SpringBoot 整合 Shiro 密碼登錄與郵件驗證碼登錄功能(多 Realm 認證)
導入依賴(pom.xml)
<!--整合Shiro安全框架--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <!--集成jwt實現token認證--> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.2.0</version> </dependency>
在 SpringBoot 項目配置 config 包下創建 ShiroConfig 配置類
@Configuration
public class ShiroConfig {
/**
* ShiroFilterFactoryBean
* <p>
* anon:無需認證就可以訪問
* authc:必須認證才能訪問
* user:必須擁有 記住我 功能才能用
* perms:擁有對某個資源的權限能訪問
* role:擁有某個角色權限能訪問
*/
@Bean
public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
// 設置安全管理器
factoryBean.setSecurityManager(defaultWebSecurityManager);
// 添加shiro的內置過濾器
Map<String, String> filterMap = new LinkedHashMap<>();
// 放行不需要權限認證的接口
// 網站首頁
filterMap.put("/", "anon");
filterMap.put("/index", "anon");
filterMap.put("/index.html", "anon");
// 不驗證跳轉接口
filterMap.put("/into/**", "anon");
// 需要權限認證的接口
// 驗證跳轉接口
filterMap.put("/verifyInto/**", "authc");
factoryBean.setFilterChainDefinitionMap(filterMap);
// 訪問沒有授權的資源
factoryBean.setLoginUrl("redirect:/into/login");
// 設置無權限時跳轉的url
factoryBean.setUnauthorizedUrl("redirect:/into/login");
return factoryBean;
}
/**
* 管理shiro的生命周期
*/
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* 註入 密碼登錄CustomRealm
*/
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public UserPasswordRealm userPasswordRealm() {
return new UserPasswordRealm();
}
/**
* 註入 郵箱驗證登錄EmailRealm
*/
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public UserEmailRealm userEmailRealm() {
return new UserEmailRealm();
}
/**
* 默認安全管理器
*/
@Bean
public DefaultWebSecurityManager securityManager(UserPasswordRealm userPasswordRealm, UserEmailRealm userEmailRealm, AbstractAuthenticator abstractAuthenticator) {
DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
List<Realm> realms = new ArrayList<>();
realms.add(userPasswordRealm);
realms.add(userEmailRealm);
defaultWebSecurityManager.setRealms(realms);
// 記住我
defaultWebSecurityManager.setRememberMeManager(cookieRememberMeManager());
defaultWebSecurityManager.setAuthenticator(abstractAuthenticator);
return defaultWebSecurityManager;
}
/**
* 認證器 把我們的自定義驗證加入到認證器中
*/
@Bean
public AbstractAuthenticator abstractAuthenticator(UserPasswordRealm userPasswordRealm, UserEmailRealm userEmailRealm) {
// 自定義模塊化認證器,用於解決多realm拋出異常問題
//開始沒用自定義異常問題,發現不管是賬號密碼錯誤還是什麼錯誤
//shiro隻會拋出一個AuthenticationException異常
ModularRealmAuthenticator authenticator = new MyCustomModularRealmAuthenticator();
// 認證策略:AtLeastOneSuccessfulStrategy(默認),AllSuccessfulStrategy,FirstSuccessfulStrategy
authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
// 加入realms
List<Realm> realms = new ArrayList<>();
realms.add(userPasswordRealm);
realms.add(userEmailRealm);
authenticator.setRealms(realms);
return authenticator;
}
/**
* 加入shiro註解 代理生成器 切面
*/
@Bean
@DependsOn({"lifecycleBeanPostProcessor"})
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
/**
* 加入shiro註解 切點
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
/**
* 設置cookie 記住我生成cookie
*/
@Bean
public CookieRememberMeManager cookieRememberMeManager() {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
return cookieRememberMeManager;
}
/**
* 設置cookie有效時間
*/
@Bean
public SimpleCookie rememberMeCookie() {
/*這個參數是cookie的名稱,對應前端頁面的checkbox的name=remremberMe*/
SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
/*cookie的有效時間為30天,單位秒*/
simpleCookie.setMaxAge(259200);
return simpleCookie;
}
}
創建自定義驗證器 MyCustomModularRealmAuthenticator 類
public class MyCustomModularRealmAuthenticator extends ModularRealmAuthenticator {
@Override
protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
AuthenticationStrategy authenticationStrategy = this.getAuthenticationStrategy();
AuthenticationInfo authenticationInfo = authenticationStrategy.beforeAllAttempts(realms, token);
Iterator var5 = realms.iterator();
while (var5.hasNext()) {
Realm realm = (Realm) var5.next();
authenticationInfo = authenticationStrategy.beforeAttempt(realm, token, authenticationInfo);
if (realm.supports(token)) {
AuthenticationInfo info = null;
Throwable t = null;
info = realm.getAuthenticationInfo(token);
authenticationInfo = authenticationStrategy.afterAttempt(realm, token, info, authenticationInfo, t);
}
}
authenticationInfo = authenticationStrategy.afterAllAttempts(token, authenticationInfo);
return authenticationInfo;
}
}
創建密碼登錄時驗證授權 UserPasswordRealm 類
@Component
public class UserPasswordRealm extends AuthorizingRealm {
// 註入用戶業務
@Autowired
private UserMapper userMapper;
/**
* 授權
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
System.out.println("————密碼授權————doGetAuthorizationInfo————");
return null;
}
/**
* 認證
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("————密碼認證————doGetAuthenticationInfo————");
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
// 連接數據庫 查詢用戶數據
QueryWrapper<User> wrapper = new QueryWrapper<>();
wrapper.eq("user_name", userToken.getUsername());
User user = userMapper.selectOne(wrapper);
// 驗證用戶
if (user == null) {
throw new UnknownAccountException();
}
return new SimpleAuthenticationInfo("", user.getUserPassword(), "");
}
/**
* 用來判斷是否使用當前的 realm
*
* @param var1 傳入的token
* @return true就使用,false就不使用
*/
@Override
public boolean supports(AuthenticationToken var1) {
return var1 instanceof UsernamePasswordToken;
}
}
創建郵件驗證碼登錄時驗證授權UserEmailRealm 類
@Component
public class UserEmailRealm extends AuthorizingRealm {
// 註入用戶業務
@Autowired
UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("————郵箱登錄授權————doGetAuthorizationInfo————");
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("————郵箱登錄認證————doGetAuthenticationInfo————");
UserEmailToken userEmailToken = (UserEmailToken) token;
String userEmail = (String) userEmailToken.getPrincipal();
// 連接數據庫 查詢用戶數據
QueryWrapper<User> wrapper = new QueryWrapper<>();
wrapper.eq("user_email", userEmail);
User user = userService.getOne(wrapper);
//因為沒有密碼,並且驗證碼在之前就驗證瞭
if (user == null) {
throw new UnknownAccountException();
}
return new SimpleAuthenticationInfo("", userEmail, "");
}
/**
* 用來判斷是否使用當前的 realm
*
* @param var1 傳入的token
* @return true就使用,false就不使用
*/
@Override
public boolean supports(AuthenticationToken var1) {
return var1 instanceof UserEmailToken;
}
}
創建郵件驗證碼登錄驗證通過生成令牌的 UserEmailToken 類(密碼登錄時使用shiro默認的 UsernamePasswordToken 令牌)
@Data // 使用lombok 生成get方法、set方法
public class UserEmailToken implements HostAuthenticationToken, RememberMeAuthenticationToken {
private String userEmail;
private boolean rememberMe;
private String host;
public UserEmailToken() {
this.rememberMe = false;
}
public UserEmailToken(String userEmail) {
this(userEmail, false, null);
}
public UserEmailToken(String userEmail, boolean rememberMe) {
this(userEmail, rememberMe, null);
}
public UserEmailToken(String userEmail, boolean rememberMe, String host) {
this.userEmail = userEmail;
this.rememberMe = rememberMe;
this.host = host;
}
@Override
public String getHost() {
return host;
}
@Override
public boolean isRememberMe() {
return rememberMe;
}
/**
* 重寫getPrincipal方法
*/
@Override
public Object getPrincipal() {
return userEmail;
}
/**
* 重寫getCredentials方法
*/
@Override
public Object getCredentials() {
return userEmail;
}
}
創建密碼鹽值加密 MDPasswordUtil 工具類
public class MDPasswordUtil {
public String getMDPasswordUtil(String userName, String userPassword) {
String hashAlgorithmName = "MD5"; // 加密方式:md5加密
Object credentials = userPassword; // 密碼
Object salt = ByteSource.Util.bytes(userName); // 鹽
int hashIterations = 512; // 加密次數
Object result = new SimpleHash(hashAlgorithmName, credentials, salt, hashIterations);
return result.toString();
}
}
控制層用戶密碼登錄
// 用戶密碼登錄
@PostMapping("/passwordLogin")
public String userLogin(@RequestParam("userName") String userName,
@RequestParam("userPassword") String userPassword,
HttpSession session, Model model) {
// 獲取當前的用戶
Subject subject = SecurityUtils.getSubject();
// 對密碼進行MD5鹽值加密
String md5Password = new MDPasswordUtil().getMDPasswordUtil(userName, userPassword);
// 封裝用戶的登錄數據
UsernamePasswordToken token = new UsernamePasswordToken(userName, md5Password);
//rememberme記住我
token.setRememberMe(true);
try {
// 登錄,驗證,保存令牌
subject.login(token);
//查詢登錄信息
QueryWrapper<User> wrapper = new QueryWrapper<>();
wrapper.eq("user_name", userName);
User user = userService.getOne(wrapper);
//保存登錄用戶信息
session.setAttribute(user.getUserId().toString(), user);
return "admin";
} catch (UnknownAccountException e) {
model.addAttribute("userError", "用戶名錯誤!請重新輸入。");
return "login";
} catch (IncorrectCredentialsException ice) {
model.addAttribute("pwError", "密碼錯誤!請重新輸入。");
return "login";
}
}
控制層用戶郵件驗證碼密碼登錄
// 用戶郵箱登錄
@PostMapping("/emailLogin")
public String emailLogin(@RequestParam("userEmail") String userEmail,
@RequestParam("emailCode") String emailCode,
HttpSession session, Model model) {
// 根據userEmail從session中取出發送的驗證碼
String sendEmailCode = (String) session.getAttribute(userEmail);
// 比對驗證碼
if (StringUtils.isNoneBlank(sendEmailCode) && sendEmailCode.equals(emailCode)) {
try {
UserEmailToken token = new UserEmailToken(userEmail);
//rememberme記住我
token.setRememberMe(true);
// 登錄,驗證,保存令牌
Subject subject = SecurityUtils.getSubject();
subject.login(token);
//查詢登錄信息
QueryWrapper<User> wrapper = new QueryWrapper<>();
wrapper.eq("user_email", userEmail);
User user = userService.getOne(wrapper);
//保存登錄用戶信息
session.setAttribute(user.getUserId().toString(), user);
// 銷毀驗證碼
session.removeAttribute(emailCode);
return "admin";
} catch (Exception e) {
model.addAttribute("error", "驗證碼錯誤!請重新輸入。");
return "login";
}
} else {
return "login";
}
}
SpringBoot 整合 Shiro 密碼登錄與郵件驗證碼登錄(多 Realm 認證)就可以瞭 (有點多,哈哈哈)
推薦大神:狂神說Java
到此這篇關於SpringBoot 整合 Shiro 密碼登錄與郵件驗證碼登錄(多 Realm 認證)的文章就介紹到這瞭,更多相關SpringBoot 整合 Shiro登錄內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!
推薦閱讀:
- Spring Boot+Shiro實現一個Http請求的Basic認證
- springboot整合shiro多驗證登錄功能的實現(賬號密碼登錄和使用手機驗證碼登錄)
- SpringBoot 整合 Shiro 密碼登錄的實現代碼
- spring-shiro權限控制realm實戰教程
- SpringBoot整合Shiro實現權限控制的代碼實現