Of Stack

Implementation code of SpringBoot integrating Shiro password login

  • 2021-08-31 08:00:00
  • OfStack

Import dependencies (pom. xml) 


 <!-- Integration Shiro Security framework -->
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-spring</artifactId>
      <version>1.4.0</version>
    </dependency>
    <!-- Integration jwt Realization token Certification -->
    <dependency>
      <groupId>com.auth0</groupId>
      <artifactId>java-jwt</artifactId>
      <version>3.2.0</version>
    </dependency>

Create an ShiroConfig configuration class 


@Configuration
public class ShiroConfig {

  /**
   * ShiroFilterFactoryBean
   */
  @Bean
  public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
    // Setting up Security Manager 
    factoryBean.setSecurityManager(defaultWebSecurityManager);
    //  Add shiro Built-in filter of 
    /*
     * anon Access without authentication 
     * authc : Must be authenticated to access 
     * user : Must have   Remember me   Function can only be used 
     * perms Have permissions on a resource to access 
     * role Have a role permission to access 
     */
    Map<String, String> filterMap = new LinkedHashMap<>();
    //  Release interfaces that do not require permission authentication 
    // Release login interface 
    filterMap.put("/login/**", "anon");
    // Release user interface 
    filterMap.put("/", "anon");       //  Home page of website 
 
    // Authenticated administrator interface 
    filterMap.put("/administrators/**", "authc");
    factoryBean.setFilterChainDefinitionMap(filterMap);
    //  Object that does not have time-limited jump  url
    //  Set up login requests 
    factoryBean.setLoginUrl("/login/toLogin");

    return factoryBean;
  }

  /**
   *  Injection  DefaultWebSecurityManager
   */
  @Bean(name = "securityManager")
  public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("customRealm") CustomRealm customRealm) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    // Association CustomRealm
    securityManager.setRealm(customRealm);
    return securityManager;
  }

  /**
   *  Injection  securityManager
   */
  @Bean
  public CustomRealm customRealm() {
    return new CustomRealm();
  }

}

Verify authorization CustomRealm class when creating password login 


@Component
public class CustomRealm extends AuthorizingRealm {

  @Autowired
  AdministratorsService administratorsService;

  /*
   *  Setting Encryption Method 
   */
  {
    HashedCredentialsMatcher mather = new HashedCredentialsMatcher();
    //  Encryption mode 
    mather.setHashAlgorithmName("md5");
    //  Cryptographic process 1 Secondary operation 
    mather.setHashIterations(512);
    this.setCredentialsMatcher(mather);
  }

  /**
   *  Authorization 
   */
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    System.out.println(" Authorization doGetAuthorizationInfo --- ");

    return null;
  }

  /**
   *  Certification 
   */
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    System.out.println(" Certification doGetAuthenticationInfo --- ");

    UsernamePasswordToken userToken = (UsernamePasswordToken) token;
    //  Connect to a database   Query user data 
    QueryWrapper<Administrators> wrapper = new QueryWrapper<>();
    wrapper.eq("username", userToken.getUsername());
    Administrators administrators = administratorsService.getOne(wrapper);

    if (administrators == null) {
      return null; //  Throw an exception  UnknownAccountException
    }
    //  Password authentication, shiro Do 
    return new SimpleAuthenticationInfo("", administrators.getPassword(), "");
  }

}

Control layer user password login 


// User name login 
  @ApiOperation(value = " Administrator login ", notes = " User name login -- Do not intercept ")
  @PostMapping("/doLogin")
  public String doLogin(@RequestParam("username") String username,
             @RequestParam("password") String password,
             HttpSession session,Model model) {
    //  Get the current user 
    Subject subject = SecurityUtils.getSubject();
    //  Encapsulate the user's login data 
    UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    try {
      subject.login(token);
      // Save session Conversation   Administrator name 
      session.setAttribute("adname", username);
      return "admin";
    } catch (UnknownAccountException e) {
      model.addAttribute("usererror", " Wrong user name! Please re-enter. ");
      return "login";
    } catch (IncorrectCredentialsException ice) {
      model.addAttribute("pwerror", " Wrong password! Please re-enter. ");
      return "login";
    }
  }
Related articles: