點(diǎn)擊上方藍(lán)色字體，選擇“標(biāo)星公眾號”

優(yōu)質(zhì)文章，第一時(shí)間送達(dá)

? 作者?|? Zzzkis

來源 |? urlify.cn/EBfuy2

1.創(chuàng)建一個(gè)springboot項(xiàng)目

選中web和thymeleaf

1.1新建index.html


"en"?xmlns:th="http://www.thymeleaf.org">

????"UTF-8">
????Title


????首頁

????"${msg}">

1.2創(chuàng)建一個(gè)controller

package?com.yao.controller;
?
import?org.springframework.stereotype.Controller;
import?org.springframework.ui.Model;
import?org.springframework.web.bind.annotation.RequestMapping;
?
@Controller
public?class?MyController?{
?
????@RequestMapping({"/","/index"})
????public?String?toIndex(Model?model){
????????model.addAttribute("msg","hello,Shiro");
????????return?"index";
????}
}

一定要記住shiro的三大對象

1.subject：用戶

2.SecurityManager：管理所有用戶

3.Realm：連接數(shù)據(jù)

1.3導(dǎo)入整合用的依賴包


????org.apache.shiro
????shiro-spring
????1.4.1

1.4創(chuàng)建一個(gè)config(ShiroConfig)，并編寫他

package?com.yao.config;
?
import?org.springframework.context.annotation.Configuration;
?
@Configuration
public?class?ShiroConfig?{
?
????//ShiroFilterFactoryBean
?
????//DefaultWebSecurityManager
?
????//創(chuàng)建?realm?對象，這個(gè)realm對象需要自定義
?????
}

1.5創(chuàng)建自己的一個(gè)realmconfig，也就是在config中創(chuàng)建另外一個(gè)配置類UserRealm

package?com.yao.config;
?
import?org.apache.shiro.authc.AuthenticationException;
import?org.apache.shiro.authc.AuthenticationInfo;
import?org.apache.shiro.authc.AuthenticationToken;
import?org.apache.shiro.authz.AuthorizationInfo;
import?org.apache.shiro.realm.AuthorizingRealm;
import?org.apache.shiro.subject.PrincipalCollection;
?
//自定義的?UserRealm
public?class?UserRealm?extends?AuthorizingRealm?{
????//授權(quán)
????@Override
????protected?AuthorizationInfo?doGetAuthorizationInfo(PrincipalCollection?principalCollection)?{
????????System.out.println("授權(quán)。。。");
????????return?null;
????}
????//認(rèn)證
????@Override
????protected?AuthenticationInfo?doGetAuthenticationInfo(AuthenticationToken?authenticationToken)?throws?AuthenticationException?{
????????System.out.println("認(rèn)證。。。");
????????return?null;
????}
}

1.6將UserRealm注冊到ShiroConfig里面去，是我們自己寫的這個(gè)類被spring托管

1.7新建兩個(gè)測試頁面并重新寫一下index頁面

?add.html


"en">

????"UTF-8">
????Title


????add

update.html


"en">

????"UTF-8">
????Title


????update

index.html


"en"?xmlns:th="http://www.thymeleaf.org">

????"UTF-8">
????Title


????首頁

????"${msg}">

????

"@{/user/add}">add?|?"@{/user/update}">update

1.8編寫controller層

package?com.yao.controller;
?
import?org.springframework.stereotype.Controller;
import?org.springframework.ui.Model;
import?org.springframework.web.bind.annotation.RequestMapping;
?
@Controller
public?class?MyController?{
?
@RequestMapping({"/","/index"})
public?String?toIndex(Model?model){
model.addAttribute("msg","hello,Shiro");
return?"index";
????}
?
@RequestMapping("/user/add")
public?String?add(){
return?"user/add";
????}
?
@RequestMapping("/user/update")
public?String?update(){
return?"user/update";
????}
}

1.9添加過濾器

還是在shiroconfig中加入：

//添加Shiro的內(nèi)置過濾器
/*
????????????anon：無需認(rèn)證就可以訪問
????????????authc：必須認(rèn)證了才能通過
????????????user：必須擁有記住我功能才能用
????????????perms：擁有對某個(gè)資源的權(quán)限才可以訪問
????????????role：擁有某個(gè)角色權(quán)限才能訪問
?????????*/
Map?filterMap?=?new?LinkedHashMap<>();
//????????filterMap.put("/user/add","authc");
//????????filterMap.put("/user/update","authc");
filterMap.put("/user/*","authc");
bean.setFilterChainDefinitionMap(filterMap);
//設(shè)置登錄的請求
bean.setLoginUrl("/toLogin");
return?bean;

這里希望沒有認(rèn)證就從add和update跳到login頁面因此還要寫一個(gè)login頁面和改寫controller

controller層：

@RequestMapping("/toLogin")
public?String?toLogin(){
return?"login";
}

login頁面：


"en">

????"UTF-8">
????登錄



????用戶名：?"text"?name="username">

????密碼："text"?name="password">

????"submit">

1.10上面已經(jīng)完成了頁面攔截的功能接下來實(shí)現(xiàn)用戶認(rèn)證的工作


"en"?xmlns:th="http://www.thymeleaf.org">

????"UTF-8">
????登錄


"${msg}"?style="color:?red">

"@{/login}">
????用戶名：?"text"?name="username">

????密碼："text"?name="password">

????"submit">

controller:

@RequestMapping("/login")
public?String?login(String?username,String?password,Model?model){
//獲取當(dāng)前用戶
Subject?subject?=?SecurityUtils.getSubject();
//封裝用戶的登錄數(shù)據(jù)(令牌),這里是存在全局里面，都可以調(diào)的到
UsernamePasswordToken?token?=?new?UsernamePasswordToken(username,?password);
try?{
subject.login(token);//?執(zhí)行登陸的方法，如果沒有異常就ok了
return?"index";
????}?catch?(UnknownAccountException?e)?{
model.addAttribute("msg","用戶名錯(cuò)誤");
return?"login";
????}?catch?(IncorrectCredentialsException?e){
model.addAttribute("msg","?密碼錯(cuò)誤");
return?"login";
????}
}

UserRealm:

//認(rèn)證
@Override
protected?AuthenticationInfo?doGetAuthenticationInfo(AuthenticationToken?token)?throws?AuthenticationException?{
System.out.println("認(rèn)證。。。");
?
//用戶名，密碼?數(shù)據(jù)庫中取
String?name?=?"root";
String?password?=?"123456";
?
UsernamePasswordToken?userToken?=?(UsernamePasswordToken)?token;
?
if(!userToken.getUsername().equals(name)){
return?null;//它這里會(huì)自動(dòng)拋出前面的用戶名錯(cuò)誤的異常
}
//密碼認(rèn)證不讓你做，它自己做，他不讓你接觸密碼
return?new?SimpleAuthenticationInfo("",password,"");
????}
}

直接測試即可發(fā)現(xiàn)以上功能基本實(shí)現(xiàn)。

package?com.yao.controller;
?
import?org.springframework.stereotype.Controller;
import?org.springframework.ui.Model;
import?org.springframework.web.bind.annotation.RequestMapping;
?
@Controller
public?class?MyController?{
?
@RequestMapping({"/","/index"})
public?String?toIndex(Model?model){
model.addAttribute("msg","hello,Shiro");
return?"index";
????}
}

2.springboot整合mybatis

2.1導(dǎo)入依賴


????mysql
????mysql-connector-java


????log4j
????log4j
????1.2.17


????com.alibaba
????druid
????1.1.12


????org.mybatis.spring.boot
????mybatis-spring-boot-starter
????2.1.0

2.2編寫配置文件application.yml

spring:
??datasource:
????username:?root
????password:?892095368llq
????#?serverTimezone=UTC解決時(shí)區(qū)的報(bào)錯(cuò)
????url:?jdbc:mysql://localhost:3306/yao?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
????driver-class-name:?com.mysql.cj.jdbc.Driver
????type:?com.alibaba.druid.pool.DruidDataSource
?
????#Spring?Boot?默認(rèn)是不注入這些屬性值的，需要自己綁定
????#druid?數(shù)據(jù)源專有配置
????initialSize:?5
????minIdle:?5
????maxActive:?20
????maxWait:?60000
????timeBetweenEvictionRunsMillis:?60000
????minEvictableIdleTimeMillis:?300000
????validationQuery:?SELECT?1?FROM?DUAL
????testWhileIdle:?true
????testOnBorrow:?false
????testOnReturn:?false
????poolPreparedStatements:?true
?
????#配置監(jiān)控統(tǒng)計(jì)攔截的filters，stat:監(jiān)控統(tǒng)計(jì)、log4j：日志記錄、wall：防御sql注入
????#如果允許時(shí)報(bào)錯(cuò)??java.lang.ClassNotFoundException:?org.apache.log4j.Priority
????#則導(dǎo)入?log4j?依賴即可，Maven?地址：https://mvnrepository.com/artifact/log4j/log4j
????filters:?stat,wall,log4j
????maxPoolPreparedStatementPerConnectionSize:?20
????useGlobalDataSourceStat:?true
????connectionProperties:?druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500

2.3編寫配置文件application.properties并新建mapper文件夾

?application.properties

mybatis.type-aliases-package=com.yao.pojo
mybatis.mapper-locations=classpath:mapper/*.xml

2.4創(chuàng)建pojo層，并配置lombok


????org.projectlombok
????lombok
????1.16.10

編寫一個(gè)User.java

package?com.yao.pojo;
?
import?lombok.AllArgsConstructor;
import?lombok.Data;
import?lombok.NoArgsConstructor;
?
@Data
@AllArgsConstructor
@NoArgsConstructor
public?class?User?{
????private?int?id;
????private?String?name;
????private?String?pwd;
}

2.4創(chuàng)建mapper層，并寫出相對應(yīng)的mapper接口和resources中的對應(yīng)的mapper實(shí)現(xiàn)

UserMapper接口

package?com.yao.mapper;
?
import?com.yao.pojo.User;
import?org.apache.ibatis.annotations.Mapper;
import?org.springframework.stereotype.Repository;
?
@Repository
@Mapper
public?interface?UserMapper?{
????public?User?queryUserByName(String?name);
}

mapper。xml

"1.0"?encoding="UTF-8"??>
????????PUBLIC?"-//mybatis.org//DTD?Mapper?3.0//EN"
????????"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
?
"com.yao.mapper.UserMapper">
"queryUserByName"?parameterType="String"?resultType="User">
????select?*?from?user?where?name?=?#{name}

?

UserService.interface

package?com.yao.service;
?
import?com.yao.pojo.User;
?
public?interface?UserService?{
????public?User?queryUserByName(String?name);
}

UserServiceImpl.java

package?com.yao.service;
?
import?com.yao.mapper.UserMapper;
import?com.yao.pojo.User;
import?org.springframework.beans.factory.annotation.Autowired;
import?org.springframework.stereotype.Service;
?
@Service
public?class?UserServiceImpl?implements?UserService{
?
????@Autowired
????UserMapper?userMapper;
?
????@Override
????public?User?queryUserByName(String?name)?{
????????return?userMapper.queryUserByName(name);
????}
}

2.6在test中測試

package?com.yao;
?
import?com.yao.service.UserService;
import?com.yao.service.UserServiceImpl;
import?org.junit.jupiter.api.Test;
import?org.springframework.beans.factory.annotation.Autowired;
import?org.springframework.boot.test.context.SpringBootTest;
?
@SpringBootTest
class?ShiroSpringbootApplicationTests?{
????@Autowired
????UserServiceImpl?userService;
?
????@Test
????void?contextLoads()?{
????????System.out.println(userService.queryUserByName("幺幺"));
?
????}
?
}

?測試成功，繼續(xù)寫

2.7更改UserRealm

package?com.yao.config;
?
import?com.yao.pojo.User;
import?com.yao.service.UserService;
import?org.apache.shiro.SecurityUtils;
import?org.apache.shiro.authc.*;
import?org.apache.shiro.authz.AuthorizationInfo;
import?org.apache.shiro.realm.AuthorizingRealm;
import?org.apache.shiro.subject.PrincipalCollection;
import?org.apache.shiro.subject.Subject;
import?org.springframework.beans.factory.annotation.Autowired;
?
//自定義的?UserRealm
public?class?UserRealm?extends?AuthorizingRealm?{
?
????@Autowired
????UserService?userService;
?
????//授權(quán)
????@Override
????protected?AuthorizationInfo?doGetAuthorizationInfo(PrincipalCollection?principalCollection)?{
????????System.out.println("授權(quán)。。。");
????????return?null;
????}
????//認(rèn)證
????@Override
????protected?AuthenticationInfo?doGetAuthenticationInfo(AuthenticationToken?token)?throws?AuthenticationException?{
????????System.out.println("認(rèn)證。。。");
?
?
?
????????UsernamePasswordToken?userToken?=?(UsernamePasswordToken)?token;
????????//連接真實(shí)數(shù)據(jù)庫
????????User?user?=?userService.queryUserByName(userToken.getUsername());
????????if?(user==null){
????????????return?null;
????????}
?
????????//密碼認(rèn)證不讓你做，它自己做，他不讓你接觸密碼
????????return?new?SimpleAuthenticationInfo("",user.getPwd(),"");
????}
}

2.8添加密碼加密

//還有一個(gè)md5加密，集成了hashcode是不可逆的
????????//比如你的密碼是123456
//????????md5(123456,32)?=?e10adc3949ba59abbe56e057f20f883e
//????????md5(123456,16)?=?49ba59abbe56e057
????????//MD5鹽值加密e10adc3949ba59abbe56e057f20f883eusername
????????//密碼認(rèn)證不讓你做，它自己做，他不讓你接觸密碼
????????return?new?SimpleAuthenticationInfo("",user.getPwd(),"");

2.9請求授權(quán)實(shí)現(xiàn)

2.10綁定thymeleaf

package?com.yao.mapper;

import?com.yao.pojo.User;
import?org.apache.ibatis.annotations.Mapper;
import?org.springframework.stereotype.Repository;

@Repository
@Mapper
public?interface?UserMapper?{
public?User?queryUserByName(String?name);
}

粉絲福利：Java從入門到入土學(xué)習(xí)路線圖

??????

??長按上方微信二維碼?2 秒

感謝點(diǎn)贊支持下哈?

springboot整合Shiro