spring boot 整合shiro(一)
来源:互联网 发布:知乎融资 编辑:程序博客网 时间:2024/06/06 01:16
在上一个记录http://blog.csdn.net/oyh1203/article/details/72235915中初步搭建了一个springboot的项目,现在想将shiro也整合到项目中去,不多说,动手搞,项目结构如图
其它shiro相关的实现类不贴了
shiro配置信息都放到properties文件中文件内容如下
#SHIRO登录成功的URL地址shiro.login.successUrl=/sayHello#SHIRO登录地址shiro.login.loginUrl=/#SHIRO无权限跳转地址shiro.login.unauthorizedUrl=/unauthorizedUrl#SHIRO密码出错次数shiro.login.errorTimes=5#SHIRO有关cache的配置文件路径shiro.login.cacheFilePath=classpath:xml/spring-shiro-ehcache.xml#SHIRO加密方式shiro.login.hashAlgorithmName=MD5#SHIRO加密次数shiro.login.hashIterations=3
shiro配置信息由xml改为代码配置,此处的私有属性通过ConfigurationProperties设置到对应的字段中,使用PropertySource指定配置文件路径,感谢博客园Gin.p
提供的Spring Boot整合shiro出现UnavailableSecurityManagerException异常解决方案
package com.test.ouyang.configure;import java.util.LinkedHashMap;import java.util.logging.Logger;import org.apache.shiro.cache.ehcache.EhCacheManager;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.boot.context.properties.ConfigurationProperties;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.context.annotation.PropertySource;import org.springframework.web.filter.DelegatingFilterProxy;import com.test.ouyang.realm.ResourceCheckFilter;import com.test.ouyang.realm.RetryLimitHashedCredentialsMatcher;import com.test.ouyang.realm.UserRealm;@Configuration@ConfigurationProperties(ignoreUnknownFields = false,prefix = "shiro.login")@PropertySource("classpath:config/shiro.properties")public class ShiroConfiguration {private Logger log_ = Logger.getLogger(ShiroConfiguration.class.getName());private String successUrl ;private String loginUrl ;private String unauthorizedUrl ;private String cacheFilePath ;private int errorTimes ;private String hashAlgorithmName ;private int hashIterations ;public String getSuccessUrl() {return successUrl;}public void setSuccessUrl(String successUrl) {this.successUrl = successUrl;}public String getLoginUrl() {return loginUrl;}public void setLoginUrl(String loginUrl) {this.loginUrl = loginUrl;}public String getUnauthorizedUrl() {return unauthorizedUrl;}public void setUnauthorizedUrl(String unauthorizedUrl) {this.unauthorizedUrl = unauthorizedUrl;}public String getCacheFilePath() {return cacheFilePath;}public void setCacheFilePath(String cacheFilePath) {this.cacheFilePath = cacheFilePath;}public int getErrorTimes() {return errorTimes;}public void setErrorTimes(int errorTimes) {this.errorTimes = errorTimes;}public String getHashAlgorithmName() {return hashAlgorithmName;}public void setHashAlgorithmName(String hashAlgorithmName) {this.hashAlgorithmName = hashAlgorithmName;}public int getHashIterations() {return hashIterations;}public void setHashIterations(int hashIterations) {this.hashIterations = hashIterations;}/** * delegatingFilterProxy方法参考http://www.cnblogs.com/ginponson/p/6217057.html * 修复Spring Boot整合shiro出现UnavailableSecurityManagerException 问题 * 此处设置相当于在web.xml中增加filter * */@Beanpublic FilterRegistrationBean delegatingFilterProxy(){FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();DelegatingFilterProxy proxy = new DelegatingFilterProxy();proxy.setTargetFilterLifecycle(true);proxy.setTargetBeanName("shiroFilter");filterRegistrationBean.setFilter(proxy);return filterRegistrationBean;}@Bean(name="resourceCheckFilter")public ResourceCheckFilter resourceCheckFilter(){ResourceCheckFilter resourceCheckFilter = new ResourceCheckFilter(unauthorizedUrl);return resourceCheckFilter;}//SHIRO核心拦截器配置@Bean(name="shiroFilter")public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {log_.info("successUrl:"+successUrl+"\t loginUrl:"+loginUrl+"\t unauthorizedUrl:"+unauthorizedUrl);ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();bean.setSecurityManager(securityManager);bean.setSuccessUrl(successUrl);bean.setLoginUrl(loginUrl);bean.setUnauthorizedUrl(unauthorizedUrl);//配置访问权限 LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<String, String>(); filterChainDefinitionMap.put("/adminView", "authc,resourceCheckFilter"); filterChainDefinitionMap.put("/testView", "authc,resourceCheckFilter"); filterChainDefinitionMap.put("/guestView", "authc,resourceCheckFilter"); filterChainDefinitionMap.put("/", "anon"); filterChainDefinitionMap.put("/static/**", "anon"); bean.setFilterChainDefinitionMap(filterChainDefinitionMap);return bean ;}//配置SHIRO核心安全事务管理器@Bean(name="securityManager")public DefaultWebSecurityManager securityManager(@Qualifier("userRealm") UserRealm userRealm){DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();defaultWebSecurityManager.setRealm(userRealm);return defaultWebSecurityManager;}//配置自定义的权限登录器@Bean(name="userRealm")public UserRealm userRealm(@Qualifier("credentialsMatcher") RetryLimitHashedCredentialsMatcher credentialsMatcher){UserRealm userRealm = new UserRealm();userRealm.setCredentialsMatcher(credentialsMatcher);return userRealm;}//配置密码对比@Bean(name="credentialsMatcher")public RetryLimitHashedCredentialsMatcher credentialsMatcher(@Qualifier("cacheManager") EhCacheManager cacheManager){RetryLimitHashedCredentialsMatcher credentialsMatcher = new RetryLimitHashedCredentialsMatcher(cacheManager,errorTimes,hashAlgorithmName,hashIterations);return credentialsMatcher;}//配置缓存管理@Bean(name="cacheManager")public EhCacheManager cacheManager(){EhCacheManager cacheManager = new EhCacheManager();cacheManager.setCacheManagerConfigFile(cacheFilePath);return cacheManager;}}
登录方法中使用shiro来校验用户信息
@RequestMapping("/login")public String login(@RequestParam(value="account")String account,@RequestParam(value="password") String password){Subject subject = SecurityUtils.getSubject();log_.info("account:"+account+"\t password:"+password);if(!account.equals(subject.getPrincipal())||!subject.isAuthenticated()){UsernamePasswordToken token = new UsernamePasswordToken(account, password);try {subject.login(token);} catch (UnknownAccountException uae) {//用户名不存在log_.info("用户名或密码错误");}catch (IncorrectCredentialsException ice) {//密码错误log_.info("用户名或密码错误");}catch (LockedAccountException lae) { //账户被锁定log_.info("账户被锁定");}catch(ExcessiveAttemptsException eae){//登录失败次数超过系统最大次数,请稍后重试log_.info("登录失败次数超过系统最大次数,请稍后重试!");}catch (Exception e) {//出现其他异常}}return "index";}
源码内容见附件springboot.zip下载链接为:http://download.csdn.net/detail/oyh1203/9846996
阅读全文
0 0
- spring boot 整合shiro(一)
- spring boot整合shiro
- spring boot shiro整合
- spring boot shiro redis整合
- Spring整合Shiro(一)
- apache shiro整合spring(一)
- shiro spring整合(一)
- spring boot整合Shiro实现单点登录
- Spring boot 整合shiro 实现登陆验证
- Spring boot项目整合thymeleaf和shiro
- 【shiro】--- spring整合shiro
- Apache shiro学习笔记+ spring整合shiro (一)
- Spring Boot Shiro权限管理--自定义 FormAuthenticationFilter验证码整合
- Spring Boot整合jpa,Shiro进行权限管理
- spring boot整合redis,实现shiro的CacheManager
- spring boot整合redis实现shiro的分布式session共享
- spring boot 使用thymeleaf 和shiro标签整合
- spring-boot集成shiro
- seq2seq Model相关接口介绍
- 同源策略及解决办法
- word2016如何插入目录以及页码
- Python编程-数据库-利用PyMysql访问windows下的MySql数据库
- 黑盒测试简介以及方法简介
- spring boot 整合shiro(一)
- 微信开发定时获取token,保证线程安全,高可用
- KMP算法详解及C++实现
- Java动态代理使用
- web的基础知识
- Unique Binary Search Trees
- js的||和 &&的妙用
- anguar js 日期和时间选择插件 angular-datetimepicker 使用时注意事项
- Java学习之Filter