引言：Shiro是apache旗下一个开源框架，它将软件系统的安全认证相关的功能抽取出来，实现用户身份认证，权限授权、加密、会话管理等功能，组成了一个通用的安全认证框架

注册功能实现

表设计和环境配置

引入依赖

		<!--mybatis--><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>2.1.3</version></dependency><!--mysql--><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId></dependency><!--druid--><dependency><groupId>com.alibaba</groupId><artifactId>druid</artifactId><version>1.1.19</version></dependency>

配置application.properties

server.port=8089
# 设置名字
spring.application.name=shiro
# 指定项目访问路径名
server.servlet.context-path=/shiro
# 把视图换成jsp
spring.mvc.view.prefix=/
spring.mvc.view.suffix=.jsp# 配置数据源相关参数
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/shiro?characterEncoding=UTF-8&serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=root# 配置mybatiss
mybatis.type-aliases-package=com.ryoujou.entity
# 对应静态资源目录
mybatis.mapper-locations=classpath:com/ryoujou/mapper/*.xml

设计表数据

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for t_user
-- ----------------------------
DROP TABLE IF EXISTS `t_user`;
CREATE TABLE `t_user` (`id` int(6) NOT NULL AUTO_INCREMENT,`username` varchar(40) DEFAULT NULL,`password` varchar(40) DEFAULT NULL,`salt` varchar(255) DEFAULT NULL,PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;SET FOREIGN_KEY_CHECKS = 1;

---

开发编写

• 1.创建实体类entity

@Data
@Accessors(chain = true)
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class User {private String id;private String username;private String password;private String salt;
}

• 2.创建DAO接口和UserDAOMapper

@Mapper
public interface UserDAO {void save(User user);
}

<!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.ryoujou.dao.UserDAO"><insert id="save" parameterType="User" useGeneratedKeys="true" keyProperty="id">insert into t_user values(#{id},#{username},#{password},#{salt})</insert>
</mapper>

• 3.开发service接口和实现类

public interface UserService {//注册用户方法void register(User user);
}

@Service
@Transactional
public class UserServiceImpl implements UserService {@Resourceprivate UserDAO userDAO;@Overridepublic void register(User user) {//处理业务调用dao//明文密码进行md5处理+salt+hash//1.生成随机盐String salt = SaltUtils.getSalt(8);//2.随机盐保存到数据user.setSalt(salt);//3.根据明文密码进行md5+salt+hashMd5Hash md5Hash = new Md5Hash(user.getPassword(),salt,1024);//将生成的密文赋值给useruser.setPassword(md5Hash.toHex());//4.调用UserDAO保存user对象userDAO.save(user);}
}

• 4.开发slat工具类

public class SaltUtils {/** 生成salt的静态方法* */public static String getSalt(int n){char[] chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()".toCharArray();StringBuilder sb = new StringBuilder();for (int i = 0; i < n; i++) {char aChar = chars[new Random().nextInt(chars.length)];sb.append(aChar);}return sb.toString();}/**测试main函数* */public static void main(String[] args) {String salt = getSalt(4);System.out.println(salt);}
}

5.开发Controller

@Controller
@RequestMapping("user")
public class UserController {@Autowiredprivate UserService userService;/** 用户认证** */@RequestMapping("register")public String register(User user){try {userService.register(user);//成功就返回登录页面return "redirect:/login.jsp";} catch (Exception e) {e.printStackTrace();//失败返回注册页面return "redirect:/register.jsp";}}/** 用户登录* 用来处理身份认证* 接受String类型的username和password* */@RequestMapping("login")public  String login(String username,String password){//获取主体对象//在DefaultSecurityWebManager中,会自动注入全局安全管理工具Subject subject = SecurityUtils.getSubject();//登录时，把获取到的主体对象信息封装成tokentry {//登录，成功后跳转到index.jsp页面资源subject.login(new UsernamePasswordToken(username,password));return "redirect:/index.jsp";} catch (UnknownAccountException e) {e.printStackTrace();System.out.println("用户名不存在");}catch (IncorrectCredentialsException e) {e.printStackTrace();System.out.println("密码错误");}//登录失败回到login.jsp页面资源return "redirect:/login.jsp";}/** 退出登录** */@RequestMapping("logout")public String logout(){Subject subject = SecurityUtils.getSubject();subject.logout();return "redirect:/login.jsp";}
}

• 启动访问进行注册

http://localhost:8089/shiro/register.jsp

• 在数据库可以查询到数据

---

数据库表认证实现

• 0.开发DAO

@Mapper
public interface UserDAO {//注册保存用户void save(User user);// 登录验证数据库用户User findByUserName(String username);
}

---

• 1.开发mapper配置文件

<!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.ryoujou.dao.UserDAO"><insert id="save" parameterType="User" useGeneratedKeys="true" keyProperty="id">insert into t_user values(#{id},#{username},#{password},#{salt})</insert><select id="findByUserName" parameterType="String" resultType="User">select id,username,password,salt from t_userwhere username = #{username}</select>
</mapper>

---

• 2.开发Service接口

public interface UserService {//注册用户方法void register(User user);//根据用户名查询业务的方法User findByUserName(String username);
}

---

• 3.开发Service实现类

@Service("userServiceImpl")
@Transactional
public class UserServiceImpl implements UserService {@Autowiredprivate UserDAO userDAO;@Overridepublic User findByUserName(String username) {return userDAO.findByUserName(username);}@Overridepublic void register(User user) {//处理业务调用dao//1.生成随机盐String salt = SaltUtils.getSalt(8);//2.将随机盐保存到数据user.setSalt(salt);//3.明文密码进行md5 + salt + hash散列Md5Hash md5Hash = new Md5Hash(user.getPassword(),salt,1024);user.setPassword(md5Hash.toHex());userDAO.save(user);}
}

public interface UserService {//注册用户方法void register(User user);// 登录验证数据库用户User findByUserName(String username);
}

---

• 4.开发在工厂中获取bean对象的工具类

@Component
public class ApplicationContextUtils implements ApplicationContextAware {private static ApplicationContext context;/** 回传创建好的工厂* */@Overridepublic void setApplicationContext(ApplicationContext applicationContext) throws BeansException {this.context = applicationContext;}//根据bean的名字获取工厂中指定的bean对象public static Object getBean(String beanName){return context.getBean(beanName);}
}

---

• 5.修改自定义realm

public class CustomerRealm extends AuthorizingRealm {//授权@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}//认证@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {//伪代码数据//获取到前台传输的tokenString principal = (String) token.getPrincipal();//在工厂工具类ApplicationContextUtils中获取service对象，默认策略是首字母小写,获取我们的userServiceImpl对象UserService userService = (UserService) ApplicationContextUtils.getBean("userServiceImpl");//调用UserServiceUser user = userService.findByUserName(principal);
//      旧版伪代码
//        if ("xiaozhang".equals(principal)){
//            //成功返回创建的对象信息
//            return new SimpleAuthenticationInfo(principal,"123",this.getName());
//        }//判断//第一个参数用户名//第二个参数密码//第三个参数随机盐//第四个参数是Realm的名字if (!ObjectUtils.isEmpty(user)){return new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(), ByteSource.Util.bytes(user.getSalt()),this.getName());}return null;}
}

---

• 6.修改ShiroConfig中realm使用凭证匹配器以及hash散列

@Configuration
public class ShiroConfig {/** 1.创建shirofilter，使用工厂构建,* 定义一个shirofilter获取方法，负债拦截所有请求* DefaultWebSecurityManager defaultWebSecurityManager* 传入，因为shirofilter依赖于DefaultWebSecurityManager进行构建* */@Beanpublic ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();//注入安全管理器DefaultWebSecurityManagershiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);//配置系统公共资源Map<String,String> map = new HashMap<String,String>();map.put("/user/login","anon");//anon 设置为公共资源  放行资源放在下面map.put("/user/register","anon");//anon 设置为公共资源  放行资源放在下面map.put("/register.jsp","anon");//anon 设置为公共资源  放行资源放在下面map.put("/user/getImage","anon");map.put("/**","authc");//authc 请求这个资源需要认证和授权//默认认证界面路径shiroFilterFactoryBean.setLoginUrl("/login.jsp");shiroFilterFactoryBean.setFilterChainDefinitionMap(map);//返回一个shiroFilterFactoryBeanreturn  shiroFilterFactoryBean;}/** 2.创建SecurityManager，这里是DefaultWebSecurityManager** */@Beanpublic DefaultWebSecurityManager getDefaultWebSecurityManager(Realm realm){DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();//给安全管理器设置RealmdefaultWebSecurityManager.setRealm(realm);return defaultWebSecurityManager;}/** 3.创建realm自定义的数据域* */@Beanpublic Realm getRealm(){CustomerRealm customerRealm = new CustomerRealm();//修改凭证校验匹配器HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();//设置加密算法credentialsMatcher.setHashAlgorithmName("md5");//设置散列次数credentialsMatcher.setHashIterations(1024);customerRealm.setCredentialsMatcher(credentialsMatcher);return customerRealm;}
}

• 启动项目->访问公共资源完成注册->完成登录认证进入授权资源
  http://localhost:8089/shiro/register.jsp
  
  
  

—end