如何将Spring Boot与Shiro框架完美整合?

2026-04-19 16:413阅读0评论SEO教程
  • 内容介绍
  • 文章标签
  • 相关推荐

本文共计1976个文字,预计阅读时间需要8分钟。

如何将Spring Boot与Shiro框架完美整合?

1. 创建一个Spring Boot项目 + 选择Web和Thymeleaf

1.1 新建index.

Title 首页

如何将Spring Boot与Shiro框架完美整合?

1.2 创建一个名为con的控制器

1.创建一个springboot项目

选中web和thymeleaf

1.1新建index.html

<!DOCTYPEhtml> <htmllang="en"xmlns:th="www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>首页</h1> <pth:text="${msg}"></p> </body> </html>

1.2创建一个controller

packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/","/index"}) publicStringtoIndex(Modelmodel){ model.addAttribute("msg","hello,Shiro"); return"index"; } }

一定要记住shiro的三大对象

1.subject:用户

2.SecurityManager:管理所有用户

3.Realm:连接数据

1.3导入整合用的依赖包

<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.1</version> </dependency>

1.4创建一个config(ShiroConfig),并编写他

packagecom.yao.config; importorg.springframework.context.annotation.Configuration; @Configuration publicclassShiroConfig{ //ShiroFilterFactoryBean //DefaultWebSecurityManager //创建realm对象,这个realm对象需要自定义 }

1.5创建自己的一个realmconfig,也就是在config中创建另外一个配置类UserRealm

packagecom.yao.config; importorg.apache.shiro.authc.AuthenticationException; importorg.apache.shiro.authc.AuthenticationInfo; importorg.apache.shiro.authc.AuthenticationToken; importorg.apache.shiro.authz.AuthorizationInfo; importorg.apache.shiro.realm.AuthorizingRealm; importorg.apache.shiro.subject.PrincipalCollection; //自定义的UserRealm publicclassUserRealmextendsAuthorizingRealm{ //授权 @Override protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){ System.out.println("授权。。。"); returnnull; } //认证 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokenauthenticationToken)throwsAuthenticationException{ System.out.println("认证。。。"); returnnull; } }

1.6将UserRealm注册到ShiroConfig里面去,是我们自己写的这个类被spring托管

1.7新建两个测试页面并重新写一下index页面

add.html

<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>add</h1> </body> </html>

update.html

<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>update</h1> </body> </html>

index.html

<!DOCTYPEhtml> <htmllang="en"xmlns:th="www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>首页</h1> <pth:text="${msg}"></p> <hr> <ath:href="@{/user/add}" rel="external nofollow" >add</a>|<ath:href="@{/user/update}" rel="external nofollow" >update</a> </body> </html>

1.8编写controller层

packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/","/index"}) publicStringtoIndex(Modelmodel){ model.addAttribute("msg","hello,Shiro"); return"index"; } @RequestMapping("/user/add") publicStringadd(){ return"user/add"; } @RequestMapping("/user/update") publicStringupdate(){ return"user/update"; } }

1.9添加过滤器

还是在shiroconfig中加入:

//添加Shiro的内置过滤器 /* anon:无需认证就可以访问 authc:必须认证了才能通过 user:必须拥有记住我功能才能用 perms:拥有对某个资源的权限才可以访问 role:拥有某个角色权限才能访问 */ Map<String,String>filterMap=newLinkedHashMap<>(); //filterMap.put("/user/add","authc"); //filterMap.put("/user/update","authc"); filterMap.put("/user/*","authc"); bean.setFilterChainDefinitionMap(filterMap); //设置登录的请求 bean.setLoginUrl("/toLogin"); returnbean;

这里希望没有认证就从add和update跳到login页面因此还要写一个login页面和改写controller

controller层:

@RequestMapping("/toLogin") publicStringtoLogin(){ return"login"; }

login页面:

<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>登录</title> </head> <body> <form> <p>用户名:<inputtype="text"name="username"></p> <p>密码:<inputtype="text"name="password"></p> <p><inputtype="submit"></p> </form> </body> </html>

1.10上面已经完成了页面拦截的功能接下来实现用户认证的工作

login.html:

<!DOCTYPEhtml> <htmllang="en"xmlns:th="www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>登录</title> </head> <body> <pth:text="${msg}"></p> <formth:action="@{/login}"> <p>用户名:<inputtype="text"name="username"></p> <p>密码:<inputtype="text"name="password"></p> <p><inputtype="submit"></p> </form> </body> </html>

controller:

@RequestMapping("/login") publicStringlogin(Stringusername,Stringpassword,Modelmodel){ //获取当前用户 Subjectsubject=SecurityUtils.getSubject(); //封装用户的登录数据(令牌),这里是存在全局里面,都可以调的到 UsernamePasswordTokentoken=newUsernamePasswordToken(username,password); try{ subject.login(token);//执行登陆的方法,如果没有异常就ok了 return"index"; }catch(UnknownAccountExceptione){ model.addAttribute("msg","用户名错误"); return"login"; }catch(IncorrectCredentialsExceptione){ model.addAttribute("msg","密码错误"); return"login"; } }

UserRealm:

//认证 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokentoken)throwsAuthenticationException{ System.out.println("认证。。。"); //用户名,密码数据库中取 Stringname="root"; Stringpassword="123456"; UsernamePasswordTokenuserToken=(UsernamePasswordToken)token; if(!userToken.getUsername().equals(name)){ returnnull;//它这里会自动抛出前面的用户名错误的异常 } //密码认证不让你做,它自己做,他不让你接触密码 returnnewSimpleAuthenticationInfo("",password,""); } }

直接测试即可发现以上功能基本实现。

packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/","/index"}) publicStringtoIndex(Modelmodel){ model.addAttribute("msg","hello,Shiro"); return"index"; } }

2.springboot整合mybatis

2.1导入依赖

<dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.12</version> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency>

2.2编写配置文件application.yml

spring: datasource: username:root password:892095368llq #?serverTimezone=UTC解决时区的报错 url:jdbc:mysql://localhost:3306/yao?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8 driver-class-name:com.mysql.cj.jdbc.Driver type:com.alibaba.druid.pool.DruidDataSource #SpringBoot默认是不注入这些属性值的,需要自己绑定 #druid数据源专有配置 initialSize:5 minIdle:5 maxActive:20 maxWait:60000 timeBetweenEvictionRunsMillis:60000 minEvictableIdleTimeMillis:300000 validationQuery:SELECT1FROMDUAL testWhileIdle:true testOnBorrow:false testOnReturn:false poolPreparedStatements:true #配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入 #如果允许时报错java.lang.ClassNotFoundException:org.apache.log4j.Priority #则导入log4j依赖即可,Maven地址:mvnrepository.com/artifact/log4j/log4j filters:stat,wall,log4j maxPoolPreparedStatementPerConnectionSize:20 useGlobalDataSourceStat:true connectionProperties:druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500

2.3编写配置文件application.properties并新建mapper文件夹

application.properties

mybatis.type-aliases-package=com.yao.pojo mybatis.mapper-locations=classpath:mapper/*.xml

2.4创建pojo层,并配置lombok

<dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.16.10</version> </dependency>

编写一个User.java

packagecom.yao.pojo; importlombok.AllArgsConstructor; importlombok.Data; importlombok.NoArgsConstructor; @Data @AllArgsConstructor @NoArgsConstructor publicclassUser{ privateintid; privateStringname; privateStringpwd; }

2.4创建mapper层,并写出相对应的mapper接口和resources中的对应的mapper实现

UserMapper接口

packagecom.yao.mapper; importcom.yao.pojo.User; importorg.apache.ibatis.annotations.Mapper; importorg.springframework.stereotype.Repository; @Repository @Mapper publicinterfaceUserMapper{ publicUserqueryUserByName(Stringname); } mapper。xml <?xmlversion="1.0"encoding="UTF-8"?> <!DOCTYPEmapper PUBLIC"-//mybatis.org//DTDMapper3.0//EN" "mybatis.org/dtd/mybatis-3-mapper.dtd"> <mappernamespace="com.yao.mapper.UserMapper"> <selectid="queryUserByName"parameterType="String"resultType="User"> select*fromuserwherename=#{name} </select> </mapper>

UserService.interface

packagecom.yao.service; importcom.yao.pojo.User; publicinterfaceUserService{ publicUserqueryUserByName(Stringname); } UserServiceImpl.java packagecom.yao.service; importcom.yao.mapper.UserMapper; importcom.yao.pojo.User; importorg.springframework.beans.factory.annotation.Autowired; importorg.springframework.stereotype.Service; @Service publicclassUserServiceImplimplementsUserService{ @Autowired UserMapperuserMapper; @Override publicUserqueryUserByName(Stringname){ returnuserMapper.queryUserByName(name); } }

2.6在test中测试

packagecom.yao; importcom.yao.service.UserService; importcom.yao.service.UserServiceImpl; importorg.junit.jupiter.api.Test; importorg.springframework.beans.factory.annotation.Autowired; importorg.springframework.boot.test.context.SpringBootTest; @SpringBootTest classShiroSpringbootApplicationTests{ @Autowired UserServiceImpluserService; @Test voidcontextLoads(){ System.out.println(userService.queryUserByName("幺幺")); } }

测试成功,继续写

2.7更改UserRealm

packagecom.yao.config; importcom.yao.pojo.User; importcom.yao.service.UserService; importorg.apache.shiro.SecurityUtils; importorg.apache.shiro.authc.*; importorg.apache.shiro.authz.AuthorizationInfo; importorg.apache.shiro.realm.AuthorizingRealm; importorg.apache.shiro.subject.PrincipalCollection; importorg.apache.shiro.subject.Subject; importorg.springframework.beans.factory.annotation.Autowired; //自定义的UserRealm publicclassUserRealmextendsAuthorizingRealm{ @Autowired UserServiceuserService; //授权 @Override protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){ System.out.println("授权。。。"); returnnull; } //认证 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokentoken)throwsAuthenticationException{ System.out.println("认证。。。"); UsernamePasswordTokenuserToken=(UsernamePasswordToken)token; //连接真实数据库 Useruser=userService.queryUserByName(userToken.getUsername()); if(user==null){ returnnull; } //密码认证不让你做,它自己做,他不让你接触密码 returnnewSimpleAuthenticationInfo("",user.getPwd(),""); } }

2.8添加密码加密

//还有一个md5加密,集成了hashcode是不可逆的 //比如你的密码是123456 //md5(123456,32)=e10adc3949ba59abbe56e057f20f883e //md5(123456,16)=49ba59abbe56e057 //MD5盐值加密e10adc3949ba59abbe56e057f20f883eusername //密码认证不让你做,它自己做,他不让你接触密码 returnnewSimpleAuthenticationInfo("",user.getPwd(),"");

2.9请求授权实现

==============

2.10绑定thymeleaf

packagecom.yao.mapper; importcom.yao.pojo.User; importorg.apache.ibatis.annotations.Mapper; importorg.springframework.stereotype.Repository; @Repository @Mapper publicinterfaceUserMapper{ publicUserqueryUserByName(Stringname); }

以上就是springboot整合Shiro的步骤的详细内容,更多关于springboot整合Shiro的资料请关注易盾网络其它相关文章!

标签:步骤创建

相关推荐

107967Java遍历Map集合的五种方法,哪种最符合你的需求?107969如何轻松实现SpringBoot与MongoDB的完美整合?107975Java中this和super关键字有何本质区别,如何正确运用?107984产品经理如何运用SEO秘籍,打造优化之道长尾关键词?108018MybatisPlus中field-strategy配置为何总是失效,如何解决?108033Mybatis动态SQL中if test的使用具体有哪些条件和场景?108041如何使用Java SmbFile类高效管理企业级网络共享文件夹?108051如何通过1688 SEO关键词优化实现精准流量提升攻略?108058如何通过关键词策略优化网站SEO,实现长尾关键词运用以提升网站排名?108072输入一个数字,如何计算它的阶乘呢?108073佛山抖音SEO如何优化才能提升搜索排名?108075如何用Java Swing编写一个长尾词版餐厅点餐系统源码?108081IDEA中类加载器调用getResourceAsStream()方法需要修改哪些代码才能实现?108082Spring Boot接口限流,哪种算法最适用,特点是什么?108093Java中的线程模型与线程调度是如何协同工作的?108100如何将Java中的Date类型字段巧妙地转换成JSON格式的字符串?

本文共计1976个文字,预计阅读时间需要8分钟。

如何将Spring Boot与Shiro框架完美整合?

1. 创建一个Spring Boot项目 + 选择Web和Thymeleaf

1.1 新建index.

Title 首页

如何将Spring Boot与Shiro框架完美整合?

1.2 创建一个名为con的控制器

1.创建一个springboot项目

选中web和thymeleaf

1.1新建index.html

<!DOCTYPEhtml> <htmllang="en"xmlns:th="www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>首页</h1> <pth:text="${msg}"></p> </body> </html>

1.2创建一个controller

packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/","/index"}) publicStringtoIndex(Modelmodel){ model.addAttribute("msg","hello,Shiro"); return"index"; } }

一定要记住shiro的三大对象

1.subject:用户

2.SecurityManager:管理所有用户

3.Realm:连接数据

1.3导入整合用的依赖包

<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.1</version> </dependency>

1.4创建一个config(ShiroConfig),并编写他

packagecom.yao.config; importorg.springframework.context.annotation.Configuration; @Configuration publicclassShiroConfig{ //ShiroFilterFactoryBean //DefaultWebSecurityManager //创建realm对象,这个realm对象需要自定义 }

1.5创建自己的一个realmconfig,也就是在config中创建另外一个配置类UserRealm

packagecom.yao.config; importorg.apache.shiro.authc.AuthenticationException; importorg.apache.shiro.authc.AuthenticationInfo; importorg.apache.shiro.authc.AuthenticationToken; importorg.apache.shiro.authz.AuthorizationInfo; importorg.apache.shiro.realm.AuthorizingRealm; importorg.apache.shiro.subject.PrincipalCollection; //自定义的UserRealm publicclassUserRealmextendsAuthorizingRealm{ //授权 @Override protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){ System.out.println("授权。。。"); returnnull; } //认证 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokenauthenticationToken)throwsAuthenticationException{ System.out.println("认证。。。"); returnnull; } }

1.6将UserRealm注册到ShiroConfig里面去,是我们自己写的这个类被spring托管

1.7新建两个测试页面并重新写一下index页面

add.html

<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>add</h1> </body> </html>

update.html

<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>update</h1> </body> </html>

index.html

<!DOCTYPEhtml> <htmllang="en"xmlns:th="www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>Title</title> </head> <body> <h1>首页</h1> <pth:text="${msg}"></p> <hr> <ath:href="@{/user/add}" rel="external nofollow" >add</a>|<ath:href="@{/user/update}" rel="external nofollow" >update</a> </body> </html>

1.8编写controller层

packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/","/index"}) publicStringtoIndex(Modelmodel){ model.addAttribute("msg","hello,Shiro"); return"index"; } @RequestMapping("/user/add") publicStringadd(){ return"user/add"; } @RequestMapping("/user/update") publicStringupdate(){ return"user/update"; } }

1.9添加过滤器

还是在shiroconfig中加入:

//添加Shiro的内置过滤器 /* anon:无需认证就可以访问 authc:必须认证了才能通过 user:必须拥有记住我功能才能用 perms:拥有对某个资源的权限才可以访问 role:拥有某个角色权限才能访问 */ Map<String,String>filterMap=newLinkedHashMap<>(); //filterMap.put("/user/add","authc"); //filterMap.put("/user/update","authc"); filterMap.put("/user/*","authc"); bean.setFilterChainDefinitionMap(filterMap); //设置登录的请求 bean.setLoginUrl("/toLogin"); returnbean;

这里希望没有认证就从add和update跳到login页面因此还要写一个login页面和改写controller

controller层:

@RequestMapping("/toLogin") publicStringtoLogin(){ return"login"; }

login页面:

<!DOCTYPEhtml> <htmllang="en"> <head> <metacharset="UTF-8"> <title>登录</title> </head> <body> <form> <p>用户名:<inputtype="text"name="username"></p> <p>密码:<inputtype="text"name="password"></p> <p><inputtype="submit"></p> </form> </body> </html>

1.10上面已经完成了页面拦截的功能接下来实现用户认证的工作

login.html:

<!DOCTYPEhtml> <htmllang="en"xmlns:th="www.thymeleaf.org"> <head> <metacharset="UTF-8"> <title>登录</title> </head> <body> <pth:text="${msg}"></p> <formth:action="@{/login}"> <p>用户名:<inputtype="text"name="username"></p> <p>密码:<inputtype="text"name="password"></p> <p><inputtype="submit"></p> </form> </body> </html>

controller:

@RequestMapping("/login") publicStringlogin(Stringusername,Stringpassword,Modelmodel){ //获取当前用户 Subjectsubject=SecurityUtils.getSubject(); //封装用户的登录数据(令牌),这里是存在全局里面,都可以调的到 UsernamePasswordTokentoken=newUsernamePasswordToken(username,password); try{ subject.login(token);//执行登陆的方法,如果没有异常就ok了 return"index"; }catch(UnknownAccountExceptione){ model.addAttribute("msg","用户名错误"); return"login"; }catch(IncorrectCredentialsExceptione){ model.addAttribute("msg","密码错误"); return"login"; } }

UserRealm:

//认证 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokentoken)throwsAuthenticationException{ System.out.println("认证。。。"); //用户名,密码数据库中取 Stringname="root"; Stringpassword="123456"; UsernamePasswordTokenuserToken=(UsernamePasswordToken)token; if(!userToken.getUsername().equals(name)){ returnnull;//它这里会自动抛出前面的用户名错误的异常 } //密码认证不让你做,它自己做,他不让你接触密码 returnnewSimpleAuthenticationInfo("",password,""); } }

直接测试即可发现以上功能基本实现。

packagecom.yao.controller; importorg.springframework.stereotype.Controller; importorg.springframework.ui.Model; importorg.springframework.web.bind.annotation.RequestMapping; @Controller publicclassMyController{ @RequestMapping({"/","/index"}) publicStringtoIndex(Modelmodel){ model.addAttribute("msg","hello,Shiro"); return"index"; } }

2.springboot整合mybatis

2.1导入依赖

<dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.12</version> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency>

2.2编写配置文件application.yml

spring: datasource: username:root password:892095368llq #?serverTimezone=UTC解决时区的报错 url:jdbc:mysql://localhost:3306/yao?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8 driver-class-name:com.mysql.cj.jdbc.Driver type:com.alibaba.druid.pool.DruidDataSource #SpringBoot默认是不注入这些属性值的,需要自己绑定 #druid数据源专有配置 initialSize:5 minIdle:5 maxActive:20 maxWait:60000 timeBetweenEvictionRunsMillis:60000 minEvictableIdleTimeMillis:300000 validationQuery:SELECT1FROMDUAL testWhileIdle:true testOnBorrow:false testOnReturn:false poolPreparedStatements:true #配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入 #如果允许时报错java.lang.ClassNotFoundException:org.apache.log4j.Priority #则导入log4j依赖即可,Maven地址:mvnrepository.com/artifact/log4j/log4j filters:stat,wall,log4j maxPoolPreparedStatementPerConnectionSize:20 useGlobalDataSourceStat:true connectionProperties:druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500

2.3编写配置文件application.properties并新建mapper文件夹

application.properties

mybatis.type-aliases-package=com.yao.pojo mybatis.mapper-locations=classpath:mapper/*.xml

2.4创建pojo层,并配置lombok

<dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.16.10</version> </dependency>

编写一个User.java

packagecom.yao.pojo; importlombok.AllArgsConstructor; importlombok.Data; importlombok.NoArgsConstructor; @Data @AllArgsConstructor @NoArgsConstructor publicclassUser{ privateintid; privateStringname; privateStringpwd; }

2.4创建mapper层,并写出相对应的mapper接口和resources中的对应的mapper实现

UserMapper接口

packagecom.yao.mapper; importcom.yao.pojo.User; importorg.apache.ibatis.annotations.Mapper; importorg.springframework.stereotype.Repository; @Repository @Mapper publicinterfaceUserMapper{ publicUserqueryUserByName(Stringname); } mapper。xml <?xmlversion="1.0"encoding="UTF-8"?> <!DOCTYPEmapper PUBLIC"-//mybatis.org//DTDMapper3.0//EN" "mybatis.org/dtd/mybatis-3-mapper.dtd"> <mappernamespace="com.yao.mapper.UserMapper"> <selectid="queryUserByName"parameterType="String"resultType="User"> select*fromuserwherename=#{name} </select> </mapper>

UserService.interface

packagecom.yao.service; importcom.yao.pojo.User; publicinterfaceUserService{ publicUserqueryUserByName(Stringname); } UserServiceImpl.java packagecom.yao.service; importcom.yao.mapper.UserMapper; importcom.yao.pojo.User; importorg.springframework.beans.factory.annotation.Autowired; importorg.springframework.stereotype.Service; @Service publicclassUserServiceImplimplementsUserService{ @Autowired UserMapperuserMapper; @Override publicUserqueryUserByName(Stringname){ returnuserMapper.queryUserByName(name); } }

2.6在test中测试

packagecom.yao; importcom.yao.service.UserService; importcom.yao.service.UserServiceImpl; importorg.junit.jupiter.api.Test; importorg.springframework.beans.factory.annotation.Autowired; importorg.springframework.boot.test.context.SpringBootTest; @SpringBootTest classShiroSpringbootApplicationTests{ @Autowired UserServiceImpluserService; @Test voidcontextLoads(){ System.out.println(userService.queryUserByName("幺幺")); } }

测试成功,继续写

2.7更改UserRealm

packagecom.yao.config; importcom.yao.pojo.User; importcom.yao.service.UserService; importorg.apache.shiro.SecurityUtils; importorg.apache.shiro.authc.*; importorg.apache.shiro.authz.AuthorizationInfo; importorg.apache.shiro.realm.AuthorizingRealm; importorg.apache.shiro.subject.PrincipalCollection; importorg.apache.shiro.subject.Subject; importorg.springframework.beans.factory.annotation.Autowired; //自定义的UserRealm publicclassUserRealmextendsAuthorizingRealm{ @Autowired UserServiceuserService; //授权 @Override protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){ System.out.println("授权。。。"); returnnull; } //认证 @Override protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokentoken)throwsAuthenticationException{ System.out.println("认证。。。"); UsernamePasswordTokenuserToken=(UsernamePasswordToken)token; //连接真实数据库 Useruser=userService.queryUserByName(userToken.getUsername()); if(user==null){ returnnull; } //密码认证不让你做,它自己做,他不让你接触密码 returnnewSimpleAuthenticationInfo("",user.getPwd(),""); } }

2.8添加密码加密

//还有一个md5加密,集成了hashcode是不可逆的 //比如你的密码是123456 //md5(123456,32)=e10adc3949ba59abbe56e057f20f883e //md5(123456,16)=49ba59abbe56e057 //MD5盐值加密e10adc3949ba59abbe56e057f20f883eusername //密码认证不让你做,它自己做,他不让你接触密码 returnnewSimpleAuthenticationInfo("",user.getPwd(),"");

2.9请求授权实现

==============

2.10绑定thymeleaf

packagecom.yao.mapper; importcom.yao.pojo.User; importorg.apache.ibatis.annotations.Mapper; importorg.springframework.stereotype.Repository; @Repository @Mapper publicinterfaceUserMapper{ publicUserqueryUserByName(Stringname); }

以上就是springboot整合Shiro的步骤的详细内容,更多关于springboot整合Shiro的资料请关注易盾网络其它相关文章!

标签:步骤创建