springboot整合shiro实现登录验证授权的过程解析

<!-- shiro -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.7.1</version>
        </dependency>

#配置服务端口
server:
  port: 8080
  servlet:
    encoding:
      charset: utf-8
      enabled: true
      force: true
    context-path: /cxh/
spring:
  #配置数据源
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://localhost:3306/cxh_mall_service?characterEncoding=utf-8&useSSL=false
    username: root
    password: 123456
  #配置页面
  mvc:
    view:
      prefix: /WEB-INF/page/
      suffix: .jsp
  #配置上传文件大小
  servlet:
    multipart:
      max-file-size: 10MB
#配置Mybatis
mybatis:
  config-location: classpath:mybatis/mybatis-config.xml
  mapper-locations: classpath:mybatis/mapper
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
        String username = (String) arg0.getPrimaryPrincipal();
        SysUser sysUser = sysUserService.getUserByName(username);
        // 角色列表
        Set<String> roles = new HashSet<String>();
        // 功能列表
        Set<String> menus = new HashSet<String>();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        roles = sysRoleService.listByUser(sysUser.getId());
        menus = sysMenuService.listByUser(sysUser.getId());
        // 角色加入AuthorizationInfo认证对象
        info.setRoles(roles);
        // 权限加入AuthorizationInfo认证对象
        info.setStringPermissions(menus);
        return info;
    }
     * 登录认证
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (StringUtils.isEmpty(authenticationToken.getPrincipal())) {
            return null;
        }
        //获取用户信息
        String username = authenticationToken.getPrincipal().toString();
        if (username == null || username.length() == 0)
        {
        SysUser user = sysUserService.getUserByName(username);
        if (user == null)
            throw new UnknownAccountException(); //未知账号
        //判断账号是否被锁定，状态（0：禁用；1：锁定；2：启用）
        if(user.getStatus() == 0)
            throw new DisabledAccountException(); //帐号禁用
        if (user.getStatus() == 1)
            throw new LockedAccountException(); //帐号锁定
        //盐
        String salt = "123456";
        //验证
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                username, //用户名
                user.getPassword(), //密码
                ByteSource.Util.bytes(salt), //盐
                getName() //realm name
        );
        return authenticationInfo;
    public static void main(String[] args) {
        String originalPassword = "123456"; //原始密码
        String hashAlgorithmName = "MD5"; //加密方式
        int hashIterations = 2; //加密的次数
        //加密
        SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, originalPassword, salt, hashIterations);
        String encryptionPassword = simpleHash.toString();
        //输出加密密码
        System.out.println(encryptionPassword);
}

import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;

@Controller
@Slf4j
public class LoginController {
    
    @GetMapping(value={"/", "/login"})
    public String login(){
        return "admin/loginPage";
    }
     * 登录操作
    @RequestMapping("/loginSubmit")
    public String login(String username, String password, ModelMap modelMap)
    {
        //参数验证
        if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password))
        {
            modelMap.addAttribute("message", "账号密码必填！");
            return "admin/loginPage";
        }
        //账号密码令牌
        AuthenticationToken token = new UsernamePasswordToken(username, password);
        //获得当前用户到登录对象，现在状态为未认证
        Subject subject = SecurityUtils.getSubject();
        try
            //将令牌传到shiro提供的login方法验证，需要自定义realm
            subject.login(token);
            //没有异常表示验证成功,进入首页
            return "admin/homePage";
        catch (IncorrectCredentialsException ice)
            modelMap.addAttribute("message", "用户名或密码不正确！");
        catch (UnknownAccountException uae)
            modelMap.addAttribute("message", "未知账户！");
        catch (LockedAccountException lae)
            modelMap.addAttribute("message", "账户被锁定！");
        catch (DisabledAccountException dae)
            modelMap.addAttribute("message", "账户被禁用！");
        catch (ExcessiveAttemptsException eae)
            modelMap.addAttribute("message", "用户名或密码错误次数太多！");
        catch (AuthenticationException ae)
            modelMap.addAttribute("message", "验证未通过！");
        catch (Exception e)
        //返回登录页
     * 登出操作
    @RequestMapping("/logout")
    public String logout()
        //登出清除缓存
        subject.logout();
        return "redirect:/login";
}

<div>
        <div><p>cxh电商平台管理后台</p></div>
        <div>
            <form name="loginForm" method="post" action="/cxh/loginSubmit" onsubmit="return SubmitLogin()" autocomplete="off">
                <input type="text" name="username" placeholder="用户名"/>
                <input type="password" name="password" placeholder="密码" autocomplete="on">
                <span>${message}</span>
                <input type="submit" value="登录"/>
            </form>
        </div>
    </div>

//提交登录
function SubmitLogin() {
    //判断用户名是否为空
    if (!loginForm.username.value) {
        alert("请输入用户姓名！");
        loginForm.username.focus();
        return false;
    }

    //判断密码是否为空
    if (!loginForm.password.value) {
        alert("请输入登录密码！");
        loginForm.password.focus();
        return false;
    }
    return true;
}