Spring+SpringMVC+Mybatis的SSM做一个shiro的登陆验证的完整程序
时间: 2024-03-15 11:46:10 浏览: 102
好的,下面是一个Spring+SpringMVC+Mybatis的SSM中使用Shiro进行登陆验证的完整程序示例:
1. 添加依赖
在pom.xml文件中添加Shiro的依赖:
```xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.1</version>
</dependency>
```
2. 配置Shiro
在Spring的配置文件中添加Shiro的配置,例如在applicationContext.xml中添加如下配置:
```xml
<!-- Shiro配置 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
</bean>
<bean id="myRealm" class="com.example.shiro.MyRealm">
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-256" />
</bean>
</property>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login.jsp" />
<property name="successUrl" value="/index.jsp" />
<property name="unauthorizedUrl" value="/unauthorized.jsp" />
<property name="filterChainDefinitions">
<value>
/login.jsp = anon
/login.do = anon
/logout.do = logout
/** = authc
</value>
</property>
</bean>
```
其中,securityManager配置了SecurityManager实现类;myRealm配置了自定义的Realm实现类;shiroFilter配置了ShiroFilter的相关设置。
3. 编写Realm实现类
创建一个自定义的Realm实现类,用于验证用户的账号和密码。具体代码如下:
```java
import java.util.HashSet;
import java.util.Set;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
//模拟数据库中的用户信息
private static final String USERNAME = "admin";
private static final String PASSWORD = "admin";
private static final String SALT = "123456";
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//授权
Set<String> roles = new HashSet<>();
roles.add("admin");
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(roles);
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//认证
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
if (!USERNAME.equals(username)) {
return null;
}
String password = PASSWORD;
String salt = SALT;
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("SHA-256");
matcher.setHashIterations(1024);
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(username, password, matcher);
authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(salt));
return authenticationInfo;
}
}
```
其中,doGetAuthorizationInfo方法用于授权,可以设置用户的角色和权限;doGetAuthenticationInfo方法用于认证,可以验证用户的账号和密码。
4. 编写登陆验证代码
在Java代码中创建一个Shiro的工具类,用于登陆验证和权限控制。具体代码如下:
```java
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
public class ShiroUtils {
@Autowired
private SecurityManager securityManager;
public boolean login(String username, String password) {
//1.将SecurityManager设置到运行环境中
SecurityUtils.setSecurityManager(securityManager);
//2.创建Subject
Subject subject = SecurityUtils.getSubject();
//3.创建Token
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
//4.登陆
subject.login(token);
return true;
} catch (UnknownAccountException e) {
//用户名不存在
System.out.println("用户名不存在");
} catch (IncorrectCredentialsException e) {
//密码错误
System.out.println("密码错误");
} catch (LockedAccountException e) {
//账户被锁定
System.out.println("账户被锁定");
} catch (AuthenticationException e) {
//认证失败
System.out.println("认证失败");
}
return false;
}
public void logout() {
//1.获取Subject
Subject subject = SecurityUtils.getSubject();
//2.登出
subject.logout();
}
}
```
5. 在Controller中使用Shiro进行登陆验证
在需要进行登陆验证的Controller中,引入ShiroUtils,并调用其login方法进行验证。具体代码如下:
```java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class LoginController {
@Autowired
private ShiroUtils shiroUtils;
@RequestMapping("/login.do")
public String login(String username, String password) {
if (shiroUtils.login(username, password)) {
return "redirect:/index.jsp";
} else {
return "redirect:/login.jsp";
}
}
}
```
以上就是一个简单的Spring+SpringMVC+Mybatis的SSM中使用Shiro进行登陆验证的完整程序示例。