controller类:RouterController.java
package com.example.spring_security.controller; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.*; import org.thymeleaf.util.StringUtils; import javax.servlet.http.HttpSession; @Controller public class RouterController { @RequestMapping("/index") public String toIndex(){ return "index"; } @RequestMapping("/login") public String toLogin(){ return "/views/login"; } @PostMapping("/user/login") public String redirectLogin(Model model, HttpSession httpSession, @RequestParam("username") String userName, @RequestParam("password") String passWord){ if (!StringUtils.isEmpty(userName) && "admin".equals(passWord)) { // httpSession.setAttribute("loginUser",userName); return "redirect:/index.html"; } else { model.addAttribute("msg","用户名或密码错误"); return "views/login"; } } @RequestMapping("/level1/{id}") public String toLevel1(@PathVariable("id") int id){ return "views/level1/"+id; } @RequestMapping("/level2/{id}") public String toLevel2(@PathVariable("id") int id){ return "views/level2/"+id; } @RequestMapping("/level3/{id}") public String toLevel3(@PathVariable("id") int id){ return "views/level3/"+id; } } 十一、shiro安全机制shiro需要一个config类来实现过滤 和一个realm对象来实现认证与授权
application.yml
#连接数据库的配置,以及使用druid数据源进行连接 spring: thymeleaf: cache: false datasource: url: jdbc:mysql://localhost:3306/curry?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8 driver-class-name: com.mysql.cj.jdbc.Driver username: root password: root type: com.alibaba.druid.pool.DruidDataSource mybatis: # mapper-locations: classpath:mapper/*.xml //使用mybatis注解实现,不需要使用xml方式 type-aliases-package: com.example.shiro_springboot.pojoshiroconfig.java
package com.example.shiro_springboot.config; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig { // shiroFilterFactoryBean 过滤器 @Bean // 通过@Qualifier("defaultWebSecurityManager")与下面的@Bean(name = "defaultWebSecurityManager")的方法绑定 public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){ ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); // 设置安全管理器 bean.setSecurityManager(defaultWebSecurityManager); //添加shiro的内置过滤器! /* * anon : 无需认证就可以访问 * authc : 必须认证了才能访问 * user : 必须拥有记住我功能才能访问 * perms : 拥有对某个资源的权限才能访问 * role : 拥有某个角色权限才能访问 * */ Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); bean.setFilterChainDefinitionMap(filterChainDefinitionMap); // filterChainDefinitionMap.put("/user/add","authc"); // filterChainDefinitionMap.put("/user/update","authc"); //权限设置 没有add权限 filterChainDefinitionMap.put("/user/update","perms[user:update]"); filterChainDefinitionMap.put("/user/add","perms[user:add]"); filterChainDefinitionMap.put("/user/*","authc"); // 授权跳转 bean.setUnauthorizedUrl("/noauth"); bean.setLoginUrl("/toLogin"); // 设置拦截器 bean.setFilterChainDefinitionMap(filterChainDefinitionMap); return bean; } // DefaultWebSecurityManager @Bean(name = "defaultWebSecurityManager") public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){ // 通过@Qualifier("userRealm")与下面的UserRealm的方法绑定 DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); // 关联UserRealm securityManager.setRealm(userRealm); return securityManager; } //创建realm 对象 @Bean public UserRealm userRealm(){ return new UserRealm(); } }