Springboot -- integrate Shiro to complete login verification and interview questions for Java intermediate programmers

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;

import java.util.Objects;

import java.util.Set;

/**

• Authentication verification class

• @author： Liu Peng

• 
  date： 2019-05-05

*/

public class MyShiroRealm extends AuthorizingRealm {

//slf4j Log , May not be used

private Logger logger = LoggerFactory.getLogger(MyShiroRealm.class);

@Autowired

private LoginService loginService;

/**

• Set authorization information , At present, this method has little effect

*/

@Override

protected AuthorizationInfo doGetAuthorizationInfo(Pri

《 A big factory Java Analysis of interview questions + Back end development learning notes + The latest architecture explanation video + Practical project source code handout 》

【docs.qq.com/doc/DSmxTbFJ1cmN1R2dB】 Full content open source sharing

ncipalCollection principals) {

logger.info(“ Start authorizing (doGetAuthorizationInfo)”);

SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

// role

Set roles = new HashSet<>();

roles.add(“role1”);

authorizationInfo.setRoles(roles);

// jurisdiction

Set permissions = new HashSet<>();

permissions.add(“user:list”);

authorizationInfo.setStringPermissions(permissions);

return authorizationInfo;

}

/**

• Set authentication information

*/

@Override

protected AuthenticationInfo doGetAuthenticationInfo(

AuthenticationToken authcToken) throws AuthenticationException {

logger.info(“ Start certification (doGetAuthenticationInfo)”);

UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

String username = token.getUsername();

String password = new String(token.getPassword());

// Query whether the user exists , It's used here Mybatis Plus, You can verify it in your own way

QueryWrapper queryWrapper = new QueryWrapper<>();

queryWrapper.eq(“name”, username);

queryWrapper.eq(“password”, password);

UserPO userPO = loginService.querySingle(queryWrapper);

if (Objects.isNull(userPO)) {

throw new IncorrectCredentialsException(“ Wrong username and password ！”);

}

return new SimpleAuthenticationInfo(

userPO,

token.getPassword(),

getName()

);

}

}

3. establish shiro Configuration class

---

package com.youyou.login.config;

import org.apache.shiro.mgt.SecurityManager;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

import java.util.Map;

@Configuration

public class ShiroConfiguration {

private static Logger logger = LoggerFactory.getLogger(ShiroConfiguration.class);

/**

• Requires authentication

*/

private static final String ANON = “anon”;

/**

• Exclude authentication

*/

private static final String AUTHC = “authc”;

@Bean(name = “shiroFilter”)

public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {

logger.info(“ Get into shiroFilter…”);

ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

shiroFilterFactoryBean.setSecurityManager(securityManager);

// Set the path that does not need to be intercepted

Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

// Judge in order , This is a chain of responsibility model , If there is a matching intercept , It won't match later

filterChainDefinitionMap.put("/static/**", ANON);

// Configuration to exit filter , The specific exit code Shiro It's been done for us

filterChainDefinitionMap.put("/logout", “logout”);

//

/ Initialize all permission information and start ******/

// here , If it is used in the project later , Query directly from the database

filterChainDefinitionMap.put("/user/list", “authc,perms[user:list]”);

//filterChainDefinitionMap.put("/user/add", “authc,perms[user:add]”);

/ Initialization of all permission information starts and ends ******/

filterChainDefinitionMap.put("/api/**", AUTHC);

// If not set the default will automatically find Web Project root directory "/login.jsp" page

shiroFilterFactoryBean.setLoginUrl("/login");

// The link to jump to after successful login

// shiroFilterFactoryBean.setSuccessUrl("/index");

// Unauthorized interface

shiroFilterFactoryBean.setUnauthorizedUrl("/error/403");

shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

return shiroFilterFactoryBean;

}

@Bean

public MyShiroRealm myShiroRealm() {

MyShiroRealm myShiroRealm = new MyShiroRealm();

// The caching mechanism can be set here later

return myShiroRealm;

}

@Bean

public SecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

securityManager.setRealm(myShiroRealm());

return securityManager;

}

@Bean

public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {

AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =

new AuthorizationAttributeSourceAdvisor();

authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);

return authorizationAttributeSourceAdvisor;

}

}

4. establish controller

package com.youyou.login.controller;

import com.youyou.common.http.ResponseMessage;

import com.youyou.common.http.Result;

import io.swagger.annotations.Api;

import io.swagger.annotations.ApiOperation;

import org.apache.commons.lang3.StringUtils;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.IncorrectCredentialsException;

import org.apache.shiro.authc.UsernamePasswordToken;