实现基于Spring Boot 2和Shiro的身份验证,可以按以下步骤进行:
步骤一:创建Spring Boot项目
使用Spring Initializr或者其他方式创建一个Spring Boot项目。
步骤二:添加Shiro依赖
在项目的pom.xml中添加Shiro的依赖:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>1.5.3</version>
</dependency>
步骤三:配置Shiro
在配置类中创建ShiroFilterFactoryBean和SecurityManager的bean:
@Configuration
public class ShiroConfig {
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login.html");
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized.html");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm());
return securityManager;
}
@Bean
Realm realm() {
CustomRealm realm = new CustomRealm();
return realm;
}
}
这里的CustomRealm需要自己实现,继承AuthorizingRealm,然后实现doGetAuthorizationInfo和doGetAuthenticationInfo。
步骤四:编写登录和退出
登录和退出可以参考以下示例:
@Controller
public class LoginController {
@RequestMapping("/login")
public String login() {
return "login";
}
@RequestMapping("/doLogin")
@ResponseBody
public String doLogin(String username, String password) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
subject.login(token);
} catch (UnknownAccountException e) {
return "用户名不存在";
} catch (IncorrectCredentialsException e) {
return "密码不正确";
}
return "登录成功";
}
@RequestMapping("/logout")
public String logout() {
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()) {
subject.logout();
}
return "redirect:/login";
}
}
步骤五:编写html
可以参考以下的登录和退出html:
<!DOCTYPE html>
<html>
<head>
<title>登录</title>
</head>
<body>
<form action="doLogin" method="POST">
<div>
<label>用户名:</label>
<input type="text" name="username"/>
</div>
<div>
<label>密码:</label>
<input type="password" name="password"/>
</div>
<div>
<input type="submit" value="登录"/>
</div>
</form>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>退出</title>
</head>
<body>
<form id="logout-form" action="#" method="POST">
<input type="hidden" name="_csrf" value="${_csrf.token}"/>
<input type="submit" value="退出"/>
</form>
<script src="/js/jquery.min.js"></script>
<script>
$(function() {
$("#logout-form").submit(function() {
$.ajax({
url: "/logout",
type: "POST",
success: function() {
location.href = "/login.html";
}
});
return false;
});
});
</script>
</body>
</html>
以上就是利用Spring Boot 2和Shiro实现身份验证的完整攻略。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:基于spring boot 2和shiro实现身份验证案例 - Python技术站
微信扫一扫 
支付宝扫一扫 