怎么在SpringBoot中利用Shiro实现一个密码登录功能?很多新手对此不是很清楚,为了帮助大家解决这个难题,下面小编将为大家详细讲解,有这方面需求的人可以来学习下,希望你能有所收获。
导入依赖(pom.xml)
<!--整合Shiro安全框架--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <!--集成jwt实现token认证--> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.2.0</version> </dependency>创建 ShiroConfig 配置类
@Configurationpublic class ShiroConfig { @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) { ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean(); //设置安全管理器 factoryBean.setSecurityManager(defaultWebSecurityManager); // 添加shiro的内置过滤器 Map<String, String> filterMap = new LinkedHashMap<>(); // 放行不需要权限认证的接口 //放行登录接口 filterMap.put("/login @Bean(name = "securityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("customRealm") CustomRealm customRealm) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //关联CustomRealm securityManager.setRealm(customRealm); return securityManager; } @Bean public CustomRealm customRealm() { return new CustomRealm(); }}创建密码登录时验证授权 CustomRealm 类
@Componentpublic class CustomRealm extends AuthorizingRealm { @Autowired AdministratorsService administratorsService; { HashedCredentialsMatcher mather = new HashedCredentialsMatcher(); // 加密方式 mather.setHashAlgorithmName("md5"); // 密码进行一次运算 mather.setHashIterations(512); this.setCredentialsMatcher(mather); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("————授权————doGetAuthorizationInfo————"); return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("————认证————doGetAuthenticationInfo————"); UsernamePasswordToken userToken = (UsernamePasswordToken) token; // 连接数据库 查询用户数据 QueryWrapper<Administrators> wrapper = new QueryWrapper<>(); wrapper.eq("username", userToken.getUsername()); Administrators administrators = administratorsService.getOne(wrapper); if (administrators == null) { return null; // 抛出异常 UnknownAccountException } // 密码认证,shiro做 return new SimpleAuthenticationInfo("", administrators.getPassword(), ""); }}控制层用户密码登录
//用户名登录 @ApiOperation(value = "管理员登录", notes = "用户名登录--不进行拦截") @PostMapping("/doLogin") public String doLogin(@RequestParam("username") String username, @RequestParam("password") String password, HttpSession session,Model model) { // 获取当前的用户 Subject subject = SecurityUtils.getSubject(); // 封装用户的登录数据 UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { subject.login(token); //保存session会话 管理员名字 session.setAttribute("adname", username); return "admin"; } catch (UnknownAccountException e) { model.addAttribute("usererror", "用户名错误!请重新输入。"); return "login"; } catch (IncorrectCredentialsException ice) { model.addAttribute("pwerror", "密码错误!请重新输入。"); return "login"; } }看完上述内容是否对您有帮助呢?如果还想对相关知识有进一步的了解或阅读更多相关文章,请关注编程网行业资讯频道,感谢您对编程网的支持。
