current position:Home>Springboot -- integrate Shiro to complete login verification and interview questions for Java intermediate programmers

Springboot -- integrate Shiro to complete login verification and interview questions for Java intermediate programmers

2022-01-27 01:40:47 m0_ sixty-four million eight hundred and sixty-seven thousand e

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;

import java.util.Objects;

import java.util.Set;


  • Authentication verification class

  • @author: Liu Peng

  • date: 2019-05-05


public class MyShiroRealm extends AuthorizingRealm {

//slf4j Log , May not be used

private Logger logger = LoggerFactory.getLogger(MyShiroRealm.class);


private LoginService loginService;


  • Set authorization information , At present, this method has little effect



protected AuthorizationInfo doGetAuthorizationInfo(Pri

《 A big factory Java Analysis of interview questions + Back end development learning notes + The latest architecture explanation video + Practical project source code handout 》

【】 Full content open source sharing

ncipalCollection principals) {“ Start authorizing (doGetAuthorizationInfo)”);

SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

// role

Set roles = new HashSet<>();



// jurisdiction

Set permissions = new HashSet<>();



return authorizationInfo;



  • Set authentication information



protected AuthenticationInfo doGetAuthenticationInfo(

AuthenticationToken authcToken) throws AuthenticationException {“ Start certification (doGetAuthenticationInfo)”);

UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

String username = token.getUsername();

String password = new String(token.getPassword());

// Query whether the user exists , It's used here Mybatis Plus, You can verify it in your own way

QueryWrapper queryWrapper = new QueryWrapper<>();

queryWrapper.eq(“name”, username);

queryWrapper.eq(“password”, password);

UserPO userPO = loginService.querySingle(queryWrapper);

if (Objects.isNull(userPO)) {

throw new IncorrectCredentialsException(“ Wrong username and password !”);


return new SimpleAuthenticationInfo(







3. establish shiro Configuration class

package com.youyou.login.config;

import org.apache.shiro.mgt.SecurityManager;


import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

import java.util.Map;


public class ShiroConfiguration {

private static Logger logger = LoggerFactory.getLogger(ShiroConfiguration.class);


  • Requires authentication


private static final String ANON = “anon”;


  • Exclude authentication


private static final String AUTHC = “authc”;

@Bean(name = “shiroFilter”)

public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {“ Get into shiroFilter…”);

ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();


// Set the path that does not need to be intercepted

Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

// Judge in order , This is a chain of responsibility model , If there is a matching intercept , It won't match later

filterChainDefinitionMap.put("/static/**", ANON);

// Configuration to exit filter , The specific exit code Shiro It's been done for us

filterChainDefinitionMap.put("/logout", “logout”);


/ Initialize all permission information and start ******/

// here , If it is used in the project later , Query directly from the database

filterChainDefinitionMap.put("/user/list", “authc,perms[user:list]”);

//filterChainDefinitionMap.put("/user/add", “authc,perms[user:add]”);

/ Initialization of all permission information starts and ends ******/

filterChainDefinitionMap.put("/api/**", AUTHC);

// If not set the default will automatically find Web Project root directory "/login.jsp" page


// The link to jump to after successful login

// shiroFilterFactoryBean.setSuccessUrl("/index");

// Unauthorized interface



return shiroFilterFactoryBean;



public MyShiroRealm myShiroRealm() {

MyShiroRealm myShiroRealm = new MyShiroRealm();

// The caching mechanism can be set here later

return myShiroRealm;



public SecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();


return securityManager;



public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {

AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =

new AuthorizationAttributeSourceAdvisor();


return authorizationAttributeSourceAdvisor;



4. establish controller

package com.youyou.login.controller;

import com.youyou.common.http.ResponseMessage;

import com.youyou.common.http.Result;

import io.swagger.annotations.Api;

import io.swagger.annotations.ApiOperation;

import org.apache.commons.lang3.StringUtils;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.IncorrectCredentialsException;

import org.apache.shiro.authc.UsernamePasswordToken;

copyright notice
author[m0_ sixty-four million eight hundred and sixty-seven thousand e],Please bring the original link to reprint, thank you.

Random recommended