ES6对象新增语法

---

SpringBoot整合shiro

• 前面我们介绍了spring security与SpringBoot项目的整合，今天我们就来整合shiro

  1.shiro框架是什么

• 我们来看看官网是怎么解释的，这几个对象是比较重要的，关系我还需要理解一下，现在还不是特别的理解

• 1.realm对象

• 2.DefaultWebSecurityManager

• 3.ShiroFilterFactoryBean

  2.demo的整体结构

• 整合在SpringBoot中，如下

感觉是不是跟springsecurity的有点像，其实两者本质上是一致的

最重要的是官网上的这个图，一定要理解他，我们就可以成功的编写我们的代码

3.引入依赖(这个非常的重要)

<dependency>
  <groupId>org.apache.shiro</groupId>
  <artifactId>shiro-spring</artifactId>
  <version>1.5.1</version>
</dependency>

4.配置ShiroConfig类

package com.cxy.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

  //主要有三大对象需要整合进来
  //1.shiroFilterFactoryBean
  //2.DefaultWebSecurityManager
  @Bean
  public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
    //设置安全管理器
    ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
    bean.setSecurityManager(defaultWebSecurityManager);
    /**
     * 添加shiro的内置过滤器
     *
     */
//    anoo: 无需认证就可以访问，
//    authc: 认证了才能进行访问
//    user： 必须拥有记住我功能才能用
//    Parm： 拥有某个资源的权限才能进行访问
//    role: 拥有某个权限才能访问
    Map<String, String> map = new LinkedHashMap<>();
//    1.需要授权才能访问
//    map.put("/toIndex","authc");
//    map.put("/toCatagroy","authc");
//    2.无须授权就可以访问
    map.put("/toIndex", "authc");

    //3.拦截页面
    bean.setFilterChainDefinitionMap(map);
    bean.setLoginUrl("/toLogin");
    return bean;
  }

  @Bean
  public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm realm){
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    //关联userRealm
    manager.setRealm(realm);
    return manager;
  }
  //3.创建realm对象，需要自定义类
  @Bean
  public UserRealm userRealm(){
    return new UserRealm();
  }
}


/**
*这个是从下往上进行配置的，主要有这几个主要的对象

1.realm对象
2.DefaultWebSecurityManager
3.ShiroFilterFactoryBean

*/

4.配置UserRealm对象

package com.cxy.config;

import com.cxy.pojo.User;
import com.cxy.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

public class UserRealm  extends AuthorizingRealm {
  @Autowired
  UserService userService;
  //授权
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    System.out.println("执行了授权=》doGetAuthorizationInfo");
    return null;
  }

  //认证
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    System.out.println("执行了认证=》doGetAuthenticationInfo");
//    String username = "root";
//    String password = "123456";
//    将传递过来的token转换成获得令牌的token

    UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;

   User user = userService.queryUserByStringName(userToken.getUsername());
    if(user == null){
      //没有这个人
      return null;//return null 的作用是返回到配置信息里面的异常里面
    }
//    if(!username.equals(userToken.getUsername())){
//      return null;
//    }

    return new SimpleAuthenticationInfo("",user.getPassword(),"");
  }
}

5.IndexController的请求

package com.cxy.controller;

import com.cxy.pojo.User;
import com.cxy.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.List;

@Controller
public class IndexController {

  @Autowired
  private UserService userService;

  @RequestMapping({"/","/index","index.html"})
  public String toIndex(Model model){
    model.addAttribute("msg", "hello,shiro");
    return "index";
  }
  @RequestMapping("/toIndex")
  public String toIndex1(Model model){
    model.addAttribute("msg", "hello,首页");
    return "/user/toIndex";
  }
  @RequestMapping("/toCatagroy")
  public String toIndex2(Model model){
    model.addAttribute("msg", "hello,shiro");
    return "/user/toCatagroy";
  }

  @RequestMapping("/toLogin")
  public String toLogin(Model model){
    model.addAttribute("msg", "hello,shiro");
    return "login";
  }


  @RequestMapping("/login")
  public String login(String username,String password ,boolean rememberMe ,Model model){
    Subject subject = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(username,password,rememberMe);
    System.out.println(username + "+" +password);
    try{
//      用户名判断成功
      subject.login(token);
      return "index";
    }catch (UnknownAccountException e){
      model.addAttribute("msg", "没有此账户");
      return "login";
    }catch (IncorrectCredentialsException e){
      model.addAttribute("msg", "密码错误");
      return "login";
    }
  }
  @ResponseBody
  @RequestMapping("/test")
  public List<User> test(Model model){
    model.addAttribute("msg", "hello,shiro");
    User user = new User();
    user.setName("cxy");
    List<User> list = userService.queryUserByName(user);
    return list;
  }
}

---

---

转载请注明来源，欢迎对文章中的引用来源进行考证，欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论，也可以邮件至 1371769065@qq.com