實現登錄驗證功能

1、創建自己的Realm對象，繼承AuthorizingRealm

??? ?實現父類的doGetAuthenticationInfo 認證方法

MyRealm.java

package com.dym.shiroweb.config;import com.dym.shiroweb.bean.UserBean; import com.dym.shiroweb.service.UserService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Configuration;import javax.annotation.Resource;@Configuration public class MyRealm extends AuthorizingRealm {@Resourceprivate UserService userService;private Logger logger = LoggerFactory.getLogger(MyRealm.class);protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {logger.info("------entered MyRealm doGetAuthorizationInfo method");return null;}protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {logger.info("+++++++entered MyRealm doGetAuthenticationInfo method");// 1 獲取當前用戶的用戶名UsernamePasswordToken userToken = (UsernamePasswordToken) token;String username = userToken.getUsername();// 2 獲取數據庫里面的用戶，來跟當前用戶進行比對 認證UserBean userBean = userService.queryUserByName(username);// 3 如果沒有查到，表示沒有這個用戶if(null==userBean){return null; // 會拋出UnknownAccountException}// 4 返回 AuthenticationToken，完成了認證流程/* @param principal 數據庫里面查詢出來的記錄* @param credentials 查詢出來的數據庫中的密碼* @param realmNamepublic SimpleAuthenticationInfo(Object principal, Object credentials, String realmName) {this.principals = new SimplePrincipalCollection(principal, realmName);this.credentials = credentials;}* */// 注： 至于 密碼這一塊的驗證，shiro幫我們做了，shiro進行相應的驗證處理。SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userBean,userBean.getUserPass(),"MyRealm");return simpleAuthenticationInfo;} }

2、配置路徑過濾器

//配置路徑過濾器 Map<String,String> filterMap = new HashMap<>(); //key是ant路徑，支持**代表多級路徑，*代表單級路徑，？代表一個字符 filterMap.put("")factoryBean.setFilterChainDefinitionMap(filterMap); package com.dym.shiroweb.config;import org.apache.shiro.realm.Realm; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.ShiroFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;import java.util.HashMap; import java.util.Map;@Configuration public class ShiroConfig {// 1 Realm 代表系統資源@Beanpublic Realm myRealm() {return new MyRealm();}// 2 SecurityManager 流程控制@Beanpublic DefaultWebSecurityManager mySecurityManager(Realm myRealm) {DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();securityManager.setRealm(myRealm);return securityManager;}// 3 ShiroFilterFactoryBean 請求過濾器@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager mySecurityManager) {ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();factoryBean.setSecurityManager(mySecurityManager);//配置路徑過濾器Map<String,String> filterMap=new HashMap<>();//key 是ant的默認路徑，value配置shiro的默認過濾器//shiro的默認過濾器，配置DefaultFilter中的key//auth,authc,perms,role//表示兩個資源的路徑都需要登錄才可以訪問filterMap.put("/mobile/**","authc");filterMap.put("/salary/**","authc");factoryBean.setFilterChainDefinitionMap(filterMap);return factoryBean;}}

目前實現的功能：

1、已經可以正常判斷用戶名和密碼。

2、兩個資源路徑需要登錄才可以訪問。 否則跳到了login.jsp

---

---

修復登錄認證錯誤的訪問情況

設置登錄頁、登錄成功頁、未經授權頁

登出，有兩種方式

第一種? 直接寫在controller里面

@RequestMapping("/logout") public void logout() {Subject currentUser = SecurityUtils.getSubject();currentUser.logout(); }

第二種? 使用shiro提供的logout過濾器

filterMap.put("/common/logout","logout");

---

---

總結

以上是生活随笔為你收集整理的shiro 实现登录验证功能的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。