/user/login=anon/user/updatePwd.jsp=authc/admin/*.jsp=roles[admin]/user/teacher.jsp=perms["user:update"]
将此段加入到.xml配置文件中

完成自定义realm
package com.oyang.ssm.shiro;import com.oyang.ssm.biz.UserBiz;import com.oyang.ssm.model.User;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.util.ByteSource;/*** @author oyang* @site https://blog.csdn.net* @qq 1828190940* @create2022-08-25 20:07*/public class MyRealm extends AuthorizingRealm {public UserBiz getUserBiz(){return userBiz;}public void setUserBiz(UserBiz userBiz){this.userBiz=userBiz;}public UserBiz userBiz;/*** 授权* @param principals* @return* 替代了shiro-web.ini*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {return null;}/*** 认证* @param token* @return* @throws AuthenticationException* 替代了*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String userName = token.getPrincipal().toString();User user = userBiz.queryUserByUserName(userName);AuthenticationInfo info=new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),ByteSource.Util.bytes(user.getSalt()),this.getName()//Realm的名字);return info;}}
层
package com.oyang.ssm.controller;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpServletRequest;/*** @author oyang* @site https://blog.csdn.net* @qq 1828190940* @create2022-08-19 16:35*/@Controllerpublic class LoginController {/*//登录@RequestMapping("/login")public String login(HttpServletRequest request){//登录成功 需要保存用户登陆信息String uname = request.getParameter("uname");if("oyang".equals(uname)){//数据定死了，如果用户名是oyang就代表登录成功//登录成功就保存到session里去request.getSession().setAttribute("uname",uname);}return "index";}*//*//登出@RequestMapping("/logout")public String logout(HttpServletRequest request){//销毁request.getSession().invalidate();return "index";}*///登录@RequestMapping("/login")public String login(HttpServletRequest request){try {String username = request.getParameter("username");String password = request.getParameter("password");UsernamePasswordToken token=new UsernamePasswordToken(username,password);Subject subject = SecurityUtils.getSubject();subject.login(token);return "main";}catch (Exception e){request.setAttribute("message","账号密码错误");return "login";}}//登出@RequestMapping("/logout")public String logout(HttpServletRequest request){Subject subject = SecurityUtils.getSubject();subject.logout();return "login";}}
【Shiro认证-身份认证加密】测试
tags:其他相关

• SSL双向认证加密技术图解
• 区块链身份认证与存证固证平台设想
• Shiro认证及加盐加密
• 加密和认证
• AEAD 使用关联数据的认证加密
• 无线的安全威胁与认证加密技术
• JSON Web Token 简介
• qq音乐实名认证未成年有什么影响
• 江理校园网登录认证
• HCIP认证路