-
所需依赖
<!--thymeleaf——shiro整合包--> <dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version> </dependency> shiro包 <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.5.3</version> </dependency> -
创建UserRealm类继承AuthorizingRealm
public class UserRealm extends AuthorizingRealm {
@Override //授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override //认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("认证请求");
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
if (!token.getUsername().equals("root")) {
return null;
}
return new SimpleAuthenticationInfo("","1","");
// //数据库登录
// UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
// Users users = userMapper.queryByName(token.getUsername());
// if (users==null){return null;}
// return new SimpleAuthenticationInfo("", users.getPassword(), "");
}
}
- 创建配置类ShiroConfig添加注释@Configuration
@Configuration
public class ShiroConfig {
@Bean
public UserRealm getRealm(){
return new UserRealm();
}
@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getRealm")UserRealm realm){
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
defaultWebSecurityManager.setRealm(realm);
return defaultWebSecurityManager;
}
@Bean
public ShiroFilterFactoryBean getFactoryBean(@Qualifier("getDefaultWebSecurityManager")DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
Map map = new LinkedHashMap();
map.put("/pages/*", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
shiroFilterFactoryBean.setLoginUrl("/toLogin");
return shiroFilterFactoryBean;
}
//创建shiro——thrmeleaf整合类
@Bean
public ShiroDialect getShiroDialect(){
return new ShiroDialect();
}
}
/*
anon:无认证即可访问
authc:认证才能访问
user:必须有 记住我功能 才能用
perms:拥有对某个资源才能访问
role:拥有角色才能访问
* */
- 编写controller层
@RequestMapping("/toLogin")
public String toLogin(Model model) {
return "/pages/samples/login";
}
@RequestMapping("/Login")
public String logins(Model model,String username,String password) {
Subject subject = SecurityUtils.getSubject(); //获得用户信息
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
try {
subject.login(token);
return "index";
} catch (UnknownAccountException e) {
model.addAttribute("msg", "用户不存在");
return "pages/samples/login";
} catch (IncorrectCredentialsException e){
model.addAttribute("msg", "密码错误");
return "pages/samples/login";
}
}
- 标签说明
guest标签
<shiro:guest>
</shiro:guest>
用户没有身份验证时显示相应信息,即游客访问信息。
user标签
<shiro:user>
</shiro:user>
用户已经身份验证/记住我登录后显示相应的信息。
authenticated标签
<shiro:authenticated>
</shiro:authenticated>
用户已经身份验证通过,即Subject.login登录成功,不是记住我登录的。
notAuthenticated标签
<shiro:notAuthenticated>
</shiro:notAuthenticated>
用户已经身份验证通过,即没有调用Subject.login进行登录,包括记住我自动登录的也属于未进行身份验证。
principal标签
<shiro: principal/>
<shiro:principal property="username"/>
相当于((User)Subject.getPrincipals()).getUsername()。
lacksPermission标签
<shiro:lacksPermission name="org:create">
</shiro:lacksPermission>
如果当前Subject没有权限将显示body体内容。
hasRole标签
<shiro:hasRole name="admin">
</shiro:hasRole>
如果当前Subject有角色将显示body体内容。
hasAnyRoles标签
<shiro:hasAnyRoles name="admin,user">
</shiro:hasAnyRoles>
如果当前Subject有任意一个角色(或的关系)将显示body体内容。
lacksRole标签
<shiro:lacksRole name="abc">
</shiro:lacksRole>
如果当前Subject没有角色将显示body体内容。
hasPermission标签
<shiro:hasPermission name="user:create">
</shiro:hasPermission>
如果当前Subject有权限将显示body体内容
- thymeleaf——shiro整合命名空间
xmlns:shiro=“http://www.pollix.at/thymeleaf/shiro”
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
