首先引入需要的pom

        <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-spring-boot-web-starter</artifactId>

            <version>1.4.1</version>

        </dependency>

配置application.properties

#登录界面

shiro.loginUrl=/login

#无权限界面

shiro.unauthorizedUrl=/

#成功界面

shiro.successUrl=/index

自定义UserRealm

public class UserRealm extends AuthorizingRealm {

    @Autowired

    private UserService userService;

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

        if(principalCollection == null){

            throw new AuthenticationException("PrincipalCollection参数不能为空。");

        }

        TUser user = (TUser) getAvailablePrincipal(principalCollection);

        if(ObjectUtils.isEmpty(user)){

            throw new AuthenticationException("用户不存在");

        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        if(ObjectUtils.isEmpty(user.getRole())){

            info.setRoles(new HashSet<String>(){{add("public");}});

        }else{

            info.setRoles(new HashSet<String>(){{add(user.getRole());}});

        }

        return info;

    }

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {

        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;

        String username = token.getUsername();

        if(StringUtils.isEmpty(username)){

            throw new UnknownAccountException();

        }

        TUser user = userService.fetchByUsername(username);

        if(ObjectUtils.isEmpty(user)){

            throw new UnknownAccountException();

        }

        if(user.getDisabled()){

            throw new LockedAccountException();

        }

        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),ByteSource.Util.bytes(user.getSalt()),getName());

        return info;

    }

}

添加用户时密码加密方法

public String md5(String password,String salt){

        //加密方式

        String algorithmName = "MD5";

        //盐值

        ByteSource byteSalt = ByteSource.Util.bytes(salt);

        //加密次数

        int hashIterations = 6;

        SimpleHash result = new SimpleHash(algorithmName, password, byteSalt, hashIterations);

        //Md2Hash Md5Hash Sha1Hash Sha256Hash Sha384Hash Sha512Hash 最后都是调用SimpleHash加密

        //Md5Hash r = new Md5Hash(password,byteSalt,hashIterations);

        return result.toHex();

}
配置 ShiroConfig
@Configuration

public class ShiroConfig {

    @Bean

    public Realm realm(){

        UserRealm userRealm = new UserRealm();

        userRealm.setCredentialsMatcher(hashedCredentialsMatcher());

        return userRealm;

    }

    /**

      *  配置url

      *  anon 任何人都能访问

      *  authc 认证成功后才能访问

      */

    @Bean

    public ShiroFilterChainDefinition shiroFilterChainDefinition(){

        DefaultShiroFilterChainDefinition chain = new DefaultShiroFilterChainDefinition();

        Map<String,String> pathDefinitions = new HashMap<>();

        pathDefinitions.put("/loginDo","anon");

        pathDefinitions.put("/**","authc");

        chain.addPathDefinitions(pathDefinitions);

        return chain;

    }

    /**

     * 密码验证

     * @return

     */

    @Bean

    public HashedCredentialsMatcher hashedCredentialsMatcher(){

        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();

        credentialsMatcher.setHashAlgorithmName("MD5");

        credentialsMatcher.setHashIterations(6);

        credentialsMatcher.setStoredCredentialsHexEncoded(true);

        return credentialsMatcher;

    }

}

登录controller

    @PostMapping("/loginDo")

    @ResponseBody

    public Result loginDo(String username, String password, boolean rememberMe) {

        if(StringUtils.isEmpty(username)){

            return Result.error("请输入用户名");

        }

        if(StringUtils.isEmpty(password)){

            return Result.error("请输入密码");

        }

        try {

            Subject subject = SecurityUtils.getSubject();

            subject.login(new UsernamePasswordToken(username, password, rememberMe));

        } catch (UnknownAccountException e1) {

            return Result.error("用户名或密码错误");

        } catch (LockedAccountException e2) {

            return Result.error("用户已被锁定");

        } catch (AuthenticationException e3) {

            return Result.error("登录失败");

        }

        return Result.success();

    }

最新文章

  1. bzoj3380+3381+3382+3383 Usaco2004 Open
  2. 【requireJS源码学习02】data-main加载的实现
  3. 对于amqplib的使用心得
  4. IOS网络第五天 AFN-02-文件上传,底部弹出窗体,拍照和相册获取图片上传
  5. vsftpd.conf
  6. NRF51822之IIC(MEMS_LIS2DH12)
  7. Visual Studio与Chrome调试工具使用技巧
  8. flask--虚拟环境
  9. HttpLib - 一个对 Http 协议进行封装的库
  10. AndroidStudio-OSX 常用快捷键整理
  11. 基于spring mvc的注解DEMO完整例子
  12. 自己编写基于MVC的轻量级PHP框架
  13. Umbraco中更换IndexSet中的NodeType后,搜索页面没有做出对应更改的效果
  14. (一)学习CSS之z-index属性
  15. Git (2)
  16. 影响国内WinCE7发展的最大障碍是没有D版下载
  17. Linux服务器管理神器-IPython
  18. hibernate框架学习第二天:核心API、工具类、事务、查询、方言、主键生成策略等
  19. bram和dram的区别
  20. OWASP移动安全漏洞Top 10

热门文章

  1. [原]NYOJ-开灯问题-77
  2. 关于VGG网络的介绍
  3. 洛谷P4721 【模板】分治 FFT(生成函数+多项式求逆)
  4. makefile 基础知识
  5. K.I.S.S 原则
  6. CentOS 7 安装以及配置 VNC
  7. [51nod1106]质数检测
  8. 12、geo数据上传
  9. p4555&amp;bzoj2565 最长双回文串
  10. BOX (UVA-1587) 比较代码书写上的差距