使用SpringBoot+shiro完成簡單的登錄認證

<!--Alijson插件 -->

<dependency>

<groupId>com.alibaba</groupId>

<artifactId>fastjson</artifactId>

<version>1.2.54</version>

</dependency>

<!-- shiro -->

<dependency>

<groupId>org.springframework.boot</groupId>

<artifactId>spring-boot-starter-aop</artifactId>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-core</artifactId>

<version>1.4.0</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-spring</artifactId>

<version>1.4.0</version>

</dependency>

<dependency>

<groupId>org.projectlombok</groupId>

<artifactId>lombok</artifactId>

<optional>true</optional>

</dependency>

spring.datasource.url=jdbc:mysql://localhost:3306/xiangmu

spring.datasource.username=root

spring.datasource.password=123456

spring.datasource.driver-class-name=com.mysql.jdbc.Driver

mybatis.typeAliasesPackage=com.zjz.entity

mybatis.mapperLocations=classpath:mapper/*.xml

package com.zjz.config;

import java.util.LinkedHashMap;

import java.util.Properties;

import org.apache.shiro.mgt.SecurityManager;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;

@Configuration

public class ShiroConfig {

/**

* 解決setUnauthorizedUrl不能跳轉的問題

*/

@Bean

public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {

AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();

authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);

return authorizationAttributeSourceAdvisor;

}

/**

* shiro的過濾器ShiroFilterFactoryBean，

*/

@Bean

public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {

ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

// Shiro的核心安全介面

shiroFilterFactoryBean.setSecurityManager(securityManager);

//沒有登錄發送請求時設定跳轉到登錄

shiroFilterFactoryBean.setLoginUrl("/test");

//訪問沒有權限的介面跳轉的介面

//shiroFilterFactoryBean.setUnauthorizedUrl("/notPer");

//自定義過濾鏈，使用LinkedHashMap保證有序

LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

/*

* 配置攔截規則，anon 表示資源都可以匿名訪問

* authc：登錄后能訪問

*/

filterChainDefinitionMap.put("/public/**", "anon");

//其他資源都需要認證

filterChainDefinitionMap.put("/**", "authc");

shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

return shiroFilterFactoryBean;

}

/**

* Shiro的核心安全介面

*/

@Bean

public SecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

securityManager.setRealm(customRealm());

return securityManager;

}

/**

* 自定義realm

*/

@Bean

public CustomRealm customRealm() {

return new CustomRealm();

}

@Bean

public SimpleMappingExceptionResolver simpleMappingExceptionResolver() {

SimpleMappingExceptionResolver simpleMappingExceptionResolver=new SimpleMappingExceptionResolver();

Properties properties=new Properties();

properties.setProperty("org.apache.shiro.authz.UnauthorizedException","/index/unauthorized");

properties.setProperty("org.apache.shiro.authz.UnauthenticatedException","/index/unauthorized");

simpleMappingExceptionResolver.setExceptionMappings(properties);

return simpleMappingExceptionResolver;

}

@Bean

public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {

DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();

defaultAdvisorAutoProxyCreator.setUsePrefix(true);

return defaultAdvisorAutoProxyCreator;

}

@Bean

public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){

DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();

advisorAutoProxyCreator.setProxyTargetClass(true);

return advisorAutoProxyCreator;

}

}

package com.zjz.config;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.springframework.beans.factory.annotation.Autowired;

import com.zjz.entity.Users;

import com.zjz.service.UsersService;

public class CustomRealm extends AuthorizingRealm {

@Autowired

private UsersService userInfoService;

;

/**

* 授權

*/

@Override

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

System.out.println("執行了授權");

SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();

return simpleAuthorizationInfo;

}

/**

* 認證

*/

@Override

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)

throws AuthenticationException {

System.out.println("執行了認證");

String loginname = (String) authenticationToken.getPrincipal();

Users user = userInfoService.getByUserName(loginname);

if (user == null) {

return null;

} else {

SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(),

getName());

System.out.println("users!=null" + simpleAuthenticationInfo);

return simpleAuthenticationInfo;

}

}

}

package com.zjz.config;

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.springframework.context.annotation.Configuration;

import org.springframework.stereotype.Component;

@Component

@Configuration

public class CORSFilter implements Filter {

@Override

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {

HttpServletResponse response = (HttpServletResponse) servletResponse;

HttpServletRequest request = (HttpServletRequest) servletRequest;

// 允許哪些Origin發起跨域請求

String orgin = request.getHeader("Origin");

// response.setHeader( "Access-Control-Allow-Origin", config.getInitParameter( "AccessControlAllowOrigin" ) );

response.setHeader( "Access-Control-Allow-Origin", orgin );

// 允許請求的方法

response.setHeader( "Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT" );

//多少秒內,不需要再發送預檢驗請求，可以快取該結果

response.setHeader( "Access-Control-Max-Age", "3600" );

// 表明它允許跨域請求包含xxx頭

response.setHeader( "Access-Control-Allow-Headers", "x-auth-token,Origin,Access-Token,X-Requested-With,Content-Type, Accept" );

//是否允許瀏覽器攜帶用戶身份資訊（cookie）

response.setHeader( "Access-Control-Allow-Credentials", "true" );

//prefight請求

if (request.getMethod().equals( "OPTIONS" )) {

response.setStatus( 200 );

return;

}

chain.doFilter( servletRequest, response );

}

}

package com.zjz.util;

import java.security.MessageDigest;

import java.security.NoSuchAlgorithmException;

import java.util.Random;

import org.apache.shiro.codec.Hex;

public class MD5Util {

/**

* 普通MD5加密<br>

*

* @param input

* @return

*/

public static String MD5(String input) {

MessageDigest md5 = null;

try {

md5 = MessageDigest.getInstance("MD5");

} catch (NoSuchAlgorithmException e) {

return "check jdk";

} catch (Exception e) {

e.printStackTrace();

return "";

}

char[] charArray = input.toCharArray();

byte[] byteArray = new byte[charArray.length];

for (int i = 0; i < charArray.length; i++)

byteArray[i] = (byte) charArray[i];

byte[] md5Bytes = md5.digest(byteArray);

StringBuffer hexValue = new StringBuffer();

for (int i = 0; i < md5Bytes.length; i++) {

int val = ((int) md5Bytes[i]) & 0xff;

if (val < 16)

hexValue.append("0");

hexValue.append(Integer.toHexString(val));

}

return hexValue.toString();

}

/**

* 加鹽MD5加密<br>

*

* @param password

* @return

*/

public static String getMD5(String password) {

Random r = new Random();

StringBuilder sb = new StringBuilder(16);

sb.append(r.nextInt(99999999)).append(r.nextInt(99999999));

int len = sb.length();

if (len < 16) {

for (int i = 0; i < 16 - len; i++) {

sb.append("0");

}

}

String salt = sb.toString();

password = md5Hex(password + salt);

char[] cs = new char[48];

for (int i = 0; i < 48; i += 3) {

cs[i] = password.charAt(i / 3 * 2);

char c = salt.charAt(i / 3);

cs[i + 1] = c;

cs[i + 2] = password.charAt(i / 3 * 2 + 1);

}

return new String(cs);

}

/**

* 校驗加鹽后是否和原文一致<br>

*

* @param password

* @param md5

* @return

*/

public static boolean verify(String password, String md5) {

try {

char[] cs1 = new char[32];

char[] cs2 = new char[16];

for (int i = 0; i < 48; i += 3) {

cs1[i / 3 * 2] = md5.charAt(i);

cs1[i / 3 * 2 + 1] = md5.charAt(i + 2);

cs2[i / 3] = md5.charAt(i + 1);

}

String salt = new String(cs2);

return md5Hex(password + salt).equals(new String(cs1));

} catch (Exception e) {

return false;

}

}

/**

* 獲取十六進制字串形式的MD5摘要

*/

private static String md5Hex(String src) {

try {

MessageDigest md5 = MessageDigest.getInstance("MD5");

byte[] bs = md5.digest(src.getBytes());

return new String(new Hex().encode(bs));

} catch (Exception e) {

return null;

}

}

}

1. var globalData = {
2. server: "http://localhost:8080/",
3. pre: "http://127.0.0.1:8080/crm/",
4. socket: "ws://localhost:8080/",
5. //把登陸的用戶名存入h5的快取
6. setUserInfo: function(username, token, uid) {
7. window.localStorage.setItem("username", username);
8. window.localStorage.setItem("token", token);
9. window.localStorage.setItem("uid", uid);
10. },
11. setPer: function(plist) { //設定權限串列
12. window.localStorage.setItem("plist", plist);
13. },
14. hasPer: function(pvalue) {
15. return window.localStorage.getItem("plist").includes(pvalue);
16. },
17. //從H5快取中取出當前登錄的用戶名
18. getUserName: function() {
19. return window.localStorage.getItem("username");
20. },
21. getToken: function() {
22. return window.localStorage.getItem("token");
23. },
24. getPer: function() {
25. return window.localStorage.getItem("plist");
26. },
27. getUid: function() {
28. return window.localStorage.getItem("uid");
29. },
30. //退出登錄
31. loginOut: function() {
32. globalData.setUserInfo(null, null, null);
33. window.location.href = "login.html";
34. }
35. };
36. var a = globalData.getToken();
37. if(a == null || a == "null") {
38. var url = window.location.href;
39. if(url.indexOf("login.html") >= 0) {
41. } else {
42. window.location.href = "login.html";
43. }
44. } else {
45. var url = window.location.href;
46. if(url.indexOf("login.html") >= 0) {
47. window.location.href = "index.html";
48. }
49. }