<dependency><groupid>org.springframework.boot</groupid><artifactid>spring-boot-starter-thymeleaf</artifactid><version>1.5.6.relea</version></dependency><!-- https://mvnrepository.com/artifact/org.thymeleaf/thymeleaf --><dependency><groupid>org.thymeleaf</groupid><artifactid>thymeleaf</artifactid><version>${thymeleaf.version}</version></dependency> <!-- shiro安全框架 --><dependency><groupid>org.apache.shiro</groupid><artifactid>shiro-spring</artifactid><version>1.4.0</version></dependency><!--thymeleaf-shiro-extras--><dependency><groupid>com.github.theborakompanioni</groupid><artifactid>thymeleaf-extras-shiro</artifactid><version>1.2.1</version></dependency>//用户表public class ur { private integer urid; private string urname; private t<role> roles = new hasht<>();}//角色表public class ur { private integer id; private string role; private t<module> modules = new hasht<>(); private t<ur> urs = new hasht<>();}//权限表public class module { private integer mid; private string mname; private t<role> roles = new hasht<>();} //用户查询<resultmap id="baresultmap" type="com.lanyu.common.model.ur" > <id column="ur_id" property="urid" jdbctype="integer" /> <result column="ur_name" property="urname" jdbctype="varchar" /> <!-- 多对多关联映射:collection --> <collection property="roles" oftype="role"> <id property="id" column="c_id" /> <result property="role" column="role" /> <collection property="modules" oftype="module"> <id property="mid" column="mid"/> <result property="mname" column="mname"/> </collection> </collection> </resultmap> //查询用户信息,返回结果会自动分组,得到用户信息 <lect id="lectbyphone" resultmap="baresultmap" parametertype="java.lang.string" > lect u.*, r.*, m.* from sys_ur u inner join sys_ur_role ur on ur.urid = u.ur_id inner join sys_role r on r.rid = ur.roleid inner join sys_role_module mr on mr.rid = r.rid inner join sys_module m on mr.mid = m.mid where u.ur_name=#{urname} or u.phone=#{urname}; </lect>@configurationpublic class shiroconfiguration { //用于thymeleaf模板使用shiro标签 @bean public shirodialect shirodialect() { return new shirodialect(); } @bean(name="shirofilter") public shirofilterfactorybean shirofilter(@qualifier("curitymanager") curitymanager manager) { shirofilterfactorybean bean=new shirofilterfactorybean(); bean.tcuritymanager(manager); //配置登录的url和登录成功的url bean.tloginurl("/loginpage"); bean.tsuccessurl("/indexpage"); //配置访问权限 linkedhashmap<string, string> filterchaindefinitionmap=new linkedhashmap<>();// filterchaindefinitionmap.put("/loginpage*", "anon"); //表示可以匿名访问 filterchaindefinitionmap.put("/admin/*underwear", "authc");//表示需要认证才可以访问 filterchaindefinitionmap.put("/logout*","anon"); filterchaindefinitionmap.put("/img/**","anon"); filterchaindefinitionmap.put("/js/**","anon"); filterchaindefinitionmap.put("/css/**","anon"); filterchaindefinitionmap.put("/fomts/**","anon"); filterchaindefinitionmap.put("/**", "anon"); bean.tfilterchaindefinitionmap(filterchaindefinitionmap); return bean; } //配置核心安全事务管理器 @bean(name="curitymanager") public curitymanager curitymanager(@qualifier("authrealm") authrealm authrealm) { system.err.println("--------------shiro已经加载----------------"); defaultwebcuritymanager manager=new defaultwebcuritymanager(); manager.trealm(authrealm); return manager; } //配置自定义的权限登录器 @bean(name="authrealm") public authrealm authrealm(@qualifier("credentialsmatcher") credentialsmatcher matcher) { authrealm authrealm=new authrealm(); authrealm.tcredentialsmatcher(matcher); return authrealm; } //配置自定义的密码比较器 @bean(name="credentialsmatcher") public credentialsmatcher credentialsmatcher() { return new credentialsmatcher(); } @bean public lifecyclebeanpostprocessor lifecyclebeanpostprocessor(){ return new lifecyclebeanpostprocessor(); } @bean public defaultadvisorautoproxycreator defaultadvisorautoproxycreator(){ defaultadvisorautoproxycreator creator=new defaultadvisorautoproxycreator(); creator.tproxytargetclass(true); return creator; } @bean public authorizationattributesourceadvisor authorizationattributesourceadvisor(@qualifier("curitymanager") curitymanager manager) { authorizationattributesourceadvisor advisor=new authorizationattributesourceadvisor(); advisor.tcuritymanager(manager); return advisor; }}— - - -- - -- - -- - -- - - -- - - - -- public class authrealm extends authorizingrealm { @autowired private urrvice urrvice; //认证.登录 @override protected authenticationinfo dogetauthenticationinfo(authenticationtoken token) throws authenticationexception { urnamepasswordtoken utoken=(urnamepasswordtoken) token;//获取用户输入的token string urname = utoken.geturname(); ur ur = urrvice.lectbyphone(urname); return new simpleauthenticationinfo(ur, ur.getpassword(),this.getclass().getname());//放入shiro.调用credentialsmatcher检验密码 } //授权 @override protected authorizationinfo dogetauthorizationinfo(principalcollection principal) { ur ur=(ur) principal.fromrealm(this.getclass().getname()).iterator().next();//获取ssion中的用户 list<string> permissions=new arraylist<>(); t<role> roles = ur.getrolelist(); simpleauthorizationinfo info=new sim好书推荐作文pleauthorizationinfo(); list<string> listrole = new arraylist<>(); if(roles.size()>0) { for(role role : roles) { if(!listrole.contains(role.getrole())){ listrole.add(role.getrole()); } t<module> modules = role.getmodules(); if(modules.size()>0) { for(module module : modules) { permissions.add(module.getmname()); } } } } info.addroles(listrole); //将角色放入shiro中. info.addstringpermissions(permissions); //将权限放入shiro中. return info; }}//自定义密码比较器public class credentialsmatcher extends simplecredentialsmatcher { private logger logger = logger.getlogger(credentialsmatcher.class); @override public boolean docredentialsmatch(authenticationtoken token, authenticationinfo info) { urnamepasswordtoken utoken=(urnamepasswordtoken) token; //所需加密的参数 即 用户输入的密码 string source = string.valueof(utoken.getpassword()); //[盐] 一般为用户名 或 随机数 string salt = utoken.geturname(); //加密次数 int hashiterations = 50; simplehash sh = new simplehash("md5", source, salt, hashiterations); string strsh =sh.tohex(); //打印最终结果 logger.info("正确密码为:"+strsh); //获得数据库中的密码 string dbpassword= (string) getcredentials(info); logger.info("数据库密码为:"+dbpassword); //进行密码的比对 return this.equals(strsh, dbpassword); }} @requestmapping("/loginur") public string loginur(string urname,string password,httpssion ssion) { urnamepasswordtoken urnamepasswordtoken=new urnamepasswordtoken(urname,password); subject subject = curityutils.getsubject(); map map=new hashmap(); try { subject.login(urnamepasswordtoken); //完成登录 ur ur=(ur) subject.getprincipal(); ssion.tattribute("ur", ur); return "index"; } catch (incorrectcredentialxception e) { map.put("msg", "密码错误"); } catch (lockedaccountexception e) { map.put("msg", "登录失败,该用户已被冻结"); } catch (authenticationexception e) { map.put("msg", "该用户不存在"); } catch (exception e) { return "login";//返回登录页面 } return map.tostring(); }<html lang="zh_cn" xmlns:th="/d/file/titlepic/" xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"> //作为属性控制<button type="button" shiro:authenticated="true" class="btn btn-outline btn-default"><i class="glyphicon glyphicon-plus" aria-hidden="true"></i></button>//作为标签<shiro:hasrole name="admin"><button type="button" class="btn btn-outline btn-default"><i class="glyphicon glyphicon-heart" aria-hidden="true"></i></button></shiro:hasrole>
guest标签 <shir如何辨别方向o:guest> </shiro:guest> 用户没有身份验证时显示相应信息,即游客访问信息。ur标签 <shiro:ur> </shiro:ur> 用户已经身份验证/记住我登录后显示相应的信息。authenticated标签 <shiro:authenticated> </shiro:authenticated> 用户已经身份验证通过,千万别学英语即subject.login登录成功,不是记住我登录的。notauthenticated标签 <shiro:notauthenticated> </shiro:notauthenticated> 用户已经身份验证通过,即没有调用subject.login进行登录,包括记住我自动登录的也属于未进行身份验证。principal标签 <shiro: principal/> <shiro:principal property="urname"/> 相当于((ur)subject.getprincipals()).geturname()。lackspermission标签 <shiro:lackspermission name="org:create"> </shiro:lackspermission> 如果当前subject没有权限将显示body体内容。hasrole标签 <shiro:hasrole name="admin"> </shiro:hasrole> 如果当前subject有角色将显示body体内容。hasanyroles标签 <shiro:hasanyroles name="admin,ur"> </shiro:hasanyroles> 如果当前subject有任意一个角色(或的关系)将显示body体内容。lacksrole标签 <shiro:lacksrole name="abc"> </shiro:lacksrole> 如果当前subject没有角色将显示body体内容。haspermission标签 <shiro:haspermission name="ur:create"> </shiro:haspermission> 如果当前subject有权限将显示body体内容
以上为个人经验,希望能给大家一个参考红磷燃烧,也希望大家多多支持www.887551.com。
本文发布于:2023-04-04 18:19:48,感谢您对本站的认可!
本文链接:https://www.wtabcd.cn/fanwen/zuowen/d0f0645a7aef979eb61db6ba94fcc4de.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文word下载地址:springboot+thymeleaf+shiro标签的实例.doc
本文 PDF 下载地址:springboot+thymeleaf+shiro标签的实例.pdf
| 留言与评论(共有 0 条评论) |
