写一段基于shiro安全认证的springboot程序
时间: 2023-06-04 20:07:05 浏览: 56
非常感谢您的提问,我可以为您提供以下基于shiro安全认证的springboot程序的代码示例:
1. 添加依赖
```xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.6.0</version>
</dependency>
```
2. 配置shiro
```java
@Configuration
public class ShiroConfig {
// 配置shiro过滤器
@Bean
public FilterRegistrationBean<DelegatingFilterProxy> delegatingFilterProxy(){
FilterRegistrationBean<DelegatingFilterProxy> filterRegistrationBean = new FilterRegistrationBean<>();
filterRegistrationBean.setFilter(new DelegatingFilterProxy("shiroFilterFactoryBean"));
filterRegistrationBean.addUrlPatterns("/*");
return filterRegistrationBean;
}
// 配置shiro
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/error/**", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
// 配置SecurityManager
@Bean
public SecurityManager securityManager(AuthRealm authRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(authRealm);
return securityManager;
}
// 配置Realm
@Bean
public AuthRealm authRealm(HashedCredentialsMatcher hashedCredentialsMatcher){
AuthRealm authRealm = new AuthRealm();
authRealm.setCacheManager(new MemoryConstrainedCacheManager());
authRealm.setCredentialsMatcher(hashedCredentialsMatcher);
return authRealm;
}
// 配置凭证匹配器
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
hashedCredentialsMatcher.setHashIterations(2);
return hashedCredentialsMatcher;
}
}
```
3. 实现自定义Realm
```java
public class AuthRealm extends AuthenticatingRealm {
@Autowired
private UserService userService;
// 验证用户身份
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = token.getUsername();
User user = userService.getUserByUsername(username);
if(user == null){
throw new UnknownAccountException();
}
return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
}
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
User user = (User) principalCollection.getPrimaryPrincipal();
authorizationInfo.addRole(user.getRole());
authorizationInfo.addStringPermission(user.getPermission());
return authorizationInfo;
}
}
```
4. 实现登录接口
```java
@RestController
public class LoginController {
@PostMapping("/login")
public Result login(String username, String password){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try{
subject.login(token);
}catch (UnknownAccountException e){
return Result.fail("用户名不存在");
}catch (IncorrectCredentialsException e){
return Result.fail("密码错误");
}
return Result.success();
}
@GetMapping("/logout")
public Result logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return Result.success();
}
}
```
以上便是基于shiro安全认证的springboot程序的代码示例,希望能够对您有所帮助。如果您有其他问题,欢迎继续提问。