您的位置:首页 > 房产 > 建筑 > 天元建设集团有限公司朱华_宜昌网站推广_点击排名软件哪个好_seo属于技术还是营销

天元建设集团有限公司朱华_宜昌网站推广_点击排名软件哪个好_seo属于技术还是营销

2025/1/6 15:28:31 来源:https://blog.csdn.net/2301_79969279/article/details/143456950  浏览:    关键词:天元建设集团有限公司朱华_宜昌网站推广_点击排名软件哪个好_seo属于技术还是营销
天元建设集团有限公司朱华_宜昌网站推广_点击排名软件哪个好_seo属于技术还是营销

为Java后端项目添加Shiro进行身份验证,授权操作:

步骤1.引入相关依赖:

<dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring-boot-starter</artifactId><version>1.9.1</version> <!-- 确保使用最新版本 -->
</dependency>

步骤2.配置shiro.ini

在resources目录下进行添加shiro.ini文件

[main]
# Realm配置
myRealm = org.apache.shiro.realm.jdbc.JdbcRealm
myRealm.dataSource = myDataSource# 使用自定义Realm
securityManager.realms = $myRealm[users]
# 用户名 = 密码, 角色
admin = secret, admin
guest = guest, guest[roles]
# 角色 = 权限
admin = *
guest = read
user = read

步骤3.配置ShiroConfig

在config目录下创建ShiroConfig.java文件

package com.cetide.oj.config;import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import javax.sql.DataSource;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;@Configuration
public class ShiroConfig {@Beanpublic Realm myRealm() {// 返回你自己的 Realm 实现return new MyRealm();}@Beanpublic ModularRealmAuthenticator authenticator() {ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());authenticator.setRealms(Arrays.asList(myRealm()));return authenticator;}@Beanpublic ModularRealmAuthorizer authorizer() {ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer();authorizer.setRealms(Arrays.asList(myRealm()));return authorizer;}@Beanpublic SecurityManager securityManager(DataSource dataSource) {JdbcRealm realm = new JdbcRealm();realm.setDataSource(dataSource);// 配置Realm的用户查询和角色查询realm.setPermissionsLookupEnabled(true); // 启用权限查找// 你可以在这里设置自定义的SQL查询以获取用户和角色信息DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm);return securityManager;}@Beanpublic DefaultSessionManager sessionManager() {DefaultSessionManager sessionManager = new DefaultSessionManager();return sessionManager;}@Beanpublic ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();filterFactoryBean.setSecurityManager(securityManager);// 配置访问路径Map<String, String> filterChainDefinitionMap = new HashMap<>();filterChainDefinitionMap.put("/admin/**", "roles[admin]");filterChainDefinitionMap.put("/guest/**", "roles[guest]");filterChainDefinitionMap.put("/**", "anon"); // 允许匿名访问filterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);return filterFactoryBean;}
}

步骤4.配置自定义MyRealm

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;public class MyRealm extends AuthorizingRealm {@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {String username = (String) principals.getPrimaryPrincipal();SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();if ("admin".equals(username)) {info.addRole("admin");info.addStringPermission("*"); // admin有所有权限} else if ("guest".equals(username)) {info.addRole("guest");info.addStringPermission("read"); // guest仅有读取权限}return info;}@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String username = (String) token.getPrincipal();String password = new String((char[]) token.getCredentials());// 模拟数据库查询if ("admin".equals(username) && "123456".equals(password)) {return new SimpleAuthenticationInfo(username, password, getName());} else {throw new UnknownAccountException("用户名或密码错误");}}
}

步骤5.引入到Controller中

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;@Controller
public class HomeController {@PostMapping("/login")public String login(String username, String password) {Subject currentUser = SecurityUtils.getSubject();if (!currentUser.isAuthenticated()) {// 创建一个用户认证的tokenUsernamePasswordToken token = new UsernamePasswordToken(username, password);try {// 执行登录操作currentUser.login(token);if (currentUser.hasRole("admin")) {return "admin"; // 返回管理员视图}return "403"; // 无权限视图} catch (Exception e) {e.printStackTrace();return "loginError"; // 登录失败,返回错误视图}}return "redirect:/"; // 已经登录,重定向到主页}@RequestMapping("/logout")public String logout() {Subject currentUser = SecurityUtils.getSubject();if (currentUser.isAuthenticated()) {currentUser.logout(); // 执行注销}return "redirect:/"; // 注销后重定向到主页}@GetMapping("/")public String home() {return "index"; // 返回主页视图}@GetMapping("/admin")public String admin() {Subject currentUser = SecurityUtils.getSubject();if (currentUser.hasRole("admin")) {return "admin"; // 返回管理员视图}return "403"; // 无权限视图}@GetMapping("/guest")public String guest() {return "guest"; // 返回访客视图}
}

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com