一共三步骤,实现简单登陆拦截
1 ===> 国际惯例导入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
2===>配置两个类
shiroFilter
import org.apache.shiro.mgt.SecurityManager;//只给你这个,其他的都导入shiro的就行了
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);// 安全管理器
shiroFilterFactoryBean.setLoginUrl("/login.html"); // 未认证,跳转的页面
shiroFilterFactoryBean.setSuccessUrl("/admin/index.html");// 成功跳转的页面
shiroFilterFactoryBean.setUnauthorizedUrl("/notRole.html");// 认证后无权限页面
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();// Url过滤器的权限规则
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/image/**", "anon");
filterChainDefinitionMap.put("/plugins/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/login.html", "anon");
//👇是你的登陆方法名称路径,千万别拦截了,要不然你会一脸懵逼,发现怎么点按钮都木的用
filterChainDefinitionMap.put("/Lg/Login", "anon");
// 主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截 剩余的都需要认证
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
defaultSecurityManager.setRealm(customRealm());
return defaultSecurityManager;
}
@Bean
public CustomRealm customRealm() {
CustomRealm customRealm = new CustomRealm();
return customRealm;
}
//下面这些东西我也不晓得有啥用,但是百度上都有,那我也不敢删啊
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),
* 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证 *
* 配置以下两个bean(DefaultAdvisorAutoProxyCreator(可选)
* 和AuthorizationAttributeSourceAdvisor)即可实现此功能 * @return
*/
@Bean
@DependsOn({ "lifecycleBeanPostProcessor" })
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
CustomRealm 名字自定义,随便你,爱咋取咋取
public class CustomRealm extends AuthorizingRealm{
@Autowired AdminInfoServiceImpl adminInfoServiceImpl;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("授权中.......");
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("认证中....................");
这里将会是subject.login(token);的方法的实现
}
}
3===>登陆方法编写
@RestController
@RequestMapping("/Lg")
public class LoginController {
@RequestMapping(value = "Login", method = RequestMethod.POST)
public Result login(@RequestBody AdminInfo info) {
Subject subject = SecurityUtils.getSubject();
// 在认证提交前准备 token(令牌)
UsernamePasswordToken token = new UsernamePasswordToken(info.getUserName(), info.getPassWord());
try {
subject.login(token);
} catch (UnknownAccountException uae) {
return Result.erroReuslt("登陆失败");
} catch (IncorrectCredentialsException ice) {
return Result.erroReuslt("登陆失败");
} catch (LockedAccountException lae) {
return Result.erroReuslt("登陆失败");
} catch (ExcessiveAttemptsException eae) {
return Result.erroReuslt("登陆失败");
}
if (subject.isAuthenticated()) {
return Result.successReuslt("登陆成功!",null);
} else {
token.clear();
return Result.erroReuslt("失败");
}
}
}
这样子就可以实现你的登陆权限校验了,一个简单的demo就做完了~然后你在以后都要输入密码登陆了~不能直接写页面地址了