SpringBoot整合Shiro搭建权限管理组织系统

1、SpringBoot整合Shiro搭建权限管理系统、SpringBoot入门1.新建一个maven工程忑IVNewMavenProjectNewMavenproject2ConfigureprojectArtifactGroupId:ArtifactId;Version:Pmkaging:CompilerLevel:;Description:ParentProjectArtifactId:Version:Advan匚便日com.demo0.0.1-SNAPSHOTjar7pringboof-demoBrowse.Clear2.修改pomxml文件，添加springboot父工程org.spri

2、ngframework.bootspring-boot-starter-parent1.5.4.RELEASE3.修改默认编译的jdk版本1.84.添加springboot启动器（web支持）org.springframework.bootspring-boot-starter-web完整的pom.xml文件如下：4.0.0com.hellotomcatspringboot-shiro0.0.1-SNAPSH0Torg.springframework.bootspring-boot-starter-parent1.5.4.RELEASEorg.springframework.bootsprin

3、g-boot-starter-weborg.springframework.bootspring-boot-starter-thymeleaf.RELEASE2.0.45.编写controller(UserController)packagecom.hellotomcat.controller;importorg.springframework.stereotype.Controller;importorg.springframework.ui.Model;importorg.springframework.web.bind.annotation.RequestMapping;

4、importorg.springframework.web.bind.annotation.ResponseBody;ControllerpublicclassUserController*测试方法*return*/RequestMapping(/hello)ResponseBody/返回json数据publicStringhello()System.out.println(hellospringboot);returnok;6.编写启动类Applicationpackagecom.hellotomcat;importorg.springframework.boot.SpringApplica

5、tion;importorg.springframework.boot.autoconfigure.SpringBootApplication;/*SpringBoot启动类authorLenovo*/SpringBootApplicationpublicclassApplicationpublicstaticvoidmain(Stringargs)SpringApplication.run(Application.class,args);7W6讪蓉滋App-ication會WH89SJavaz二.uwinMF.B斗:#一*口4口匸目口KUH-;片u.urfu2nd-Dkp-nMI*吕5d-于

6、mr*D-mt-frrivof阴启詡肮BBS-5utm_ZDF7_VTV_MokTA_2ef_-EI-lvOK_fq_d_2Et_h4F-VGUan_rT4Er?ounlL-r-ElrrlE”r=?rvl*s.vxx?K?puik&7yaevESZSBymHnstyy-ekkl-一TiwliMJlpc*aw7|F.一vhl=-lfc+vblk-屯爭w=i,XJfc,SAJ.Bfti*TEuln.i-丁rrlriAtHsrS4-is.iFF-r3.T.?Mfs-=si-hohLFFH-E.5EV&*13JUMLLSEidrio=F.ldudlx8:http:、一oca_host:8080、h!L

7、p凹fs?.s导入thymeleaf页面模块1.引入thymeleaf依赖org.springframework.bootspring-boot-starter-thymeleaf2.在controller当中添加如下方法:RequestMapping(/testThymeleaf)publicStringtestThymeleaf(Modelmodel)/把数据放入modelmodel.addAttribute(name,admin);/返回test.htmlreturntest;在src/main/resources目录下面建立templates目录用来存放页面（Spting-Boot默认

8、页面存放路径,名字不可更改）blog0Servers227springboot-shiroboot呼&rc/main/j8vacom.hellotomcali|T|Application.java出gom.hellotomcaC.cc7酉src/mainfresources、-templatesrc/tesi/Java&rc/tesi/resourcesJRESystemLibrary止三.Mave-nDependenciem&rc凸target圃po-m.xml73SpringMVC-Mybati5-Shii呂User_R.o-le_Manage-r在templates目录下新建test.h

9、tml!DOCTYPEhtm卜测试thymeleaf的使用metaname=descriptioncontent=thisismypage/!-ttext=$name为thymeleaf语法获取model中传过来的值Btairgw囱pomjimlSpSp因UBerConlrollenj-7Esrc/main/resouiTCK|时tgsl,htn可CS5rc/iffst/javaOsrc/te-st/re-EDurceE屉JRELibrary;B.MsrvenOefwndencjesL3src2019-01-2716755.123hell口springb口匚匚isLhtml3h5-prBigb

10、oot-hirc/pDmjanlJ|Us-erContrcBerjv|AppliztiDfijjdvj2015-01-27lEsfllaS.O133zhzdINTOINFO-一nio-SGB口一总牙门口一.一一-nlo-aQBO-eseo-lnj.o-aoeCl-exec-1c.a.Q.-C.TtiiMiE.-/；*a.awebnjseivlec.Di-epaccfterSenJiec.sSuweijaservletDispatchezSezrlet4D4“04SourceDiMinRev!砂me-takmecak/laeac1口昌口亡ktr-yvc.rdscccitezit-ke-yvard

11、i*ktyvcixrdij-kuyupHd3七namede-criptiacfln.tent,-,taiIjn.ypag-1name=MntsJ2ttj1*ctncenc=rt&xtXMJtIt=DTF-flk!DGCTTPEBlMl?htnLL：-kfteadkcl:、测试琲亦“ar的便用-几lclevh$iteiir=-SBase在浏览器访问 HYPERLINK http:/localhost:8080/testThymeleaf http:/localhost:8080/testThymeleaf进行测试如果能够在页面上获取到值就说明成功了.COlocalhost:8080/te5tTh

12、ymeleaf盍应用网第服势弱口学习书签口兴趣爱好盲网二巨歪admin此处需要注意在thymeleaf3.0以前对页面标签语法要求比较严格,开始标签必须有对应的结束标签,如果没有就出现如下错误.lExceptionparsingdocument:template=ltest1,.line12-column3=LY-lrp4fjVVtV-rg-s_-Eu.FEFi-齐r-.A.3ta-xd-nZHBtai.nM-9?bh2-EHr-E-zdHb-E-J?KX9LWA-3-FWK-才rw-3HfE.合冊日|陽吻1哉油thyme_eafsffi曾禅MA-thyme-eaf坦3.0FJZst列兵虽弟3

13、026.半増thymemaf閒(3斤9|3務新)请popeaesATwffhylne-eafs!v人fhyme-eaf.versionV3.0.NRELEASE人Ahyme-eaf.versionV人fhyme-eafayouTdia-ecf.version2.0.4人hylne-eafayourdia-ecf.versionVSpringBootdlrshio严sho書API滋subject-RWHS型卅册跖securiryManager)SecurilyManagecmffifi(來Rea-m)Rea-rTEshiroffiidEtts將2401shi。dlrspring:shiroJIr

14、springKn!v人dependency人groupldvorgapacheshiro、groupldvAarfifacfldVshirospring人、arfifaadV人versionV1.4.0人、versionVdependencyReSLmpackage出co-m.hellotomcatw田co-m.hellotom匚目t.cortroIImrJUerContrq11erjava皆出co-m.hellot-o-mcat.hiroShircConfigJavaJU&erRealm.java7色src/main/resoutgesvBtemplates2DuserH*add.htmlH

15、”update.htmlil-j7test.html耳src/test/javasrc/tesi/resources吕JRESystemLibraryJavaSE-I.S-&jMavenDependencies凸target画pom.xml节呂S-pringMVC-Mybatis-Shiro-redis-0.2-master号U5.er_Role_IVlan3geradd.html页面代码:!DOCTYPEhtm卜用户新增页面/titlemetaname=descriptioncontent=thisismypage!-用户新增update.html页面代码:用户更新页面/titlemetan

16、ame=descriptioncontent=thisismypage!-用户更新5.2.修改testhtml页面RequestMapping(/addRequestMapping(/add)测试thymeleaf的使用metaname=descriptioncontent=thisismypage/!-进入用户添加功能：用户添加进入用户更新功能:用户更新5.3.在UserController当中添加下面的方法/没有ResponseBody这个注释则返回页面，有就返回js数据5.4.修改ShiroConfig类packagecom.hellotomcat.shiro;importjava.ut

17、il.LinkedHashMap;importjava.util.Map;importorg.apache.shiro.spring.web.ShiroFilterFactoryBean;importorg.apache.shiro.web.mgt.DefaultWebSecurityManager;importorg.springframework.beans.factory.annotation.Qualifier;importorg.springframework.context.annotation.Bean;importorg.springframework.context.anno

18、tation.Configuration;*Shiro的配置类authorLenovo*/ConfigurationpublicclassShiroConfig/*创建ShiroFilterFactoryBean*/BeanpublicShiroFilterFactoryBeangetShiroFilterFactoryBean(Qualifier(securityManager)DefaultWebSecurityManagersecurityManager)ShiroFilterFactoryBeanShiroFilterFactoryBean=newShiroFilterFactoryB

19、ean();/设置安全管理器ShiroFilterFactoryBean.setSecurityManager(securityManager);/添加Shiro内置过滤器*Shir。内置过滤器，可以实现权限相关的拦截*常用的过滤器:anon:无需认证（登录）可以访问authc:必须认证才可以访问user:如果使用rememberMe的功能可以直接访问perms:该资源必须得到资源权限才可以访问role:该资源必须得到角色权限才可以访问*/MapfilterMap=newLinkedHashMap();filterMap.put(/add,authc);filterMap.put(/updat

20、e,authc);shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);returnshiroFilterFactoryBean;/*创建DefaultWebSecurityManager*/Bean(name=securityManager)publicDefaultWebSecurityManagergetDefaultWebSecurityManager(Qualifier(userRealm)UserRealmuserRealm)DefaultWebSecurityManagersecurityManager=new

21、DefaultWebSecurityManager();/关联realmsecurityManager.setRealm(userRealm);returnsecurityManager;/*创建Realm*/Bean(name=userRealm)publicUserRealmgetRealm()returnnewUserRealm();5.5.验证拦截功能,在test页面点击超链接,如果出现以下情况,说明拦截成功COlocalho51:808(i/loginjsp列N网窖压薛COlocalho51:808(i/loginjsp列N网窖压薛学W丰豈WhitelabelErrorPageThi

22、sapplicationhasnoexplicitmappingfor/error,soyouareseeingthisasafallback.SunJan2723:01;40CST2019Therewasanunexpectederror(type=NotFound,status=404J.NomessageavailableIocaIho5t8090/ldc-l.jsp3blog123Servers727springboo-t-shirobootv理src/msirVjava弋田com.hellctomcatjApplication.javaV田wm.hellctQmcat.ccT|Use

23、rContrailerj:com.hellotomcat.sT|ShiroConfig.JavaUUserRe-alm.jswa、vsre/msin/resources.Jte&t.htmlJ区sre/test/javsMsrc/test/r&s-o-urGesJRESystemLibraryJ;MavenDependenciessre0targetAm|porn.xml2:纟SpringMVC-MybatiE-Shii丘乡User_Role_Manswer-login.html代码如下:!DOCTYPEhtm卜登录页面/titlemetaname=descriptioncontent=thi

24、sismypage!-登录页面5.6.2.在UserController当中添加如下方法:RequestMapping(/toLogin)publicStringtoLogin()return/login;563修改shiroConfig类packagecom.hellotomcat.shiro;importjava.util.LinkedHashMap;importjava.util.Map;importorg.apache.shiro.spring.web.ShiroFilterFactoryBean;importorg.apache.shiro.web.mgt.DefaultWebSec

25、urityManager;importorg.springframework.beans.factory.annotation.Qualifier;importorg.springframework.context.annotation.Bean;importorg.springframework.context.annotation.Configuration;*Shiro的配置类authorLenovo*/ConfigurationpublicclassShiroConfig*创建ShiroFilterFactoryBean*/BeanpublicShiroFilterFactoryBea

26、ngetShiroFilterFactoryBean(Qualifier(securityManager)DefaultWebSecurityManagersecurityManager)ShiroFilterFactoryBeanShiroFilterFactoryBean=newShiroFilterFactoryBean();/设置安全管理器ShiroFilterFactoryBean.setSecurityManager(securityManager);/添加Shiro内置过滤器/*Shir。内置过滤器，可以实现权限相关的拦截*常用的过滤器:anon:无需认证（登录）可以访问auth

27、c:必须认证才可以访问user:如果使用rememberMe的功能可以直接访问perms:该资源必须得到资源权限才可以访问role:该资源必须得到角色权限才可以访问*/MapfilterMap=newLinkedHashMap();filterMap.put(/add,authc);filterMap.put(/update,authc);/修改默认的登录页面shiroFilterFactoryBean.setLoginUrl(/toLogin);shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);returnshiroF

28、ilterFactoryBean;*创建DefaultWebSecurityManager*/Bean(name=securityManager)publicDefaultWebSecurityManagergetDefaultWebSecurityManager(Qualifier(userRealm)UserRealmuserRealm)DefaultWebSecurityManagersecurityManager=newDefaultWebSecurityManager();/关联realmsecurityManager.setRealm(userRealm);564X+个山QtoEh

29、Qstscfmo/klogin=:1园品遍眇器邨凶出嚼雪3回一-aufhQ)dafej=aufhc=)jShiroConfig糠一-anorrJ一-aufhQ)；、兵吵录汾Km馴-H回、H=恥誇耳血罟确并ffiG貳鹦、4D烤6.实现用户验证（登录）操作6.1.修改登录页面login.html!DOCTYPEhtm卜登录页面/titlemetaname=keywordscontent=keyword1,keyword2,keyword多!-登录用户名：密码：6.2.在controller当中添加方法/*登录逻辑处理*/RequestMapping(/login)publicStringlogin

30、(Stringname,Stringpassword,Modelmodel)/*使用Shiro编写认证操作*/1获取SubjectSubjectsubject=SecurityUtils.getSubjec);/2封装用户数据UsernamePasswordTokentoken=newUsernamePasswordToken(name,password);filterMap.put(filterMap.put(/login,anon);/放行登录操作/3执行登录方法trysubject.login(token);/没有异常则说明登录成功returnredirect:/testThymelea

31、f;catch(UnknownAccountExceptione)/e.printStackTrace();/登录失败：用户名不存在model.addAttribute(msg,用户名不存在”)；returnlogin;catch(IncorrectCredentialsExceptione)/e.printStackTrace();/登录失败：密码错误model.addAttribute(msg,密码错误)；returnlogin;63在ShiroConfig当中添加如下代码，放行登录操作6.4.编写UserRealm的认证（判断）逻辑/*执行认证逻辑*/OverrideprotectedA

32、uthenticationlnfodoGetAuthenticationlnfo(AuthenticationTokenauthenticationToken)throwsAuthenticationExceptionSystem.out.println(执行认证逻辑”)；/假设数据库的用户名和密码Stringname=admin;Stringpassword=root;/编写处判断逻辑，判断用户名和密码是否正确/1判断用户名UsernamePasswordTokentoken=(UsernamePasswordToken)authenticationToken;if(!token.getUs

33、ername().equals(name)/用户名不存在returnnull;/返回null时，shiro底层会抛出UnknowAccountException/2判断密码returnnewSimpleAuthenticationlnfo(,password,1.导入Mybatis相关依赖，修改pom.xml文件com.alibabadruid1.0.9mysqlmysql-connector-javaorg.mybatis.spring.bootmybatis-spring-boot-starter1.1.12.新建一个数据库，然后再新建一张数据库表，建表语句如下（数据库需要手动创建）：CR

34、EATETABLEuser(id空(11)NOTNULLAUTO_INCREMENT,namevarchar(20)DEFAULTNULL,passwordvarchar(50)DEFAULTNULL,PRIMARYKEY(id)ENGINE=InnoDBDEFAULTCHARSET=utf8;3.在src/main/resources目录下面新建定）perties。(位置和文件名定）spring.datasource.driverClassName=com.mysql.jdbc.Driverspring.datasource.url=jdbc:mysql:/oa!hOSt：3306/db_s

35、pringbootspring.datasource.username=rootspring.datasource.password=rootspring.datasource.type=com.alibaba.druid.pool.DruidDataSourcemybatis.type-aliases-package=com.hellotomcat.domain4.编写实体类User5.编写查询接口6.编写UserMapperxml映射文件SELECTpublicpublicUserfindByName(Stringname);7.编写业务接口和实现接口：packagecom.helloto

36、mcat.service;importcom.hellotomcat.domain.User;publicinterfaceUserServicepublicpublicUserfindByName(Stringname)实现：packagecom.hellotomcat.service.impl;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Service;importcom.hellotomcat.domain.User;importcom.

37、hellotomcat.mapper.UserMapper;importcom.hellotomcat.service.UserService;ServicepublicclassUserServiceImplimplementsUserService/注入mapper接口AutowiredprivateUserMapperuserMapper;OverridepublicclasspublicclassApplication&在启动类Application当中添加mapper包扫描的注释packagecom.hellotomcat;importorg.springframework.boot

38、.SpringApplication;importorg.springframework.boot.autoconfigure.SpringBootApplication;/*SpringBoot启动类authorLenovo*/SpringBootApplicationMapperScan(com.hellotomcat.mapper)9.修改UserRealm的认证逻辑/注入用户操作接口AutowiredprivateUserServiceuserService;/*执行认证逻辑*/OverrideprotectedAuthenticationlnfodoGetAuthentication

39、lnfo(AuthenticationTokenauthenticationToken)throwsAuthenticationExceptionSystem.out.println(执行认证逻辑”)；/编写shiro判断逻辑，判断用户名和密码是否正确/1判断用户名UsernamePasswordTokentoken=(UsernamePasswordToken)authenticationToken;Useruser=userService.findByName(token.getUsername();if(user=null)/用户名不存在returnnull;/返回null时，shiro

40、底层会抛出UnknowAccountException/2判断密码returnnewSimpleAuthenticationlnfo(,user.getPassword(),);五、SpringBoot与Shiro整合实现用户授权1.使用1.使用shiro内置过滤器实现资源拦截1.1.修改ShiroConfig，在过滤器当中添加资源过滤器授权过滤器permsuser:add方括号中的可以自定义。注意：当前授权拦截后，shiro会自动跳转到未授权页面fi-ferMap.puw-adcr、=pennscser2dd=)已(ish。皿蓉tt香3JEHSL01hci3巴gg_m4klmwhiteQrb

41、e-ErrorPageThisOJPP一oedonhdmnoExv-ich-Tappingfors弋口匕rleseeingfhisQJSfd-bdckMon虫nztow一5耳雷sZ2Ther巾w45an匚nexpeci巾denrottypenunoufhcriNed.5im1uml4cn】zomessageavnJiETbfDDOCTYPEhfmv人hfmv人head人s-_effiilI列回人f-emetaname=descriptioncontent=thisismypage!-亲，您未经授权访问该页面1.3.2.修改ShiroConfig类/设置未授权提示页面shiroFilterFac

42、toryBean.setUnauthorizedUrl(/noAuth);1.3.3.在UserController当中添加如下方法：1.4.如果浏览器在未授权的情况下跳转到自定义页面说明修改成功2.修改UserRealm完成Shiro的资源授权*执行授权逻辑*/OverrideprotectedAuthorizationlnfodoGetAuthorizationlnfo(PrincipalCollectionargO)System.out.println(执行授权逻辑”);/给资源进行授权SimpleAuthorizationlnfoinfo=newSimpleAuthorizationl

43、nfo();/添加资源的授权字符串(必须和下面的资源拦截器当中的自定义字符串一致)info.addStringPermission(user:add);returninfo;3.连接数据库实现资源动态授权3.1.修改数据库表ALTERTABLEdb_springboot.userADDCOLUMNpermsvarchar(50)NULLAFTERpassword;3.2.修改实体类User33修改UserMapper接口，添加方法publicUserfindById(Integerid);34在业务接口和实现类中添加方法接口：publicUserfindById(Integerid);实现类：

44、OverridepublicUserfindById(Integerid)returnuserMapper.findById(id);35修改UserRealm中的方法importorg.apache.shiro.SecurityUtils;importorg.apache.shiro.authc.AuthenticationException;importorg.apache.shiro.authc.Authenticationlnfo;importorg.apache.shiro.authc.AuthenticationToken;importorg.apache.shiro.authc.

45、SimpleAuthenticationlnfo;importorg.apache.shiro.authc.UsernamePasswordToken;importorg.apache.shiro.authz.Authorizationlnfo;importorg.apache.shiro.authz.SimpleAuthorizationlnfo;importorg.apache.shiro.realm.AuthorizingRealm;importorg.apache.shiro.subject.PrincipalCollection;importorg.apache.shiro.subject.Subject;importorg.springframework.beans.factory.annotation.Autowired;importcom.hellotomcat.domai