getUserList(){return userService.getList();}@RequestMapping("/login")public String login() {return "login";}@RequestMapping("/index")public String index() {User user = (User) SecurityUtils.getSubject().getPrincipal();return "index="+user.getUsername();}/*** 没有权限的回调接口* @return*/@RequestMapping("unauthorized")public String unauthorized() {return "unauthorized";}/*** 需要admin角色才能访问* @return*/@RequestMapping("/admin")@RequiresRoles("/admin")public String admin() {return "admin success";}/*** 需要修改权限才能访问* @return*/@RequestMapping("/edit")@RequiresPermissions("edit")public String edit() {return "edit success";}/*** 退出登录* @return*/@RequestMapping("/logout")public String logout() {Subject subject = SecurityUtils.getSubject();if (subject != null) {subject.logout();}return "logout";}/*** 登录接口* @param username* @param password* @return*/@RequestMapping("/loginUser")public String loginUser(@RequestParam("username") String username,@RequestParam("password") String password) {UsernamePasswordToken token = new UsernamePasswordToken(username, password);Subject subject = SecurityUtils.getSubject();try {subject.login(token);User user = (User) subject.getPrincipal();return "loginSuccess";} catch (Exception e) {return "loginError";}}}
七、pom.xml 加入 shiro包
org.apache.shiroshiro-spring1.4.0
八、shiro配置
.java
package com.example.demo2.config;import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;import com.example.demo2.entity.Permission;import com.example.demo2.entity.Role;import com.example.demo2.entity.User;import com.example.demo2.service.UserService;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Lazy;import java.util.ArrayList;import java.util.List;import java.util.Set;/*** @author sssr* @version 1.0* @Description:* @date 2019/2/17*/public class AuthRealm extends AuthorizingRealm {/*** @Lazy 延迟注入，不然redis注解会因为注入顺序问题失效*/@Autowired@Lazyprivate UserService userService;/*** 授权* @param principals* @return*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {User user = (User) principals.fromRealm(this.getClass().getName()).iterator().next();List permissionList = new ArrayList<>();List roleNameList = new ArrayList<>();Set roleSet = user.getRoles();if (CollectionUtils.isNotEmpty(roleSet)) {for(Role role : roleSet) {roleNameList.add(role.getName());Set permissionSet = role.getPermissions();if (CollectionUtils.isNotEmpty(permissionSet)) {for (Permission permission : permissionSet) {permissionList.add(permission.getName());}}}}SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();info.addStringPermissions(permissionList);info.addRoles(roleNameList);return info;}/*** 认证登录* @param token* @return* @throws AuthenticationException*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;String username = usernamePasswordToken.getUsername();User user = userService.findByUsername(username);return new SimpleAuthenticationInfo(user, user.getPassword(), this.getClass().getName());}}
.java
package com.example.demo2.config;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;/*** @author sssr* @version 1.0* @Description:* @date 2019/2/17*/public class CredentialMatcher extends SimpleCredentialsMatcher {@Overridepublic boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;String password = new String(usernamePasswordToken.getPassword());String dbPassword = (String) info.getCredentials();return this.equals(password, dbPassword);}}