springboot 实现域账号系统登陆,shiro验证
时间: 2023-07-12 22:08:18 浏览: 54
首先,需要在 pom.xml 文件中添加以下依赖:
```xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.6.0</version>
</dependency>
```
接着,在 application.yml 文件中配置 Shiro 和 LDAP 认证的相关信息:
```yaml
shiro:
ldap:
url: ldap://localhost:10389
base: dc=example,dc=com
userDnTemplate: uid={0},ou=people,dc=example,dc=com
spring:
ldap:
urls: ldap://localhost:10389
base: dc=example,dc=com
username: uid=admin,ou=system
password: secret
```
其中,url 配置的是 LDAP 服务器的地址和端口,base 是 LDAP 的根节点,userDnTemplate 则是用户节点的模板,用于根据用户名获取用户节点的 DN。
接下来,需要创建一个实现了 AuthenticationInfo 接口的类,用于获取用户的认证信息:
```java
@Component
public class LdapRealm extends AuthorizingRealm {
@Autowired
private LdapTemplate ldapTemplate;
/**
* 获取认证信息
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = token.getUsername();
String password = new String(token.getPassword());
// 根据用户名获取用户节点的 DN
String userDn = ldapTemplate.lookup("uid=" + username, new String[]{"dn"});
// 验证用户密码
try {
ldapTemplate.authenticate(userDn, "(objectClass=person)", password);
} catch (AuthenticationException e) {
throw new IncorrectCredentialsException("用户名或密码错误");
}
return new SimpleAuthenticationInfo(username, password, getName());
}
/**
* 获取授权信息
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
}
```
这里使用了 Spring LDAP 的 LdapTemplate 进行 LDAP 认证,通过调用 authenticate 方法实现验证用户密码。
最后,在 WebSecurityConfig 配置类中开启 Shiro 和 LDAP 认证:
```java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private LdapRealm ldapRealm;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.logout().permitAll();
http.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/css/**", "/js/**", "/img/**");
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
return shiroFilterFactoryBean;
}
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(ldapRealm);
return securityManager;
}
}
```
在这里,我们通过 configure 方法配置了登录页面、退出页面和权限控制,通过 configure(WebSecurity web) 方法配置了静态资源的忽略,最后通过 shiroFilterFactoryBean 和 securityManager 方法开启 Shiro 和 LDAP 认证。