兰州网站建站,wordpress finag主题下载,做外贸兼职的网站有哪些,wordpress 教育 主题文章目录 整合思路1.创建springboot项目2.引入依赖3.创建Shiro Filter0.创建配置类1.配置shiroFilterFactoryBean2.配置WebSecurityManager3.创建自定义Relm4.配置自定义realm5.编写控制器跳转至index.html6.加入资源的权限控制7. 常见过滤器 登录认证实现登录界面开发controll… 文章目录 整合思路1.创建springboot项目2.引入依赖3.创建Shiro Filter0.创建配置类1.配置shiroFilterFactoryBean2.配置WebSecurityManager3.创建自定义Relm4.配置自定义realm5.编写控制器跳转至index.html6.加入资源的权限控制7. 常见过滤器 登录认证实现登录界面开发controller开发realm中返回静态数据(未连接数据库) 退出认证实现页面按钮开发Controller MD5、Salt的认证实现开发数据库注册1.用户注册页面2.创建用户注册表3.引入依赖4.配置数据源5.创建实体类6.开发controller7.开发Service8.创建DAO接口9.创建salt工具类 开发数据库注册认证1.开发DAO2.开发Service层3.开发在工厂中获取bean对象的工具类4.修改自定义realm5.修改ShiroConfig中realm使用凭证匹配器以及hash散列 整合思路 1.创建springboot项目 2.引入依赖
dependencygroupIdorg.apache.shiro/groupIdartifactIdshiro-spring-boot-starter/artifactIdversion1.5.3/version
/dependency3.创建Shiro Filter
0.创建配置类 1.配置shiroFilterFactoryBean
Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager securityManager){//创建shiro的filterShiroFilterFactoryBean shiroFilterFactoryBean new ShiroFilterFactoryBean();//注入安全管理器shiroFilterFactoryBean.setSecurityManager(securityManager);return shiroFilterFactoryBean;
}2.配置WebSecurityManager
Bean
public DefaultWebSecurityManager getSecurityManager(Realm realm){DefaultWebSecurityManager defaultWebSecurityManager new DefaultWebSecurityManager();defaultWebSecurityManager.setRealm(realm);return defaultWebSecurityManager;
}3.创建自定义Relm
public class CustomerRealm extends AuthorizingRealm {//处理授权Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {return null;}//处理认证Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {return null;}
}4.配置自定义realm
//创建自定义realm
Bean
public Realm getRealm(){return new CustomerRealm();
}5.编写控制器跳转至index.html
Controller
public class IndexController {RequestMapping(index)public String index(){System.out.println(跳转至主页);return index;}
}6.加入资源的权限控制
修改ShiroFilterFactoryBean配置
//注入安全管理器
shiroFilterFactoryBean.setSecurityManager(securityManager);
MapString,String map new LinkedHashMap();
map.put(/**,authc);
//配置认证和授权规则
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
/** 代表拦截项目中一切资源 authc 代表shiro中的一个filter的别名,详细内容看文档的shirofilter列表
7. 常见过滤器
注意: shiro提供和多个默认的过滤器我们可以用这些过滤器来配置控制指定url的权限
配置缩写对应的过滤器功能anonAnonymousFilter指定url可以匿名访问authcFormAuthenticationFilter指定url需要form表单登录默认会从请求中获取username、password,rememberMe等参数并尝试登录如果登录不了就会跳转到loginUrl配置的路径。我们也可以用这个过滤器做默认的登录逻辑但是一般都是我们自己在控制器写登录逻辑的自己写的话出错返回的信息都可以定制嘛。authcBasicBasicHttpAuthenticationFilter指定url需要basic登录logoutLogoutFilter登出过滤器配置指定url就可以实现退出功能非常方便noSessionCreationNoSessionCreationFilter禁止创建会话permsPermissionsAuthorizationFilter需要指定权限才能访问portPortFilter需要指定端口才能访问restHttpMethodPermissionFilter将http请求方法转化成相应的动词来构造一个权限字符串这个感觉意义不大有兴趣自己看源码的注释rolesRolesAuthorizationFilter需要指定角色才能访问sslSslFilter需要https请求才能访问userUserFilter需要已登录或“记住我”的用户才能访问
登录认证实现
登录界面
form action${pageContext.request.contextPath}/user/login methodpost用户名:input typetext nameusername br/密码 : input typetext namepassword brinput typesubmit value登录
/form开发controller
Controller
RequestMapping(user)
public class UserController {/*** 用来处理身份认证* param username* param password* return*/RequestMapping(login)public String login(String username,String password){//获取主体对象Subject subject SecurityUtils.getSubject();try {subject.login(new UsernamePasswordToken(username,password));return redirect:/index.jsp;} catch (UnknownAccountException e) {e.printStackTrace();System.out.println(用户名错误!);}catch (IncorrectCredentialsException e){e.printStackTrace();System.out.println(密码错误!);}return redirect:/login.jsp;}
}开发realm中返回静态数据(未连接数据库)
Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {System.out.println();String principal (String) token.getPrincipal();if(xiaochen.equals(principal)){return new SimpleAuthenticationInfo(principal,123,this.getName());}return null;}
}退出认证实现
页面按钮 a href${pageContext.request.contextPath}/user/logout退出用户/a开发Controller
Controller
RequestMapping(user)
public class UserController {/*** 退出登录**/RequestMapping(logout)public String logout(){Subject subject SecurityUtils.getSubject();subject.logout();//退出用户return redirect:/login.jsp;}
}MD5、Salt的认证实现
开发数据库注册
1.用户注册页面
h1用户注册/h1
form action${pageContext.request.contextPath}/user/register methodpost用户名:input typetext nameusername br/密码 : input typetext namepassword brinput typesubmit value立即注册
/form2.创建用户注册表
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS 0;
-- ----------------------------
-- Table structure for t_user
-- ----------------------------
DROP TABLE IF EXISTS t_user;
CREATE TABLE t_user (id int(6) NOT NULL AUTO_INCREMENT,username varchar(40) DEFAULT NULL,password varchar(40) DEFAULT NULL,salt varchar(255) DEFAULT NULL,PRIMARY KEY (id)
) ENGINEInnoDB AUTO_INCREMENT2 DEFAULT CHARSETutf8;3.引入依赖
!--mybatis相关依赖--
dependencygroupIdorg.mybatis.spring.boot/groupIdartifactIdmybatis-spring-boot-starter/artifactIdversion2.1.2/version
/dependency!--mysql--
dependencygroupIdmysql/groupIdartifactIdmysql-connector-java/artifactIdversion5.1.38/version
/dependency!--druid--
dependencygroupIdcom.alibaba/groupIdartifactIddruid/artifactIdversion1.1.19/version
/dependency4.配置数据源
server.port8888
server.servlet.context-path/shiro
spring.application.nameshirospring.mvc.view.prefix/
spring.mvc.view.suffix.jsp
#新增配置
spring.datasource.typecom.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-namecom.mysql.jdbc.Driver
spring.datasource.urljdbc:mysql://localhost:3306/shiro?characterEncodingUTF-8
spring.datasource.usernameroot
spring.datasource.passwordrootmybatis.type-aliases-packagecom.baizhi.springboot_jsp_shiro.entity
mybatis.mapper-locationsclasspath:com/baizhi/mapper/*.xml5.创建实体类
Data
Accessors(chain true)
AllArgsConstructor
NoArgsConstructor
public class User implements Serializable {private String id;private String username;private String password;private String salt;//定义角色集合private ListRole roles;}
6.开发controller
Controller
RequestMapping(user)
public class UserController {Autowiredprivate UserService userService;/*** 用户注册*/RequestMapping(register)public String register(User user) {try {userService.register(user);return redirect:/login.jsp;}catch (Exception e){e.printStackTrace();return redirect:/register.jsp;}}
}7.开发Service
public interface UserService {//注册用户方法void register(User user);
}Overridepublic void register(User user) {//处理业务调用dao//1.生成随机盐String salt SaltUtils.getSalt(8);//2.将随机盐保存到数据user.setSalt(salt);//3.明文密码进行md5 salt hash散列Md5Hash md5Hash new Md5Hash(user.getPassword(),salt,1024);user.setPassword(md5Hash.toHex());userDAO.save(user);}8.创建DAO接口
Mapper
public interface UserDAO {void save(User user);
}insert idsave parameterTypeUser useGeneratedKeystrue keyPropertyidinsert into t_user values(#{id},#{username},#{password},#{salt})
/insert9.创建salt工具类
public class SaltUtils {/*** 生成salt的静态方法* param n* return*/public static String getSalt(int n){char[] chars ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz01234567890!#$%^*().toCharArray();StringBuilder sb new StringBuilder();for (int i 0; i n; i) {char aChar chars[new Random().nextInt(chars.length)];sb.append(aChar);}return sb.toString();}
}开发数据库注册认证
我们需要根据用户名查询来判定用户注册的操作是否合法
1.开发DAO
Mapper
public interface UserDAO {void save(User user);//根据身份信息认证的方法User findByUserName(String username);
}select idfindByUserName parameterTypeString resultTypeUserselect id,username,password,salt from t_userwhere username #{username}
/select2.开发Service层
public interface UserService {//注册用户方法void register(User user);//根据用户名查询业务的方法User findByUserName(String username);
}Service(userService)
Transactional
public class UserServiceImpl implements UserService {Autowiredprivate UserDAO userDAO;Overridepublic User findByUserName(String username) {return userDAO.findByUserName(username);}
}3.开发在工厂中获取bean对象的工具类
解决给自定义的Realm注入业务对象。
Component
public class ApplicationContextUtils implements ApplicationContextAware {private static ApplicationContext context;Overridepublic void setApplicationContext(ApplicationContext applicationContext) throws BeansException {this.context applicationContext;}//根据bean名字获取工厂中指定bean 对象public static Object getBean(String beanName){return context.getBean(beanName);}
}4.修改自定义realm Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {System.out.println();//根据身份信息String principal (String) token.getPrincipal();//在工厂中获取service对象UserService userService (UserService) ApplicationContextUtils.getBean(userService);//根据身份信息查询User user userService.findByUserName(principal);if(!ObjectUtils.isEmpty(user)){//返回数据库信息return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(), ByteSource.Util.bytes(user.getSalt()),this.getName());}return null;}5.修改ShiroConfig中realm使用凭证匹配器以及hash散列
Bean
public Realm getRealm(){CustomerRealm customerRealm new CustomerRealm();//设置hashed凭证匹配器HashedCredentialsMatcher credentialsMatcher new HashedCredentialsMatcher();//设置md5加密credentialsMatcher.setHashAlgorithmName(md5);//设置散列次数credentialsMatcher.setHashIterations(1024);customerRealm.setCredentialsMatcher(credentialsMatcher);return customerRealm;
}
