Spring boot基础学习之(十八):通过shiro框架使用Mybatis实现用户的认证完整的认证流程
在上几篇文章的基础上,实现本次案例
注意:本篇文章的实现代码在几篇文章都已经详细的讲过了,所以在此篇文章,将不再有理论知识的陈述,更过的流程,如何通过代码实现连接数据库进行认证
添加本次案例所需要的依赖
完整代码依赖:pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.7.9</version><relativePath/></parent><groupId>com.springboot_shiro</groupId><artifactId>demo</artifactId><version>0.0.1-SNAPSHOT</version><name>demo</name><description>Demo project for Spring Boot</description><properties><java.version>14</java.version></properties>
<!-- web环境依赖--><dependencies><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>com.mysql</groupId><artifactId>mysql-connector-j</artifactId><scope>runtime</scope></dependency><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>2.3.0</version></dependency><dependency><groupId>com.alibaba</groupId><artifactId>druid</artifactId><version>1.2.16</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jdbc</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId></dependency>
<!-- thymeleaf依赖实现数据的传递--><dependency><groupId>org.thymeleaf</groupId><artifactId>thymeleaf-spring5</artifactId></dependency><dependency><groupId>org.thymeleaf.extras</groupId><artifactId>thymeleaf-extras-java8time</artifactId></dependency>
<!-- 导入shiro与spring的集成--><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.10.0</version></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>
先通过idea app连接数据库idea 工具Database连接MySQL数据库
连接数据库的内容在前几篇文章都演示过了,这一篇文章则是前几篇文章的整合版,将前几篇的内容整合在一起,更好的适合我们的使用
在数据库创建一个表,存放着我们登录时验证的信息
连接数据库:数据源为Druid:application.yml
spring:datasource:username: demo1password: 123url: jdbc:mysql://localhost:3306/girls?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8type: com.alibaba.druid.pool.DruidDataSourceinitialSize: 5minIdle: 5maxActive: 20maxWait: 60000timeBetweenEvictionRunsMillis: 60000minEvictableIdleTimeMillis: 300000validationQuery: SELECT 1 FROM DUALtestWhileIdle: truetestOnBorrow: falsetestOnReturn: falsepoolPreparedStatements: true#配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入#如果允许时报错 java.lang.ClassNotFoundException: org.apache.log4j.Priority#则导入 log4j 依赖即可,Maven 地址:https://mvnrepository.com/artifact/log4j/log4jfilters: stat,wall,log4jmaxPoolPreparedStatementPerConnectionSize: 20useGlobalDataSourceStat: trueconnectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500driver-class-name: com.mysql.cj.jdbc.Driver连接成功后
创建pojo类,用以存放数据库的信息user.java
@Data
@AllArgsConstructor
@NoArgsConstructor
public class user {private String username;private String password;
}
创建mapper接口,定义数据库的具体操作,查询操作 interence UserMapper
@Repository
@Mapper
public interface UserMapper {public user queryUser(String name);
}
创建service层
创建userService 内容与UserMapper 接口差不多,少了注解:此接口为了更好的了解
package com.springboot_shiro.service;import com.springboot_shiro.pojo.user;public interface userService {public user queryUser(String name);
}
创建userService接口的实现类:
import javax.annotation.Resource;@Service
public class userServiceimp implements userService {@AutowiredUserMapper userMapper;@Overridepublic user queryUser(String name) {System.out.println("22");return userMapper.queryUser(name);}
}
创建Mapper配置文件,执行sql语句
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""https://mybatis.org/dtd/mybatis-3-mapper.dtd">
<!-- 映射到指定的接口-->
<mapper namespace="com.springboot_shiro.mapper.UserMapper"><!-- 并重载接口中定义的方法--><select id="queryUser" resultType="user" parameterType="String">select * from girls.login where username = #{name}</select></mapper>这里的id值为前面创建的userMapper方法,在这个配置文件执行前面的配置的方法
光通过一个id属性是没办法让xml文件知道,这里的方法那个接口中的方法,我们要用过配置文件去设置路径
mybatis.type-aliases-package=com.springboot_shiro.pojo
mybatis.mapper-locations=classpath:/mapper/*.xml
通过测试文件看能否输出从数据库中查询的数据
@SpringBootTest
class DemoApplicationTests {@Autowiredcom.springboot_shiro.service.userServiceimp userServiceimp;@Testvoid contextLoads() throws Exception{System.out.println(userServiceimp.queryUser("demo1"));}}
控制台输出:
数据查询成功:与数据库的交互完成
将mybatis与shiro框架整合在一起
shiro框架
域名配置
@Controller
public class controller1 {//索引网页的设置@RequestMapping("/")public String Toindex(Model model){return "index";}//add网页@RequestMapping("/add")public String add(){return "add";}//update网页@RequestMapping("/update")public String update(){return "update";}//登录界面@RequestMapping("/tologin")public String login(){return "login";}//登录界面form表格进行提交,提交到这@RequestMapping("/get")public String getword(String username,String password,Model model){//组件一:subjectSubject subject = SecurityUtils.getSubject();//将用用户名和密码进行加密UsernamePasswordToken Token = new UsernamePasswordToken(username, password);//通过subject将Token交给securitymanager进行验证try {subject.login(Token); //验证通过,跳转到index网页return "index";}catch (UnknownAccountException e){ //出现用户名错误model.addAttribute("msg","用户名输入错误"); //通过model类进参数的传递return "login";}catch (IncorrectCredentialsException e){ //出现密码错误model.addAttribute("msg","密码输入错误");return "login";}}
}
定义shiro验证流程
package com.springboot_shiro.Myconfig;import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import java.util.LinkedHashMap;
import java.util.Map;
//isAuthenticated:用于判断用户是否已经进行登录
@Configuration
public class config1 {//定义认证流程过程中需要的程序
// shiroFilterFactoryBean组件可以实现指定网页的拦截,并为文件的访问设置权限@Beanpublic ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager FactoryBean){ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();shiroFilterFactoryBean.setSecurityManager(FactoryBean);//拦截请求Map<String,String> map = new LinkedHashMap<>();//权限设置:当访问/add这个网页要先进行登录map.put("/add","authc");//访问/update则不需要进行任何操作,直接可以进行访问map.put("/update","anon");shiroFilterFactoryBean.setFilterChainDefinitionMap(map);//访问需要进行认证的网页,如果没有进行登录则进行网页的跳转shiroFilterFactoryBean.setLoginUrl("/tologin");return shiroFilterFactoryBean;}//对内部的组件进行管理@Beanpublic DefaultWebSecurityManager securityManager(@Qualifier("realm") Realm realm){DefaultWebSecurityManager SecurityManager = new DefaultWebSecurityManager();SecurityManager.setRealm(realm);return SecurityManager;}//用户验证的桥梁,实现用户的认证信息的确认@Beanpublic Realm realm(){return new Realm();}
}
前面的代码与上一篇文章相同,不需要进行更改,
但Realm则不同,他要与前面关于Mybatis配置结合在一起
public class Realm extends AuthorizingRealm {@Autowiredcom.springboot_shiro.service.userService userService;//授权内容则是在这个接口进行配置@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("执行了授权");return null;}//验证则是在这个接口进行配置//获取subject传递来的参数加密的令牌Token,进行认证//AuthenticationInfo是一个接口:return它的的实现类@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken Token) throws AuthenticationException {UsernamePasswordToken token =(UsernamePasswordToken) Token; //转换user user = userService.queryUser(token.getUsername());System.out.println(token.getUsername());if (user==null){return null;}//密码的验证,在spring boot架构中给一个类SimpleAuthenticationInfo可以自动化进行认证return new SimpleAuthenticationInfo("",user.getPassword(),"");}
}
代码完毕:执行项目进行登录
控制台输出:说明登陆成功
尝试登陆其他的用户:报错
shiro与mybatis关于认证方面整合完成
