UserRealm
类,继承AuthorizingRealm
public class UserRealm extends AuthorizingRealm { //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { return null; } }
ShiroConfig
类配置shrio
@Component public class ShiroConfig { //第三步:创建ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); //过滤 Map<String, String> filterChainDefinitionMap = new LinkedHashMap(); //filterChainDefinitionMap.put("/user/add", "anon"); //filterChainDefinitionMap.put("/user/update", "authc"); filterChainDefinitionMap.put("/user/*", "authc");//可使用通配符* shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); shiroFilterFactoryBean.setLoginUrl("/toLogin"); return shiroFilterFactoryBean; } //第二步:创建DefaultWebSecurityManager对象 @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(userRealm); return securityManager; } //第一步:创建Realm对象 @Bean public UserRealm userRealm(){ return new UserRealm(); } }
try catch
判断登录是否成功
try { subject.login(usernamePasswordToken); //未异常,登陆成功 return "index"; } catch (UnknownAccountException e) { //用户名不存在 e.printStackTrace(); model.addAttribute("msg", "用户名不存在"); return "toLogin"; } catch (IncorrectCredentialsException e) { //密码错误 e.printStackTrace(); model.addAttribute("msg", "密码错误"); return "toLogin"; }
UserRealm
类中进行认证
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("AuthenticationInfo=>执行"); String userName = "admin"; String password = "123456"; UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; if(!token.getUsername().equals(userName)) { return null; } //可将用户信息对象存入第一个参数内 return new SimpleAuthenticationInfo("",password, ""); }
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//建立授权对象
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//获取当前用户对象
Subject subject = SecurityUtils.getSubject();
//获取用户信息
Blogger blogger = (Blogger) subject.getPrincipal();
//判断是否为root用户
//真实项目中通过判断数据库字段权限类型
String user = blogger.getUserName().equals("root")?"user:add":"user:update";
//添加权限
simpleAuthorizationInfo.addStringPermission(user);
return simpleAuthorizationInfo;
}