialsMatcher.setHashAlgorithmName("md5"); // 设置hash 散列度 hashedCredentialsMatcher.setHashIterations(1024); cumstomMd5Realm.setCredentialsMatcher(hashedCredentialsMatcher); // 2. 给安全管理器设置Realm securityManager.setRealm(cumstomMd5Realm); // 给SecurityUtils 给全局安全工具类 设置安全管理器 SecurityUtils.setSecurityManager(securityManager); // 关键对象 Subject 主体 Subject subject=SecurityUtils.getSubject(); // 创建令牌 UsernamePasswordToken token=new UsernamePasswordToken("joker","123456"); try { // 如果输入的 token 是错误的信息,会报错 System.out.println("自定义认证状态"+subject.isAuthenticated()); subject.login(token); System.out.println("自定义认证状态"+subject.isAuthenticated()); Realm realm; }catch (UnknownAccountException e){ e.printStackTrace(); System.out.println("用户名错误"); } catch (IncorrectCredentialsException e){ System.out.println("密码错误"); e.printStackTrace(); }catch (Exception e){ e.printStackTrace(); } //开始授权 if(subject.isAuthenticated()){ System.out.println(subject.hasRole("admin")); // 这个是多角色权限 System.out.println(subject.hasAllRoles(Arrays.asList("admin","user"))); // 基于字符串的权限控制 System.out.println( subject.isPermitted("user:*:001")); } } }注解式
标签式
项目结构如下
3. Shiro 整和SpringBoot 使用
3.1 环境搭建
Shiro+SpringBoot+Mysql+Redis(缓存)
1. 添加依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.1.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.3</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.23</version>
</dependency>
<!-- shiro+springboot 启动 -->
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring-boot-web-starter -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.5.3</version>
</dependency>
<!-- shiro 的缓存-->
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-ehcache -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.5.3</version>
</dependency>
<!-- jwt-->
<!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
<!-- 使用自定义的配置信息,就必须使用这样子的-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- 连接redis-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.67</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
2. 配置 yml
server:
port: 9099
spring:
application:
name: demo1
# 配置 mybatis
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://rm-uf682626j42h0nn6ljo.mysql.rds.aliyuncs.com:3306/faker?useUnicode=true&characterEncoding=utf-8&useSSL=true&serverTimezone=UTC
username: joker
password:
type: com.alibaba.druid.pool.DruidDataSource
# resources:
# static-locations:
redis:
host: 47.100.104.187
database: 0
password:
port: 6379
jedis:
pool:
max-wait: 3600
max-active: 8
timeout: 3600
mvc:
static-path-pattern: classpath:/static/ classpath:/templates/
view:
suffix: .html
prefix: classpath:/templates/
resources:
static-locations: classpath:/META-INF/resources/,classpath:/resources/,classpath:/static/,classpath:/public/
thymeleaf:
cache: false
suffix: .html
prefix: classpath:/templates/
mybatis:
mapper-locations: classpath:mapper/*.xml
type-aliases-package: com.example.demo.entity
3. 创建 实体类
package com.example.demo.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.Accessors;
/**
* 是 用户的 信息
*/
@Data
@NoArgsConstructor
@Accessors(chain = true)
@AllArgsConstructor
public class Person {
private int user_id;
private String user_name;
private String user_password;
private Double user_money;
private int user_lev;
private String user_email;
private String user_address;
private String user_banner_img;
private String user_telephone;
private String user_introduce;
private int user_gender;
private String user_salt;
}
package com.example.demo.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.Accessors;
/**
* 返回结果
* @param <T>
*/
@Data
@AllArgsConstructor
@NoArgsConstructor
@Accessors(chain = true)
public class ResultData<T>{
private String message;
private Integer code;
private T data;
}
4. 创建Mapper
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.demo.mapper.PersonMapper">
<!-- -->
<resultMap id="PersonMap" type="com.example.demo.entity.Person">
<id column="user_id" property="user_id" jdbcType="INTEGER"/>
<result column="user_lev" jdbcType="INTEGER" property="user_lev"/>
<result column="user_gender" jdbcType="INTEGER" property="user_gender"/>
<result column="user_password" jdbcType="VARCHAR" property="user_password"/>
<result column="user_email" jdbcType="VARCHAR" property="user_email"/>
<result column="user_address" jdbcType="VARCHAR" property="user_address"/>
<result column="user_banner_img" jdbcType="VARCHAR" property="user_banner_img"/>
<result column="user_telephone" jdbcType="VARCHAR" property="user_telephone"/>
<result column="user_introduce" jdbcType="VARCHAR" property="user_introduce"/>
<result column="user_password" jdbcType="VARCHAR" property="user_password"/>
<result column="user_money" property="user_money" jdbcType="DOUBLE"/>
<result column="user_salt" property="user_salt" jdbcType="VARCHAR"/>
</resultMap>
<select id="checkLogin" resultType="int">
SELECT count(*) FROM person
where user_id=#{user_id} and user_password=#{user_password}
</select>
<select id="findPersonById" resultMap="PersonMap">
SELECT * FROM person
where user_id=#{user_id}
</select>
<select id="findPersonByName" resultMap="PersonMap">
SELECT * FROM person
where user_name=#{user_name}
</select>
<select id="findPersonAll" resultMap="PersonMap" parameterType="int">
select * from person
where user_lev=#{user_lev}
</select>
<insert id="addPerson" parameterType="Person">
insert into person(user_name,user_password,user_money,user_lev,user_gender,user_salt)
values(#{user_name},#{user_password},#{user_money},#{user_lev},#{user_gender},#{user_salt});
</insert>
<select id="findid" resultType="int">
SELECT @@IDENTITY
</select>
<update id="modifyPerson" parameterType="Person">
update person
<set>
<if test="user_name!=null and user_name!=''">
user_name=#{user_name},
</if>
<if test="user_money!=null and user_money!=''">
user_money=#{user_money},
</if>
<if test="user_email!=null and user_email!=''">
user_email=#{user_email},
</if>
<if test="user_address!=null and user_address!=''">
user_address=#{user_address},
</if>
<if test="user_banner_img!=null and user_banner_img!=''">
user_banner_img=#{user_banner_img},
</if>
<if test="user_telephone!=null and user_telephone!=''">
user_telephone=#{user_telephone},
</if>
<if test="user_introduce!=null and user_introduce!=''">
user_introduce=#{user_introduce},
</if>
<if test="user_gender!=null and user_gender!=''">
user_gender=#{user_gender},
</if>
</set>
where user_id=#{user_id}
</update>
<update id="addMoney">
update person set user_money=#{user_money} where user_id=#{user_id}
</update>
<delete id="deletePerson" parameterType="int">
delete from person where user_id=#{user_id}
</delete>
</mapper>
5. 创建 db
CREATE DATABASE IF NOT EXISTS `faker` /*!40100 DEFAULT CHARACTER SET utf8 */ /*!80016 DEFAULT ENCRYPTION='N' */;
USE `faker`;
-- MySQL dump 10.13 Distrib 8.0.17, for Win64 (x86_64)
--
-- Host: rm-uf682626j42h0nn6ljo.mysql.rds.aliyuncs.com Database: faker
-- ------------------------------------------------------
-- Server version 8.0.18
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!50503 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
SET @MYSQLDUMP_TEMP_LOG_BIN = @@SESSION.SQL_LOG_BIN;
SET @@SESSION.SQL_LOG_BIN= 0;
--
-- GTID state at the beginning of the backup
--
SET @@GLOBAL.GTID_PURGED=/*!80000 '+'*/ '58413bdc-b9ef-11ea-8020-00163e0ab18f:1-66';
--
-- Table structure for table `person`
--
DROP TABLE IF EXISTS `person`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `person` (
`user_id` int(10) NOT NULL AUTO_INCREMENT,
`user_name` varchar(20) NOT NULL,
`user_password` varchar(100) NOT NULL,
`user_money` double NOT NULL DEFAULT '0',
`user_lev` int(11) NOT NULL DEFAULT '1',
`user_address` varchar(100) DEFAULT '"没有写地址"',
`user_email` varchar(100) DEFAULT NULL,
`user_banner_img` varchar(1000) DEFAULT NULL,
`user_telephone` varchar(100) DEFAULT NULL,
`user_introduce` varchar(1000) DEFAULT NULL,
`user_gender` int(11) NOT NULL DEFAULT '1',
`user_salt` varchar(45) DEFAULT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `person`
--
LOCK TABLES `person` WRITE;
/*!40000 ALTER TABLE `person` DISABLE KEYS */;
INSERT INTO `person` VALUES (1,'joker','123',126,1,'南京','203462009@qq.com','https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1590311354953&di=ea3b02c8f9e45664f87794a4c3692e26&imgtype=0&src=http%3A%2F%2Fa3.att.hudong.com%2F35%2F34%2F19300001295750130986345801104.jpg','15651771520','炸鸡店',0,NULL),(2,'peter','123456',997,2,'北京','203462009@qq.com','https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1590311354953&di=ea3b02c8f9e45664f87794a4c3692e26&imgtype=0&src=http%3A%2F%2Fa3.att.hudong.com%2F35%2F34%2F19300001295750130986345801104.jpg','15651771520','新石器烤肉',0,NULL),(3,'admin','123wan',888,2,'北京','203462009@qq.com','https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1590311354953&di=ea3b02c8f9e45664f87794a4c3692e26&imgtype=0&src=http%3A%2F%2Fa3.att.hudong.com%2F35%2F34%2F19300001295750130986345801104.jpg','15651771520','黄焖鸡店',0,NULL),(5,'pp','213',0,1,NULL,'','https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1590311354953&di=ea3b02c8f9e45664f87794a4c3692e26&imgtype=0&src=http%3A%2F%2Fa3.att.hudong.com%2F35%2F34%2F19300001295750130986345801104.jpg','15651771520',NULL,1,NULL),(6,'dd','123',0,1,NULL,'','https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1590311354953&di=ea3b02c8f9e45664f87794a4c3692e26&imgtype=0&src=http%3A%2F%2Fa3.att.hudong.com%2F35%2F34%2F19300001295750130986345801104.jpg','15651771520',NULL,1,NULL),(7,'joker','123',19988,1,NULL,'203462009@qq.com','D:\\code\\shopping\\src\\main\\resources\\upload\\8474d5bf-9486-4a60-a349-59448e408972.jpg','15651771520','苦而不言,喜而不语',1,NULL),(8,'akk','f9704410c5d8cca9c920102b92e2d3e2',0,1,'\"没有写地址\"',NULL,NULL,NULL,NULL,1,'3uhku6bx'),(9,'ad','cbfc5f5fd18dc905266d0272a93ebc62',0,2,'\"没有写地址\"',NULL,NULL,NULL,NULL,1,'1chsswry');
/*!40000 ALTER TABLE `person` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Dumping events for database 'faker'
--
--
-- Dumping routines for database 'faker'
--
SET @@SESSION.SQL_LOG_BIN = @MYSQLDUMP_TEMP_LOG_BIN;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2020-07-24 12:20:42
6. 创建Dao 层
package com.example.demo.mapper;
import com.example.demo.entity.Person;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Repository;
import java.util.List;
@Mapper
@Repository
public interface PersonMapper {
/**
* 表示登录
*
* @param user_id
* @param user_password
* @return
*/
int checkLogin(@Param("user_id") int user_id, @Param("user_password") String user_password);
/**
* 返回的是刚刚插入的主键值
* @param p
* @return
*/
int addPerson(Person p);
/**
* 根据用户 的id 来查找用户信息
* @param id
* @return
*/
Person findPersonById(int id);
/**
* 修改用户 信息
* @param person
* @return
*/
int modifyPerson(Person person);
/**
* 根据 用户等级,查找所有用户
* @param user_lev
* @return
*/
List<Person> findPersonAll(int user_lev);
/**
* 删除 用户
* @param user_id
* @return
*/
int deletePerson(int user_id);
/**
* 修改钱
*
* @param user_money
* @param user_id
* @return
*/
int addMoney(@Param("user_money") Double user_money, @Param("user_id") int user_id);
int findid();
Person findPersonByName(String user_name);
}
7. 创建 service
package com.example.demo.service;
import com.example.demo.entity.Person;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
@Service
public interface LoginService{
Person loginCheck(int user_id, String user_name);
List<Person> findall(int user_lev);
Person selectPersonById(Integer id);
Person selectPersonByName(String name);
Boolean addPerson(Person person);
}
package com.example.demo.service.impl;
import com.example.demo.entity.Person;
import com.example.demo.mapper.PersonMapper;
import com.example.demo.service.LoginService;
import lombok.extern.java.Log;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
@Service
@Transactional
public class LoginServiceImpl implements LoginService {
@Autowired
PersonMapper personMapper;
/**
*
* @param user_id
* @param user_name
* @return
*/
@Override
public Person loginCheck(int user_id, String user_name) {
return personMapper.findPersonById(user_id);
}
/**
* 按照等级查找用户
* @param user_lev
* @return
*/
@Override
public List<Person> findall(int user_lev) {
return personMapper.findPersonAll(user_lev);
}
@Override
public Person selectPersonById(Integer id) {
return personMapper.findPersonById(id);
}
@Override
public Person selectPersonByName(String name) {
return personMapper.findPersonByName(name);
}
@Override
public Boolean addPerson(Person person) {
int result=personMapper.addPerson(person);
return result>0;
}
}
8. 创建 Controller
package com.example.demo.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @author bn
*/
@Controller
public class JumpController {
@RequestMapping("/login")
public String user(){
return "login";
}
@RequestMapping("/register")
public String red(){
return "register";
}
}
package com.example.demo.controller;
import com.example.demo.entity.Person;
import com.example.demo.entity.ResultData;
import com.example.demo.service.LoginService;
import com.example.demo.utils.ShiroUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.ArrayList;
import java.util.List;
/**
* 用户控制类
*/
@Controller
@RequestMapping("/person")
public class LoginController {
protected static final Logger logger = LoggerFactory.getLogger(com.example.demo.controller.LoginController.class);
LoginService loginService;
@Autowired
public void setLoginService(LoginService loginService) {
this.loginService = loginService;
}
@RequestMapping("/test")
@RequiresRoles("user")
public String test(){
return "test";
}
@RequestMapping("/admin")
@RequiresRoles("admin")
public String amdin(){
return "admin";
}
@RequestMapping("/user")
public String user(){
return "user";
}
@RequestMapping("/login")
public String login(String user_name, String user_password){
System.out.println(user_name+" "+user_password);
try {
UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken(user_name,user_password);
Subject subject= SecurityUtils.getSubject();
subject.login(usernamePasswordToken);
}catch (UnknownAccountException e){
e.printStackTrace();
System.out.println("用户名错误");
return "login";
} catch (IncorrectCredentialsException e){
System.out.println("密码错误");
e.printStackTrace();
return "login";
}catch (Exception e){
e.printStackTrace();
return "login";
}
return "success";
}
@RequestMapping("/findAll")
@ResponseBody
public ResultData<List<Person>> findAll(@RequestParam("user_lev") int user_lev){
ResultData<List<Person>> data=new ResultData<>();
System.out.println(user_lev);
try {
List<Person> result= new ArrayList<>();
result=loginService.findall(user_lev);
if(result!=null&&result.size()>=0){
data.setCode(200);
data.setMessage("查找成功");
data.setData(result);
}else {
data.setCode(-1);
data.setMessage("查找失败");
data.setData(null);
}
}catch (Exception e){
e.printStackTrace();
logger.info("对不起 登录出现问题");
}
return data;
}
@RequestMapping("/register")
public String register(String user_name, String user_password,Integer user_lev){
System.out.println(user_name+" "+user_password);
Person person=new Person();
String salt=ShiroUtils.getRandomSalt(8);
// 这里进行盐处理
String password=ShiroUtils.md5(user_password,salt);
person.setUser_name(user_name);
person.setUser_password(password);
person.setUser_address("");
person.setUser_lev(user_lev);
person.setUser_salt(salt);
person.setUser_gender(1);
person.setUser_money(0.0);
System.out.println("存储的"+person);
Boolean result=loginService.addPerson(person);
if(result){
return "login";
}else {
return "register";
}
}
}
9. 创建Redis 配置类
package com.example.demo.config.redis;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.type.TypeFactory;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.data.redis.serializer.SerializationException;
import com.alibaba.fastjson.parser.ParserConfig;
import org.springframework.util.Assert;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
/**
* FastJson2JsonRedisSerializer
* Redis使用FastJson序列化
* by zhengkai.blog.csdn.net
*/
public class FastJson2JsonRedisSerializer<T> implements RedisSerializer<T> {
private ObjectMapper objectMapper = new ObjectMapper();
public static final Charset DEFAULT_CHARSET = Charset.forName("UTF-8");
private Class<T> clazz;
static {
ParserConfig.getGlobalInstance().setAutoTypeSupport(true);
//如果遇到反序列化autoType is not support错误,请添加并修改一下包名到bean文件路径
// ParserConfig.getGlobalInstance().addAccept("com.xxxxx.xxx");
}
public FastJson2JsonRedisSerializer(Class<T> clazz) {
super();
this.clazz = clazz;
}
@Override
public byte[] serialize(T t) throws SerializationException {
if (t == null) {
return new byte[0];
}
return JSON.toJSONString(t, SerializerFeature.WriteClassName).getBytes(DEFAULT_CHARSET);
}
@Override
public T deserialize(byte[] bytes) throws SerializationException {
if (bytes == null || bytes.length <= 0) {
return null;
}
String str = new String(bytes, DEFAULT_CHARSET);
return JSON.parseObject(str, clazz);
}
public void setObjectMapper(ObjectMapper objectMapper) {
Assert.notNull(objectMapper, "'objectMapper' must not be null");
this.objectMapper = objectMapper;
}
protected JavaType getJavaType(Class<?> clazz) {
return TypeFactory.defaultInstance().constructType(clazz);
}
}
package com.example.demo.config.redis;
import com.alibaba.fastjson.support.spring.FastJsonRedisSerializer;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import org.springframework.stereotype.Component;
/**
* @author bn
*/
@Data
@Component
@Configuration
@Slf4j
public class RedisConfig {
@Bean
public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
redisTemplate.setConnectionFactory(redisConnectionFactory);
FastJsonRedisSerializer<Object> fastJsonRedisSerializer = new FastJsonRedisSerializer<>(Object.class);
// 设置值value的序列化方式
redisTemplate.setValueSerializer(fastJsonRedisSerializer);
redisTemplate.setHashValueSerializer(fastJsonRedisSerializer);
// 设置键key的序列化方式
redisTemplate.setKeySerializer(new StringRedisSerializer());
redisTemplate.setHashKeySerializer(new StringRedisSerializer());
redisTemplate.afterPropertiesSet();
return redisTemplate;
}
}
10 .创建 RedisUtils
package com.example.demo.utils;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import javax.annotation.Resource;
@Component
public class RedisUtil implements ApplicationContextAware {
private static RedisTemplate redisTemplate;
public static RedisTemplate get(){
return redisTemplate;
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
redisTemplate=(RedisTemplate)applicationContext.getBean("redisTemplate");
}
// public String get(String key) {
// if (StringUtils.isEmpty(key)) {
// return null;
// }
// return redisTemplate.opsForValue().get(key);
// }
//
// public void set(String key, String value) {
// if (StringUtils.isEmpty(key) || StringUtils.isEmpty(value)) {
// return;
// }
// redisTemplate.opsForValue().set(key, value);
// }
}
11. 创建自定义 Realm
package com.example.demo.config.shiro;
import com.example.demo.entity.Person;
import com.example.demo.service.LoginService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
/**
* 自定义的 Realm 这里进行 用户认证和授权的操作
* 我们这里假定 user_lev =1 就是用户的操作,user_lev=2 就是 管理员的操作
*/
public class ShiroRealm extends AuthorizingRealm {
@Autowired
LoginService loginService;
/**
* 这里进行授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("=======授权=====");
String name=(String)principalCollection.getPrimaryPrincipal();
System.out.println("身份信息为 "+name);
// 查询数据库,获取 角色信息
Person person=loginService.selectPersonByName(name);
int lev=person.getUser_lev();
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
// 等级为 1 ,就是 user
if(lev==1){
simpleAuthorizationInfo.addRole("user");
// 等级为 2 ,就是 admin
}else{
simpleAuthorizationInfo.addRole("admin");
}
return simpleAuthorizationInfo;
}
/**
* 认证是否有这个用户
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 获取用户的 name
String name=(String) authenticationToken.getPrincipal();
Person person=loginService.selectPersonByName(name);
System.out.println("=======认证=====");
System.out.println(name);
// 表示有这个用户
if(person!=null&&person.getUser_name()!=null){
String password=person.getUser_password();
String salt=person.getUser_salt();
// 这里是 和 Controller 层中的UsernamePasswordToken 密码进行比较
SimpleAuthenticationInfo simpleAuthorizationInfo=new SimpleAuthenticationInfo(name,password,new Md5Hash(salt),this.getName());
return simpleAuthorizationInfo;
}
return null;
}
}
12. 创建Shiro缓存
package com.example.demo.config.shiro;
import com.example.demo.utils.RedisUtil;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import java.util.Collection;
import java.util.Set;
/**
* 重写Shiro 中的缓存
* @param <K>
* @param <V>
*/
//@Component
public class ShiroCache<K,V> implements Cache<K,V> {
/**
* 获取Cache
* @param k
* @return
* @throws CacheException
*/
@Override
public V get(K k) throws CacheException {
System.out.println("ShiroCache get===key "+ k);
if(k==null){
return null;
}else {
RedisTemplate redisTemplate=RedisUtil.get();
return (V)redisTemplate.opsForValue().get(k);
}
}
/**
*
* @param k
* @param v
* @return
* @throws CacheException
*/
@Override
public V put(K k, V v) throws CacheException {
System.out.println(k+"=ShiroCache=="+v);
// System.out.println("redisUtils=="+redisUtil);
RedisTemplate redisTemplate=RedisUtil.get();
// System.out.println("redisTemplate=="+redisTemplate);
// System.out.println(redisUtil==null);
redisTemplate.opsForValue().set(k.toString(),v);
return null;
}
@Override
public V remove(K k) throws CacheException {
RedisTemplate redisTemplate=RedisUtil.get();
redisTemplate.delete(k);
return null;
}
@Override
public void clear() throws CacheException {
RedisTemplate redisTemplate=RedisUtil.get();
Set<String> keys = redisTemplate.keys("*");
redisTemplate.delete(keys);
}
@Override
public int size() {
return 0;
}
@Override
public Set<K> keys() {
return null;
}
@Override
public Collection<V> values() {
return null;
}
}
package com.example.demo.config.shiro;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.apache.shiro.cache.CacheManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
/**
* @author bn
*/
@Component
public class ShiroCacheManager implements CacheManager {
@Override
public <K, V> Cache<K, V> getCache(String s) throws CacheException {
System.out.println("shiro 缓存"+s);
return new ShiroCache<K,V>();
}
}
13. 创建 自定义的ShiroFilter
package com.example.demo.config.shiro;
import com.example.demo.service.LoginService;
import com.example.demo.utils.ShiroUtils;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
/**
* 配置shiro
*/
@Configuration
public class ShiroConfig {
@Autowired
LoginService loginService;
// 1. 创建 ShiroFilter
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean getshiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
// 设置 安全管理器
System.out.println("=======ShiroFilterFactoryBean======");
bean.setSecurityManager(defaultWebSecurityManager);
// 设置文件资源
Map<String ,String> map=new HashMap<>();
// 开放了 login ,和 register 页面
map.put("/login","anon");// 开放首页
map.put("/register","anon");
map.put("/person/login","anon");
map.put("/person/register","anon");
// 拦截了 /findAll 这个请求 ,这个资源需要 授权加上认证。所以访问不了
map.put("/person/findAll","authc");
// 剩下的两个 路由,因为添加了 注解,所以这里不需要添加 ,也是有用的
bean.setFilterChainDefinitionMap(map);
bean.setUnauthorizedUrl("quanxian");
// 如果文件资源没有权限,跳转到那个页面
bean.setLoginUrl("login");
return bean;
}
/**
* 2. 创建 web 类型的 安全管理器
* @param realm
* @return
*/
@Bean
DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getRealm") Realm realm){
DefaultWebSecurityManager manager=new DefaultWebSecurityManager();
manager.setRealm(realm);
return manager;
}
/**
* 自定义一个 Realm 管理器
* @return
*/
@Bean("getRealm")
public Realm realm(){
// 设置算法的密度
HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher();
//设置Md5 加密
hashedCredentialsMatcher.setHashAlgorithmName(ShiroUtils.hashAlgorithmName);
// 设置hash 散列度
hashedCredentialsMatcher.setHashIterations(ShiroUtils.hashIterations);
ShiroRealm realm=new ShiroRealm();
realm.setCredentialsMatcher(hashedCredentialsMatcher);
realm.setCacheManager(new ShiroCacheManager());
realm.setCachingEnabled(true);// 开启全局缓存
realm.setAuthenticationCachingEnabled(true);
realm.setAuthenticationCacheName("renZhenCache");
realm.setAuthorizationCachingEnabled(true);
realm.setAuthorizationCacheName("shouQuanCache");
return realm;
}
}
14. 创建异常处理器
package com.example.demo.exception;
import com.example.demo.entity.ResultData;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
/**
* @author bn
*/
@ControllerAdvice
public class MyControllerAdvice {
/**
* 全局异常捕捉处理
* @param ex
* @return
*/
@ResponseBody
@ExceptionHandler(value = Exception.class)
public ResultData<String> errorHandler(Exception ex) {
ResultData<String> data=new ResultData<>();
data.setCode(-1);
data.setMessage("对不起没有权限");
data.setData("错误");
return data;
}
/**
* 拦截捕捉自定义异常 MyException.class
* @param ex
* @return
*/
// @ResponseBody
// @ExceptionHandler(value = MyException.class)
// public Map myErrorHandler(MyException ex) {
// Map map = new HashMap();
// map.put("code", ex.getCode());
// map.put("msg", ex.getMsg());
// return map;
// }
}
3.2 内置过滤器
| 过滤器名字 | 名称 | 用途 |
|---|---|---|
| anon(匿名) | org.apache.shiro.web.filter.authc.AnonymousFilter | 公共资源 |
| authc(身份验证) | org.apache.shiro.web.filter.authc.FormAuthenticationFilter | |
| authcBasic(http基本验证) | org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter | |
| logout(退出) | org.apache.shiro.web.filter.authc.LogoutFilter | |
| noSessionCreation(不创建session) | org.apache.shiro.web.filter.session.NoSessionCreationFilter | |
| perms(许可验证) | org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter | |
| port(端口验证) | org.apache.shiro.web.filter.authz.PortFilter | |
| rest (rest方面) | org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter | |
| roles(权限验证) | org.apache.shiro.web.filter.authz.RolesAuthorizationFilter | |
| ssl (ssl方面) | org.apache.shiro.web.filter.authz.SslFilter | |
| user (用户方面) | org.apache.shiro.web.filter.authc.UserFilter |
4. Shiro+JWT 的使用,
实现无session ,前后端分离
1.用户登陆之后,使用密码对账号进行签名生成并返回token并设置过期时间;
2.将token保存到本地,并且每次发送请求时都在header上携带token。
3.shiro过滤器拦截到请求并获取header中的token,并提交到自定义realm的doGetAuthenticationInfo方法。
4.通过jwt解码获取token中的用户名,从数据库中查询到密码之后根据密码生成jwt效验器并对token进行验证。