您的当前位置:首页>新品 > 正文

【千锋南京JAVA】jwt结合shiro和idea版_每日看点

来源:CSDN 时间:2023-01-28 07:55:16

用BCrypt加密的shiro配置多个realm配置Shiro的多Realm验证的实现–shiro实现不同身份使用不同Realm进行验证 springboot整合shiro和idea版最新Apache Shiro快速入门Security安全框架【千锋南京JAVA】 jwt结合shiro使用


(资料图片)

@Bean    public ShiroRealm getRealm() {ShiroRealm shiroRealm1 = new ShiroRealm();        shiroRealm1.setCredentialsMatcher(new CredentialsMatcher() {@Override            public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;                String plaimtext = new String(token.getPassword());                String hashed = authenticationInfo.getCredentials().toString();                System.out.println("明文密码"+plaimtext+hashed);                return BCrypt.checkpw(plaimtext,hashed);            }        });        return shiroRealm1;    }

package com.sbibits.config;import org.apache.shiro.SecurityUtils;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.subject.Subject;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import java.util.LinkedHashMap;import java.util.Map;/** * @author admin * @version 1.0.0 * @ClassName ShiroConfig.java * @Description TODO * @createTime 2019年12月12日 16:10:00 */@Configurationpublic class ShiroConfig {//创建ShiroFilterFactoryBean    @Bean    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();        //设置安全管理器        shiroFilterFactoryBean.setSecurityManager(securityManager);        /**         * 添加shiro内置过滤器         *      常用的过滤器:         *         anon:无需认证可以访问         *         authc:必须认证         *         user:若使用remeberme的功能可以访问         *         perms:须得到授权         *         role: 需得到角色可访问         * */        MapfilterMap = new LinkedHashMap<>();        filterMap.put("/user/*", "authc");        filterMap.put("/*", "anon");        //修改调整的页面//        shiroFilterFactoryBean.setLoginUrl("/");        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);        return shiroFilterFactoryBean;    }    //创建DefaultWebSecurityManager    @Bean(name = "securityManager")    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();        //关联realm        securityManager.setRealm(userRealm);        return securityManager;    }    //创建realm    @Bean(name = "userRealm")    public UserRealm getRealm() {return new UserRealm();    }}

package com.sbibits.config;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;/** * @author admin * @version 1.0.0 * @ClassName UserRealm.java * @Description TODO * @createTime 2019年12月12日 16:12:00 */public class UserRealm extends AuthorizingRealm {//执行授权逻辑    @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("执行授权逻辑");        return null;    }    //执行认证逻辑    @Override    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {return null;    }}

用户注册时,先用bcrypt加密存入数据库 执行认证逻辑时,用 BCrypt.checkpw判断密码是否相同,返回boolean值 获取盐 登出操作

shiro

导入依赖

org.apache.shiroshiro-spring1.4.0

编写shiro两个核心配置shiroconfig和userrealm

public class UserRealm extends AuthorizingRealm {//授权逻辑    @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("执行授权逻辑");        SimpleAuthorizationInfo sa = new SimpleAuthorizationInfo();        sa.addStringPermission("user:add");        return sa;    }    //认证逻辑    @Override    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("执行认证逻辑");        UsernamePasswordToken token = (UsernamePasswordToken)authenticationToken;        return new SimpleAuthenticationInfo("","1234","");    }

@Bean    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();        //设置安全管理器        shiroFilterFactoryBean.setSecurityManager(securityManager);        return shiroFilterFactoryBean;    }    //创建DefaultWebSecurityManager    @Bean(name = "securityManager")    public DefaultWebSecurityManager getDefaultWebSecurityManager() {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();        //关联realm        securityManager.setRealm(getRealm());        return securityManager;    }    //创建realm,需要自定义realm    @Bean    public UserRealm getRealm() {return new UserRealm();    }

编写controller

@PostMapping("register")    public String shiro(User user, Model model) {//获取subject        Subject subject = SecurityUtils.getSubject();        System.out.println("判断是否已经登录" + subject.isAuthenticated());        //若没有登录,把用户名密码封装为UsernamePasswordToken对象        UsernamePasswordToken token = new UsernamePasswordToken(user.getName(), user.getPassword());        try {//执行登录            subject.login(token);            System.out.println("再判断是否已经登录" + subject.isAuthenticated());            return "success";        } catch (IncorrectCredentialsException e) {model.addAttribute("msg", "密码不存在");            return "login";        } catch (UnknownAccountException e) {model.addAttribute("msg", "用户名不存在");            return "login";        }

Shiro的三种授权(十二)

多个权限标识 hasAnyPermissions hasPermission

// 拥有 admin 角色可以访问 @RequiresRoles(“admin”) // 拥有 user 或 admin 角色可以访问 @RequiresRoles(logical = Logical.OR, value = {“user”, “admin”}) // 拥有 user 或 admin 角色,且拥有 vip 权限可以访问 @GetMapping("/getVipMessage") @RequiresRoles(logical = Logical.OR, value = {“user”, “admin”}) @RequiresPermissions(“vip”) public ResultMap getVipMessage() {return resultMap.success().code(200).message(“成功获得 vip 信息!”); }

标签:

最新新闻:

新闻放送
Top