<version>${shiro.version}</version>有什么作用
时间: 2023-06-09 15:08:24 浏览: 45
${shiro.version}是一个Maven属性,在pom.xml文件中用于指定Shiro框架的版本号,用于管理项目中依赖Shiro框架时的版本一致性。当该属性被使用时,Maven会自动将其替换为指定的版本号。通过这种方式,可以方便地管理项目中使用的不同版本的Shiro框架,同时也可以避免版本不一致导致的依赖冲突或其他问题。
相关问题
springboot+shiro的框架怎么写呢,我的maven是:<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-web-starter</artifactId> <version>1.8.0</version> </dependency> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.18.2</version> </dependency>
好的,对于使用 Spring Boot 和 Shiro 框架的项目,可以参照以下步骤进行搭建:
1. 在 pom.xml 文件中添加依赖:
```
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.8.0</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.18.2</version>
</dependency>
```
其中,shiro-spring-boot-web-starter 是 Shiro 在 Spring Boot 中的集成包,java-jwt 是用于生成和解析 JWT 的库。
2. 在 application.properties 或 application.yml 文件中配置 Shiro:
```
# 配置 Shiro 的加密方式
shiro.hashAlgorithmName=md5
shiro.hashIterations=2
# 配置 JWT 的过期时间
jwt.expireTime=1800
# 配置 Shiro 的登录路径和首页路径
shiro.loginUrl=/login
shiro.successUrl=/index
# 配置 Shiro 的过滤器链
shiro.filterChainDefinitionMap= \
/static/** = anon \
/login = anon \
/logout = logout \
/** = authc
```
其中,shiro.hashAlgorithmName 和 shiro.hashIterations 是 Shiro 的加密方式,jwt.expireTime 是 JWT 的过期时间,shiro.loginUrl 和 shiro.successUrl 是 Shiro 的登录路径和首页路径,shiro.filterChainDefinitionMap 是 Shiro 的过滤器链。
3. 创建 Shiro 配置类,用于配置 Shiro 的各种组件:
```
@Configuration
public class ShiroConfig {
// 配置 SecurityManager
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm()); // 配置自定义 Realm
securityManager.setRememberMeManager(cookieRememberMeManager()); // 配置 RememberMeManager
securityManager.setSessionManager(sessionManager()); // 配置 SessionManager
return securityManager;
}
// 配置自定义 Realm
@Bean
public MyRealm myRealm() {
return new MyRealm();
}
// 配置 RememberMeManager
@Bean
public RememberMeManager cookieRememberMeManager() {
CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
rememberMeManager.setCookie(rememberMeCookie());
return rememberMeManager;
}
// 配置 RememberMeCookie
@Bean
public SimpleCookie rememberMeCookie() {
SimpleCookie cookie = new SimpleCookie("rememberMe");
cookie.setMaxAge(86400); // 设置 Cookie 的过期时间为一天
return cookie;
}
// 配置 SessionManager
@Bean
public DefaultWebSessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionIdUrlRewritingEnabled(false);
sessionManager.setSessionDAO(redisSessionDAO()); // 配置 RedisSessionDAO
sessionManager.setGlobalSessionTimeout(1800000); // 设置 Session 的过期时间为半小时
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionValidationSchedulerEnabled(true);
return sessionManager;
}
// 配置 RedisSessionDAO
@Bean
public RedisSessionDAO redisSessionDAO() {
RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
redisSessionDAO.setRedisManager(redisManager()); // 配置 RedisManager
redisSessionDAO.setKeyPrefix("shiro:session:");
redisSessionDAO.setExpire(1800); // 设置 Session 的过期时间为半小时
return redisSessionDAO;
}
// 配置 RedisManager
@Bean
public RedisManager redisManager() {
RedisManager redisManager = new RedisManager();
redisManager.setHost("localhost");
redisManager.setPort(6379);
redisManager.setTimeout(0);
return redisManager;
}
// 配置 ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager());
factoryBean.setLoginUrl("/login");
factoryBean.setSuccessUrl("/index");
factoryBean.setUnauthorizedUrl("/unauthorized");
factoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition().getFilterChainMap());
return factoryBean;
}
// 配置 ShiroFilterChainDefinition
@Bean
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
chainDefinition.addPathDefinition("/static/**", "anon");
chainDefinition.addPathDefinition("/login", "anon");
chainDefinition.addPathDefinition("/logout", "logout");
chainDefinition.addPathDefinition("/**", "authc");
return chainDefinition;
}
}
```
其中,myRealm() 方法用于配置自定义 Realm,cookieRememberMeManager() 方法用于配置 RememberMeManager 和 RememberMeCookie,sessionManager() 方法用于配置 SessionManager 和 RedisSessionDAO,redisManager() 方法用于配置 RedisManager,shiroFilterFactoryBean() 方法用于配置 ShiroFilterFactoryBean,shiroFilterChainDefinition() 方法用于配置 ShiroFilterChainDefinition。
4. 创建自定义 Realm 类,用于实现用户的认证和授权逻辑:
```
public class MyRealm extends AuthorizingRealm {
// 配置加密方式
@Override
public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName("md5");
matcher.setHashIterations(2);
super.setCredentialsMatcher(matcher);
}
// 用户认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
String password = new String(upToken.getPassword());
// 根据用户名和密码查询用户信息
User user = userService.findByUsernameAndPassword(username, password);
if (user == null) {
throw new UnknownAccountException("用户名或密码错误");
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), getName());
return info;
}
// 用户授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
User user = (User) principals.getPrimaryPrincipal();
// 根据用户角色查询权限信息
List<Role> roles = userService.findRolesByUsername(user.getUsername());
for (Role role : roles) {
info.addRole(role.getName());
List<Permission> permissions = role.getPermissions();
for (Permission permission : permissions) {
info.addStringPermission(permission.getName());
}
}
return info;
}
}
```
在自定义 Realm 类中,通过 setCredentialsMatcher() 方法配置加密方式,通过 doGetAuthenticationInfo() 方法实现用户的认证逻辑,通过 doGetAuthorizationInfo() 方法实现用户的授权逻辑。
5. 创建登录控制器,用于处理用户的登录和注销:
```
@Controller
public class LoginController {
@GetMapping("/login")
public String login() {
return "login";
}
@PostMapping("/login")
public String login(String username, String password, boolean rememberMe, HttpServletRequest request) {
try {
// 将用户名和密码封装成 UsernamePasswordToken 对象
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
// 设置 RememberMe
token.setRememberMe(rememberMe);
// 执行登录操作
SecurityUtils.getSubject().login(token);
return "redirect:/index";
} catch (UnknownAccountException e) {
request.setAttribute("error", "用户名不存在");
} catch (IncorrectCredentialsException e) {
request.setAttribute("error", "密码错误");
} catch (LockedAccountException e) {
request.setAttribute("error", "账号已被锁定");
} catch (AuthenticationException e) {
request.setAttribute("error", "登录失败:" + e.getMessage());
}
return "login";
}
@GetMapping("/logout")
public String logout() {
SecurityUtils.getSubject().logout();
return "redirect:/login";
}
}
```
在登录控制器中,通过 login() 方法实现用户的登录操作,通过 logout() 方法实现用户的注销操作。
6. 在页面中添加登录界面和首页,例如:
```
<!-- 登录界面 -->
<form method="post" action="/login">
<div class="form-group">
<label for="username">用户名:</label>
<input type="text" id="username" name="username" class="form-control" required>
</div>
<div class="form-group">
<label for="password">密码:</label>
<input type="password" id="password" name="password" class="form-control" required>
</div>
<div class="form-check">
<input type="checkbox" id="rememberMe" name="rememberMe" class="form-check-input">
<label for="rememberMe" class="form-check-label">记住我</label>
</div>
<button type="submit" class="btn btn-primary">登录</button>
</form>
<!-- 首页 -->
<h1>欢迎登录</h1>
<p><a href="/logout">退出登录</a></p>
```
通过以上步骤,就可以使用 Spring Boot 和 Shiro 框架来实现用户的认证和授权了,当然,在具体实现时,还需要针对自己的业务需求进行一些调整和优化。
SLF4J: No SLF4J providers were found. SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details. Exception in thread "main" org.apache.shiro.config.ConfigurationException: Unable to instantiate class [org.apache.shiro.web.mgt.DefaultWebSecurityManager] for object named 'securityManager'. Please ensure you've specified the fully qualified class name correctly. at org.apache.shiro.config.ReflectionBuilder.createNewInstance(ReflectionBuilder.java:309) at org.apache.shiro.config.ReflectionBuilder$InstantiationStatement.doExecute(ReflectionBuilder.java:927) at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887) at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765) at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260) at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130) at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94) at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46) at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123) at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47) at com.xiu.Quickstart.main(Quickstart.java:26) Caused by: org.apache.shiro.util.UnknownClassException: Unable to load class named [org.apache.shiro.web.mgt.DefaultWebSecurityManager] from the thread context, current, or system/application ClassLoaders. All heuristics have been exhausted. Class could not be found. at org.apache.shiro.util.ClassUtils.forName(ClassUtils.java:152) at org.apache.shiro.util.ClassUtils.newInstance(ClassUtils.java:168) at org.apache.shiro.config.ReflectionBuilder.createNewInstance(ReflectionBuilder.java:302) ... 12 more
这个异常是因为 Shiro 框架没有找到 SLF4J(Simple Logging Facade for Java)的实现类,导致默认使用了 NOP(No-Operation)日志记录器实现。
可以通过以下几个步骤解决这个异常:
1. 确保在应用程序的 classpath 下存在 SLF4J 的实现类,比如 Logback、Log4j 等。
2. 确认应用程序中已经正确引入了 SLF4J 的依赖,比如以下 Maven 依赖:
```
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.30</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
```
3. 确认 SLF4J 的配置文件是否正确,比如 logback.xml 或者 log4j.properties 等。
如果以上步骤都没有解决问题,可以尝试修改 Shiro 的日志记录器实现类,比如使用 Logback 作为日志记录器实现:
```
# 修改 Shiro 的日志记录器实现类为 Logback
log4j.logger.org.apache.shiro=INFO, stdout
log4j.logger.org.apache.shiro.util.ThreadContext=INFO, stdout
log4j.logger.org.apache.shiro.realm=INFO, stdout
log4j.logger.org.apache.shiro.web=INFO, stdout
log4j.logger.org.apache.shiro.cache=INFO, stdout
log4j.logger.org.apache.shiro.session=INFO, stdout
# Logback 配置文件,可以将日志输出到控制台
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<logger name="org.apache.shiro" level="INFO"/>
<root level="DEBUG">
<appender-ref ref="STDOUT" />
</root>
</configuration>
```
相关推荐
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![docx](https://img-home.csdnimg.cn/images/20210720083331.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)