我们从项目中去理解集成的过程,这样更能加深印象
创建好工程之后,我们需要导入thymeleaf的依赖
<dependency>
<!-- 我们都是基于3.x开发的-->
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring5</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-java8time</artifactId>
</dependency>
也可以参考官方给的案例中springbootweb’中的依赖
接下来就编写一个首页
接着写一个controller包,和MyController
先简单的写一个Controller保证项目能够正常启动
项目正常启动后,我们再来集成shiro,
整合shiro
shiro的三大对象:
Subject:用户
securityManager:管理所有用户
Realm:连接数据
导入shiro,springboot整合shiro的包:
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.5.3</version>
</dependency>
编写配置类:ShiroConfig
package com.qiu.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig {
//第三步:ShiroFilterFactoryBean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//设置安全管理器,需要放置在Bean里面
bean.setSecurityManager(defaultWebSecurityManager);
return bean;
}
//第二步:DefaultWebSecurityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联Realm
//通过传参,在加上@Qualifier进行realm和securityManager的绑定
securityManager.setRealm(userRealm);
return securityManager;
}
//第一步://创建realm对象,需要自定义类
//把类放进配置里面,再加上@bean,这样我们这个类就被spring托管了
@Bean(name = "userRealm")
public UserRealm userRealm(){
return new UserRealm();
}
}
注意这里是重下往上写的
UserRealm类:
package com.qiu.config;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
//自定义的一个realm,需要继承一个
public class UserRealm extends AuthorizingRealm {
@Override
//授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("执行了授权==>doGetAuthorizationInfo");
return null;
}
@Override
//认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("执行了认证==>doGetAuthenticationInfo");
return null;
}
}
新建两个网页,一个是update,一个是add
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>
add
</h1>
</body>
</html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>
update
</h1>
</body>
</html>
然后在添加controller
首页添加代码:
<hr>
<a th:href="@{/user/add}"></a> | <a th:href="@{/user/update}"></a>
然后启动项目:
检验这两个页面都能跑的时候我们来实现登录验证
这是我们需要在ShiroConfig中添加shiro的内置过滤器.
/**
* anon:无需认证,即可访问
* authc:必须认证了才能访问
* user:必须拥有记住我的功能才能用
* perms:拥有对某个资源的权限才能访问
* role:拥有某个觉得权限才能访问
*/
设置安全管理器,需要放置在Bean里面
看下这些关键字:
//这是我们需要在UserRealm中添加shiro的内置过滤器.
//anon:无需认证,即可访问
// authc:必须认证了才能访问
// user:必须拥有记住我的功能才能用
// perms:拥有对某个资源的权限才能访问
//role:拥有某个觉得权限才能访问
所以我们可以在map中put进去:
完整的shiroConfig:
package com.qiu.config;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
//第三步:ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//设置安全管理器,需要放置在Bean里面
bean.setSecurityManager(defaultWebSecurityManager);
//这是我们需要在UserRealm中添加shiro的内置过滤器.
//anon:无需认证,即可访问
// authc:必须认证了才能访问
// user:必须拥有记住我的功能才能用
// perms:拥有对某个资源的权限才能访问
//role:拥有某个觉得权限才能访问
Map<String, String> filterMap = new LinkedHashMap<>();
// filterMap.put("user/add","authc");
// filterMap.put("user/update","authc");
filterMap.put("/user/*","authc");
bean.setFilterChainDefinitionMap(filterMap);
//设置登录的请求
//关于登录拦截
bean.setLoginUrl("/toLogin");
return bean;
}
//第二步:DefaultWebSecurityManager
@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm")UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联Realm
//通过传参,在加上@Qualifier进行realm和securityManager的绑定
securityManager.setRealm(userRealm);
return securityManager;
}
//第一步://创建realm对象,需要自定义类
//把类放进配置里面,再加上@bean,这样我们这个类就被spring托管了
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
同样的整合mybatis,即可以将用户认证的用户数据与数据库相连接.
所以第一步我们需要导入数据库的连接包,这里我们可以使用druid,log4j,lombok,mysql-connector.依赖:
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- lombok-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.16.10</version>
</dependency>
<!--日志-->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<!--druid数据源-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.22</version>
</dependency>
<!-- mybatis-spring-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.2</version>
</dependency>
然后编写配置文件application.yaml
spring:
datasource:
username: root
password: 123456
# 假如时区报错了,那么就在url增加一个配置serverTimezone=UTC就行
url: jdbc:mysql://localhost:3306/mybatis?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.alibaba.druid.pool.DruidDataSource
#Spring Boot 默认是不注入这些属性值的,需要自己绑定
#druid 数据源专有配置
initialSize: 5
minIdle: 5
maxActive: 20
maxWait: 60000
timeBetweenEvictionRunsMillis: 60000
minEvictableIdleTimeMillis: 300000
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
poolPreparedStatements: true
#配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入
#如果允许时报错 java.lang.ClassNotFoundException: org.apache.log4j.Priority
#则导入 log4j 依赖即可,Maven 地址:https://mvnrepository.com/artifact/log4j/log4j
filters: stat,wall,log4j
maxPoolPreparedStatementPerConnectionSize: 20
useGlobalDataSourceStat: true
connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
mybatis:
type-aliases-package: com.qiu.pojo
mapper-locations: classpath:mapper/*.xml
我们需要注意yaml文件中需要配置mybatis的别名和XXXmapper.xml的位置.
接着看结构:
配置好后,进行测试.
到这一步,则数据查询成功了.