• shiro认证

    目录

    一、盐加密

    二、Shiro认证

    1、pom依赖

     2、web.xml配置

    3、通过逆向工程将五张表生成对应的model、mapper

    4、mapper层

    5、web层:UserController

            6、biz层

    7、Myrealm.java

    8、applicationContext-shiro.xml

    9、导入上一篇博客的jsp文件夹

    一、盐加密

    PasswordHelper

    1. package com.liaoxin.ssm.util;
    2.  
    3.  
    4. import org.apache.shiro.crypto.RandomNumberGenerator;
    5. import org.apache.shiro.crypto.SecureRandomNumberGenerator;
    6. import org.apache.shiro.crypto.hash.SimpleHash;
    7.  
    8. /**
    9.  * 用于shiro权限认证的密码工具类
    10.  */
    11. public class PasswordHelper {
    12.  
    13.     /**
    14.      * 随机数生成器
    15.      */
    16.     private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
    17.  
    18.     /**
    19.      * 指定hash算法为MD5
    20.      */
    21.     private static final String hashAlgorithmName = "md5";
    22.  
    23.     /**
    24.      * 指定散列次数为1024次,即加密1024次
    25.      */
    26.     private static final int hashIterations = 1024;
    27.  
    28.     /**
    29.      * true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储
    30.      */
    31.     private static final boolean storedCredentialsHexEncoded = true;
    32.  
    33.     /**
    34.      * 获得加密用的盐
    35.      *
    36.      * @return
    37.      */
    38.     public static String createSalt() {
    39.         return randomNumberGenerator.nextBytes().toHex();
    40.     }
    41.  
    42.     /**
    43.      * 获得加密后的凭证
    44.      *
    45.      * @param credentials 凭证(即密码)
    46.      * @param salt        盐
    47.      * @return
    48.      */
    49.     public static String createCredentials(String credentials, String salt) {
    50.         SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials,
    51.                 salt, hashIterations);
    52.         return storedCredentialsHexEncoded ? simpleHash.toHex() : simpleHash.toBase64();
    53.     }
    54.  
    55.  
    56.     /**
    57.      * 进行密码验证
    58.      *
    59.      * @param credentials        未加密的密码
    60.      * @param salt               盐
    61.      * @param encryptCredentials 加密后的密码
    62.      * @return
    63.      */
    64.     public static boolean checkCredentials(String credentials, String salt, String encryptCredentials) {
    65.         return encryptCredentials.equals(createCredentials(credentials, salt));
    66.     }
    67.  
    68.     public static void main(String[] args) {
    69.         //盐
    70.         String salt = createSalt();
    71.         System.out.println(salt);
    72.         System.out.println(salt.length());
    73.         //凭证+盐加密后得到的密码
    74.         String credentials = createCredentials("123456", salt);
    75.         System.out.println(credentials);
    76.         System.out.println(credentials.length());
    77.         boolean b = checkCredentials("123456", salt, credentials);
    78.         System.out.println(b);
    79.     }
    80. }
    81.

     

    二、Shiro认证

    1、pom依赖

    2.     <groupId>org.apache.shirogroupId>
    3.     <artifactId>shiro-coreartifactId>
    4.     <version>1.3.2version>
    6.  
    7. <dependency>
    8.     <groupId>org.apache.shirogroupId>
    9.     <artifactId>shiro-webartifactId>
    10.     <version>1.3.2version>
    11. dependency>
    12.  
    13. <dependency>
    14.     <groupId>org.apache.shirogroupId>
    15.     <artifactId>shiro-springartifactId>
    16.     <version>1.3.2version>
    17. dependency>
    18.  
    19.

     2、web.xml配置

    2. <filter>
    3.   <filter-name>shiroFilterfilter-name>
    4.   <filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
    5.   <init-param>
    6.     
    7.     <param-name>targetFilterLifecycleparam-name>
    8.     <param-value>trueparam-value>
    9.   init-param>
    10. filter>
    11. <filter-mapping>
    12.   <filter-name>shiroFilterfilter-name>
    13.   <url-pattern>/*url-pattern>
    14. filter-mapping>
    15.  
    16.

    3、通过逆向工程将五张表生成对应的model、mapper

    4、mapper层

    ①UserMapper.xml

    1. "1.0" encoding="UTF-8" ?>
    2. mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
    3. <mapper namespace="com.liaoxin.ssm.mapper.UserMapper" >
    4.   <resultMap id="BaseResultMap" type="com.liaoxin.ssm.model.User" >
    5.     <constructor >
    6.       <idArg column="userid" jdbcType="INTEGER" javaType="java.lang.Integer" />
    7.       <arg column="username" jdbcType="VARCHAR" javaType="java.lang.String" />
    8.       <arg column="password" jdbcType="VARCHAR" javaType="java.lang.String" />
    9.       <arg column="salt" jdbcType="VARCHAR" javaType="java.lang.String" />
    10.       <arg column="createdate" jdbcType="TIMESTAMP" javaType="java.util.Date" />
    11.     constructor>
    12.   resultMap>
    13.   <sql id="Base_Column_List" >
    14.     userid, username, password, salt, createdate
    15.   sql>
    16.   <select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.Integer" >
    17.     select 
    18.     <include refid="Base_Column_List" />
    19.     from t_shiro_user
    20.     where userid = #{userid,jdbcType=INTEGER}
    21.   select>
    22.   <select id="queryByName" resultType="com.liaoxin.ssm.model.User" parameterType="java.lang.String">
    23.     select
    24.     <include refid="Base_Column_List" />
    25.     from t_shiro_user
    26.     where userName = #{userName}
    27.   select>
    28.  
    29.   <delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >
    30.     delete from t_shiro_user
    31.     where userid = #{userid,jdbcType=INTEGER}
    32.   delete>
    33.   <insert id="insert" parameterType="com.liaoxin.ssm.model.User" >
    34.     insert into t_shiro_user (userid, username, password, 
    35.       salt, createdate)
    36.     values (#{userid,jdbcType=INTEGER}, #{username,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR}, 
    37.       #{salt,jdbcType=VARCHAR}, #{createdate,jdbcType=TIMESTAMP})
    38.   insert>
    39.   <insert id="insertSelective" parameterType="com.liaoxin.ssm.model.User" >
    40.     insert into t_shiro_user
    41.     <trim prefix="(" suffix=")" suffixOverrides="," >
    42.       <if test="userid != null" >
    43.         userid,
    44.       if>
    45.       <if test="username != null" >
    46.         username,
    47.       if>
    48.       <if test="password != null" >
    49.         password,
    50.       if>
    51.       <if test="salt != null" >
    52.         salt,
    53.       if>
    54.       <if test="createdate != null" >
    55.         createdate,
    56.       if>
    57.     trim>
    58.     <trim prefix="values (" suffix=")" suffixOverrides="," >
    59.       <if test="userid != null" >
    60.         #{userid,jdbcType=INTEGER},
    61.       if>
    62.       <if test="username != null" >
    63.         #{username,jdbcType=VARCHAR},
    64.       if>
    65.       <if test="password != null" >
    66.         #{password,jdbcType=VARCHAR},
    67.       if>
    68.       <if test="salt != null" >
    69.         #{salt,jdbcType=VARCHAR},
    70.       if>
    71.       <if test="createdate != null" >
    72.         #{createdate,jdbcType=TIMESTAMP},
    73.       if>
    74.     trim>
    75.   insert>
    76.   <update id="updateByPrimaryKeySelective" parameterType="com.liaoxin.ssm.model.User" >
    77.     update t_shiro_user
    78.     <set >
    79.       <if test="username != null" >
    80.         username = #{username,jdbcType=VARCHAR},
    81.       if>
    82.       <if test="password != null" >
    83.         password = #{password,jdbcType=VARCHAR},
    84.       if>
    85.       <if test="salt != null" >
    86.         salt = #{salt,jdbcType=VARCHAR},
    87.       if>
    88.       <if test="createdate != null" >
    89.         createdate = #{createdate,jdbcType=TIMESTAMP},
    90.       if>
    91.     set>
    92.     where userid = #{userid,jdbcType=INTEGER}
    93.   update>
    94.   <update id="updateByPrimaryKey" parameterType="com.liaoxin.ssm.model.User" >
    95.     update t_shiro_user
    96.     set username = #{username,jdbcType=VARCHAR},
    97.       password = #{password,jdbcType=VARCHAR},
    98.       salt = #{salt,jdbcType=VARCHAR},
    99.       createdate = #{createdate,jdbcType=TIMESTAMP}
    100.     where userid = #{userid,jdbcType=INTEGER}
    101.   update>
    102. mapper>

     ②UserMapper.java

    1. package com.liaoxin.ssm.mapper;
    2.  
    3. import com.liaoxin.ssm.model.User;
    4.  
    5. public interface UserMapper {
    6.     int deleteByPrimaryKey(Integer userid);
    7.  
    8.     int insert(User record);
    9.  
    10.     int insertSelective(User record);
    11.  
    12.     User selectByPrimaryKey(Integer userid);
    13.  
    14.     User queryByName(String userName);
    15.  
    16.     int updateByPrimaryKeySelective(User record);
    17.  
    18.     int updateByPrimaryKey(User record);
    19. }

    5、web层:UserController

    1. package com.liaoxin.ssm.web;
    2.  
    3. import org.apache.shiro.SecurityUtils;
    4. import org.apache.shiro.authc.UsernamePasswordToken;
    5. import org.apache.shiro.subject.Subject;
    6. import org.springframework.stereotype.Controller;
    7. import org.springframework.web.bind.annotation.RequestMapping;
    8.  
    9. import javax.servlet.ServletException;
    10. import javax.servlet.http.HttpServletRequest;
    11. import javax.servlet.http.HttpServletResponse;
    12. import java.io.IOException;
    13.  
    14. /**
    15.  * @author liaoxin
    16.  * @create 2022-08-25 18:30
    17.  */
    18. @Controller
    19. public class UserController {
    20.     @RequestMapping("/login")
    21.     public String login(HttpServletRequest request, HttpServletResponse response){
    22.         try{
    23.             String username=request.getParameter("username");
    24.             String password = request.getParameter("password");
    25.             UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
    26.             Subject subject = SecurityUtils.getSubject();
    27.             subject.login(usernamePasswordToken);
    28.             return "main";
    29.         }catch (Exception e){
    30.             request.setAttribute("message","您的用户名或者密码有误");
    31.             return "login";
    32.         }
    33.     }
    34.     @RequestMapping("/logout")
    35.     public String logout(HttpServletRequest request, HttpServletResponse response){
    36.         try{
    37.             Subject subject = SecurityUtils.getSubject();
    38.             subject.logout();
    39.             return "login";
    40.         }catch (Exception e){
    41.             request.setAttribute("message","您的用户名或者密码有误");
    42.             return "login";
    43.         }
    44.     }
    45. }
    46.

    6、biz层

    ①UserBiz

    1. package com.liaoxin.ssm.biz;
    2.  
    3. import com.liaoxin.ssm.model.User;
    4.  
    5. /**
    6.  * @author liaoxin
    7.  * @create 2022-08-25 18:06
    8.  */
    9. public interface UserBiz {
    10.     int deleteByPrimaryKey(Integer userid);
    11.  
    12.     int insert(User record);
    13.  
    14.     int insertSelective(User record);
    15.  
    16.     User selectByPrimaryKey(Integer userid);
    17.  
    18.     User queryByName(String userName);
    19.  
    20.     int updateByPrimaryKeySelective(User record);
    21.  
    22.     int updateByPrimaryKey(User record);
    23. }
    24.

    ②UserBizImpl

    1. package com.liaoxin.ssm.biz.impl;
    2.  
    3. import com.liaoxin.ssm.biz.UserBiz;
    4. import com.liaoxin.ssm.mapper.UserMapper;
    5. import com.liaoxin.ssm.model.User;
    6. import org.springframework.beans.factory.annotation.Autowired;
    7. import org.springframework.stereotype.Service;
    8.  
    9. /**
    10.  * @author liaoxin
    11.  * @create 2022-08-25 18:08
    12.  */
    13. @Service("UserService")
    14. public class UserBizImpl implements UserBiz {
    15.     @Autowired
    16.     private UserMapper userMapper;
    17.  
    18.     @Override
    19.     public int deleteByPrimaryKey(Integer userid) {
    20.         return userMapper.deleteByPrimaryKey(userid);
    21.     }
    22.  
    23.     @Override
    24.     public int insert(User record) {
    25.         return userMapper.insert(record);
    26.     }
    27.  
    28.     @Override
    29.     public int insertSelective(User record) {
    30.         return userMapper.insertSelective(record);
    31.     }
    32.  
    33.     @Override
    34.     public User selectByPrimaryKey(Integer userid) {
    35.         return userMapper.selectByPrimaryKey(userid);
    36.     }
    37.  
    38.     @Override
    39.     public User queryByName(String userName) {
    40.         return userMapper.queryByName(userName);
    41.     }
    42.  
    43.     @Override
    44.     public int updateByPrimaryKeySelective(User record) {
    45.         return userMapper.updateByPrimaryKeySelective(record);
    46.     }
    47.  
    48.     @Override
    49.     public int updateByPrimaryKey(User record) {
    50.         return userMapper.updateByPrimaryKey(record);
    51.     }
    52. }
    53.

    7、Myrealm.java

    1. package com.liaoxin.ssm.shiro;
    2.  
    3. import com.liaoxin.ssm.biz.UserBiz;
    4. import com.liaoxin.ssm.model.User;
    5. import org.apache.shiro.authc.AuthenticationException;
    6. import org.apache.shiro.authc.AuthenticationInfo;
    7. import org.apache.shiro.authc.AuthenticationToken;
    8. import org.apache.shiro.authc.SimpleAuthenticationInfo;
    9. import org.apache.shiro.authz.AuthorizationInfo;
    10. import org.apache.shiro.realm.AuthorizingRealm;
    11. import org.apache.shiro.subject.PrincipalCollection;
    12. import org.apache.shiro.util.ByteSource;
    13.  
    14. /**
    15.  * @author liaoxin
    16.  * @create 2022-08-25 18:16
    17.  */
    18. public class Myrealm extends AuthorizingRealm {
    19.     private UserBiz userBiz;
    20.  
    21.     public UserBiz getUserBiz() {
    22.         return userBiz;
    23.     }
    24.  
    25.     public void setUserBiz(UserBiz userBiz) {
    26.         this.userBiz = userBiz;
    27.     }
    28.  
    29.     @Override
    30.     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    31.         return null;
    32.     }
    33.  
    34.     @Override
    35.     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    36.         System.out.println("身份验证...");
    37.         String username = token.getPrincipal().toString();
    38.         String password = token.getCredentials().toString();
    39.         User user = userBiz.queryByName(username);
    40.         AuthenticationInfo info=new SimpleAuthenticationInfo(
    41.                 user.getUsername(),
    42.                 user.getPassword(),
    43.                 ByteSource.Util.bytes(user.getSalt()),
    44.                 this.getName()
    45.         );
    46.         return info;
    47.     }
    48. }
    49.

    8、applicationContext-shiro.xml

    1. "1.0" encoding="UTF-8"?>
    2. <beans xmlns="http://www.springframework.org/schema/beans"
    3.        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    4.        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    5.  
    6.     
    7.     <bean id="shiroRealm" class="com.javaxl.ssm.shiro.MyRealm">
    8.         <property name="shiroUserService" ref="shiroUserService" />
    9.         
    10.         
    11.         
    12.         
    13.         <property name="credentialsMatcher">
    14.             <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
    15.                 
    16.                 <property name="hashAlgorithmName" value="md5"/>
    17.                 
    18.                 <property name="hashIterations" value="1024"/>
    19.                 
    20.                 <property name="storedCredentialsHexEncoded" value="true"/>
    21.             bean>
    22.         property>
    23.     bean>
    24.  
    25.     
    26.     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    27.         <property name="realm" ref="shiroRealm" />
    28.     bean>
    29.  
    30.     
    31.     <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    32.         
    33.         <property name="securityManager" ref="securityManager" />
    34.         
    35.         <property name="loginUrl" value="/login"/>
    36.         
    37.         
    38.         
    39.         <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
    40.         
    41.         <property name="filterChainDefinitions">
    42.             <value>
    43.                 
    44.                 
    45.                 
    46.                 
    47.                 /user/login=anon
    48.                 /user/updatePwd.jsp=authc
    49.                 /admin/*.jsp=roles[admin]
    50.                 /user/teacher.jsp=perms["user:update"]
    51.                
    52.             value>
    53.         property>
    54.     bean>
    55.  
    56.     
    57.     <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
    58. beans>
    59.  
    60.

    9、导入上一篇博客的jsp文件

     

  • 相关阅读:
    什么是Mock?为什么要使用Mock呢?
    中断机制-interrupt和isInterrupted源码分析、中断协商案例
    关于C语言的一些尘封记忆的唤醒
    UDP程序设计
    SpringBoot篇---第三篇
    shiro集成 spring-加密md5配置--权限管理-shiro中的session 等等!!
    链表的归并排序-LeetCode(Python版)
    爬虫-(4)
    蓝桥杯KMP总结
    token
  • 原文地址:https://blog.csdn.net/qq_44247968/article/details/126541208