“This is the 25th day of my participation in the November Gwen Challenge. See details of the event: The Last Gwen Challenge 2021”.
Springboot integration shior first experience
What is Shiro?
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password, and session management. Using Shiro’s easy-to-understand apis, you can quickly and easily obtain any application, from the smallest mobile applications to the largest web and enterprise applications.
It has three core components: Subject, SecurityManager, and Realms. Subject: “current user.” However, in Shiro, the concept of Subject does not just refer to people. It can also be a third-party process, a Daemon Account, or something similar. It simply means “what is currently interacting with the software.” Subject represents the security actions of the current user, and SecurityManager manages the security actions of all users. SecurityManager: It is the core of Shiro’s framework, a typical Facade pattern through which Shiro manages internal component instances and provides various services for security management. Realm: Realm acts as a “bridge” or “connector” between Shiro and application security data. That is, when authenticating a user (login) and authenticating a user (access control), Shiro looks up the user and their permission information from an application-configured Realm.
Quick start
-
Introducing Maven coordinates<! -- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring --><! <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.53.</version> </dependency> Copy the code -
Writing the Config file
package com.config; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.HashMap; import java.util.Map; // Shiro's configuration class @Configuration public class ShiroConfig { // Step 3: ShiroFilterFactoryBean @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager defaultSecurityManager){ ShiroFilterFactoryBean shiroFilterFactoryBean =new ShiroFilterFactoryBean(); // Set the security manager shiroFilterFactoryBean.setSecurityManager(defaultSecurityManager); Add shiro's built-in filters /* anno: authc: authc: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC Map<String,String> filterMap =new HashMap<String, String>(); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap); filterMap.put("/user/add"."authc");// Only authenticated can access the /user/add page filterMap.put("/user/update"."authc"); return shiroFilterFactoryBean; } / / get DafaultWebSecurityManager second step @Bean(name = "securityManager")// Set your own method name instead of the default method name public DefaultSecurityManager getWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){/ / bind userRealm DefaultWebSecurityManager webSecurityManager =new DefaultWebSecurityManager(); / / associated userRealm webSecurityManager.setRealm(userRealm); return webSecurityManager; } // The first step is to create a realm object @Bean public UserRealm userRealm(a){ return new UserRealm(); }// The custom UserRealm class is hosted by Spring } Copy the code -
Create test HTML
<! DOCTYPEhtml> <html lang="en" xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>Home page</h1> <hr> <a th:href="@{/user/add}">add</a> <a th:href="@{/user/update}">update</a> </body> </html> Copy the code
<! DOCTYPEhtml>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
add
</body>
</html>
Copy the code
<! DOCTYPEhtml>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
update
</body>
</html>
Copy the codeTo begin testing
Login interface:
Click the Add button in the picture:
Click the Update button in the picture:
Are not authorized to access the site
Improvement ideas
If you do not have permission, you should go to the login page instead of reporting a 404 error, so you need to add the login page and modify some code
Adding a login page
<! DOCTYPEhtml>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>landing</h1>
<hr>
<form action="/login">
<p>Account:<input type="text" name="usermame"></p>
<p>Password:<input type="text" name="password"></p>
<input type="submit" value="Login">
</form>
</body>
</html>
Copy the codeModify the Controller
Added login method
package com.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class ShiroController {
@RequestMapping({"/","/index"})
public String toindex(a){
return "index";
}
@RequestMapping({"/user/add"})
public String add(a){
return "user/add";
}
@RequestMapping({"/user/update"})
public String update(a){
return "user/update";
}
@RequestMapping({"/login"})
public String login(a){
return "user/login"; }}Copy the codeModifying the Config file
Add the setLoginUrl method
package com.config;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.HashMap;
import java.util.Map;
// Shiro's configuration class
@Configuration
public class ShiroConfig {
// Step 3: ShiroFilterFactoryBean
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager defaultSecurityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean =new ShiroFilterFactoryBean();
// Set the security manager
shiroFilterFactoryBean.setSecurityManager(defaultSecurityManager);
Add shiro's built-in filters
/* anno: authc: authc: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC: authC
Map<String,String> filterMap =new HashMap<String, String>();
filterMap.put("/user/add"."authc");// Only authenticated can access the /user/add page
filterMap.put("/user/update"."authc");
//filterMap.put("/user/*","authc"); Wildcard characters are supported
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
shiroFilterFactoryBean.setLoginUrl("/login");// Set the login request
return shiroFilterFactoryBean;
}
/ / get DafaultWebSecurityManager second step
@Bean(name = "securityManager")// Set your own method name instead of the default method name
public DefaultSecurityManager getWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){/ / bind userRealm
DefaultWebSecurityManager webSecurityManager =new DefaultWebSecurityManager();
/ / associated userRealm
webSecurityManager.setRealm(userRealm);
return webSecurityManager;
}
// The first step is to create a realm object
@Bean
public UserRealm userRealm(a){
return new UserRealm();
}// The custom UserRealm class is hosted by Spring
}
Copy the codeThe test again
Click Add (Update)
Okk!!!!! The first shiro integration with Springboot is over, and I’ll keep learning! My blog is synchronized to tencent cloud + community, invite everyone to come together: cloud.tencent.com/developer/s…