back end Section
maven configuration shiro,spring boot won't be written.
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactid>shiro-spring</ artifactid>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
< version>1.2.2</version>
</dependency>
<dependency>
<groupId> org.apache.shiro</groupid>
<artifactId>shiro-ehcache</artifactId>
<version> 1.2.2</version>
</dependency>
shiroconfiguration Configuration
Import Com.pamo.mall.util.PropertiesUtil;
Import Org.apache.shiro.cache.ehcache.EhCacheManager;
Import Org.apache.shiro.spring.LifecycleBeanPostProcessor;
Import Org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
Import Org.apache.shiro.spring.web.ShiroFilterFactoryBean;
Import Org.apache.shiro.web.mgt.DefaultWebSecurityManager;
Import Org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
Import Org.springframework.context.annotation.Bean;
Import org.springframework.context.annotation.Configuration;
Import Java.util.LinkedHashMap;
Import Java.util.Map; @Configuration public class Shiroconfiguration {private void Loadshirofilterchain (Shirofilterfactorybean shirofilter
Factorybean) {map<string, string> filterchaindefinitionmap = new linkedhashmap<> (); string[] adminauths = PropertiesUtil.authRes.getString ("admin"). Split (","); Load Administrator Permissions string[] serviceauths = PropertiesUtil.authRes.getString("service"). Split (","); Add passenger service permission string[] anonauths = PropertiesUtil.authRes.getString ("anon"). Split (","); Load Visitor permission for (String adminauth:adminauths) {filterchaindefinitionmap.put (Adminauth, "Authc,roles[adm
In] "); for (String serviceauth:serviceauths) {filterchaindefinitionmap.put (Serviceauth, "Authc,roles[servi
CE] ");
for (String anonauth:anonauths) {filterchaindefinitionmap.put (Anonauth, "anon");
} shirofilterfactorybean.setfilterchaindefinitionmap (Filterchaindefinitionmap); @Bean (name = "Shirofilter") public Shirofilterfactorybean Getshirofilterfactorybean (Defaultwebsecuritymanager s
Ecuritymanager) {Shirofilterfactorybean Shirofilterfactorybean = new Shirofilterfactorybean ();
Shirofilterfactorybean.setsecuritymanager (SecurityManager);
Loadshirofilterchain (Shirofilterfactorybean);
return Shirofilterfactorybean;
} @Bean Public Ehcachemanager Getehcachemanager () {Ehcachemanager em = new Ehcachemanager (); Em.setcachemanagerconfigfile ("Classpath:ehcache-shiro.xml");
Configure Shiro cache return em; @Bean (name = "Myshirorealm") public Myshirorealm Myshirorealm (Ehcachemanager cachemanager) {Myshirorea
LM realm = new Myshirorealm ();
Realm.setcachemanager (CacheManager);
return realm;
@Bean (name = "Lifecyclebeanpostprocessor") public lifecyclebeanpostprocessor Getlifecyclebeanpostprocessor () {
return new Lifecyclebeanpostprocessor (); @Bean public Defaultadvisorautoproxycreator Getdefaultadvisorautoproxycreator () {Defaultadvisorautopro
Xycreator Daap = new Defaultadvisorautoproxycreator ();
Daap.setproxytargetclass (TRUE);
return DAAP; @Bean (name = "SecurityManager") public Defaultwebsecuritymanager Getdefaultwebsecuritymanager (Myshirorealm mySh Irorealm) {DefaultwebsecuRitymanager DWSM = new Defaultwebsecuritymanager ();
Dwsm.setrealm (Myshirorealm);
Dwsm.setcachemanager (Getehcachemanager ());
return DWSM; @Bean public authorizationattributesourceadvisor getauthorizationattributesourceadvisor (defaultwebsecuritymanag
Er securitymanager) {authorizationattributesourceadvisor Aasa = new Authorizationattributesourceadvisor ();
Aasa.setsecuritymanager (SecurityManager);
return AASA; }
}
Ehcache-shiro.xml
<?xml version= "1.0" encoding= "UTF-8"?> <ehcache updatecheck=
"false" Name= "Shirocache" >
< Defaultcache
maxelementsinmemory= "10000"
eternal= "false"
timetoidleseconds= "
timetoliveseconds= "overflowtodisk=" "
false"
diskpersistent= "false
" Diskexpirythreadintervalseconds= "/>"
</ehcache>
Resource File Tool class
Import Java.util.PropertyResourceBundle;
/**
* @comment resource File Tool class
* @author he JIA
* @date July 6, 2017 afternoon 4:32:02
* * Public
class Propertiesutil {public
static propertyresourcebundle authres = (propertyresourcebundle) Propertyresourcebundle.getbundle ("props/authority");
}
Myshirorealm Configuration
Import Com.pamo.mall.rest.domain.po.Account;
Import Com.pamo.mall.rest.service.AccountService;
Import org.apache.shiro.authc.*;
Import Org.apache.shiro.authz.AuthorizationInfo;
Import Org.apache.shiro.authz.SimpleAuthorizationInfo;
Import Org.apache.shiro.realm.AuthorizingRealm;
Import org.apache.shiro.subject.PrincipalCollection;
Import org.springframework.beans.factory.annotation.Autowired; /** * @Description: Realm configuration * @Author: HJ * @Date: 14:19 2017/11/8/public class Myshirorealm extends
LM {@Autowired private accountservice accountservice; /** * @Description: Granting User Rights * @Author: HJ * @Date: 14:19 2017/11/8/@Override protected Autho Rizationinfo Dogetauthorizationinfo (PrincipalCollection principalcollection) {string loginName = (String) super.ge
Tavailableprincipal (principalcollection);
Account account = Accountservice.findbyname (loginName); if (account!= null) {SimpleauthorizationinFO info = new Simpleauthorizationinfo ();
if (account.gettype () = = 1) {//Grant account Type 1 user has Admin,service permission info.addrole ("admin");
Info.addrole ("service");
} if (account.gettype () = = 2) {//Grant account type 2 users have the right to service Info.addrole ("service");
return info;
return null; /** * @Description: Login verification * @Author: HJ * @Date: 14:19 2017/11/8 * * @Override protected AuthenticationInfo dogetauthenticationinfo (Authenticationtoken authenticationtoken) throws AuthenticationException
{Usernamepasswordtoken token = (usernamepasswordtoken) Authenticationtoken;
Account user= Accountservice.findbyname (Token.getusername ()); if (user!=null) {//Auto check return new Simpleauthenticationinfo (User.getusername (), User.getpassword (), GetName ())
;
return null; }
}
Accountservice.findbyname to get the user information from the account.
Start Landing
Controller layer
@Autowired private Accountservice Accountservice; /** * @param loginaccount * @return/@RequestMapping (value = "/login", method= Requestmeth Od. POST) @ResponseBody public String Login (@RequestBody account Loginaccount) {return Accountservice.login (lo
Ginaccount,getrequest ()); @RequestMapping (value = "F", method= Requestmethod.post) @ResponseBody public String test2 (@RequestBody Acc
Ount loginaccount) {return "passing"; /** * Modify Password * @return/@RequestMapping (value = "/U", method= requestmethod.post) @ResponseBo DY public String modifypassword (@RequestBody accountdto accountdto) {return Accountservice.modifypassword (Acco
Untdto,getaccount ()); /** * @Description: Test Landing Access * @Author: HJ * @Date: 9:19 2017/11/8/@RequestMapping (value = "/d", method= requestmethod.post) @ResponseBody public responsemsg test (@RequestBody accountdto ACcountdto) {return new responsemsg ("[Customer service] Login successful"); /** * @Description: Test login access * @Author: HJ * @Date: 9:19 2017/11/8/@RequestMapping (value
= "/P", method= requestmethod.post) @ResponseBody public String test1 (@RequestBody accountdto accountdto) {
Return "[admin] Login Successful"; }
Service Layer
/** * @Description: Landing * @Author: HJ * @Date: 9:38 2017/11/8/Public account login (account Accou NT, HttpServletRequest request) {Usernamepasswordtoken token = new Usernamepasswordtoken (Account.getusername (), a
Ccount.getpassword ());
Subject Subject = Securityutils.getsubject (); try {subject.login (token); This step starts landing and jumps to the Myshirorealm class Dogetauthenticationinfo method}catch (unknownaccountexception UAE) {//Account error TH Row Pexceptionfactory.create ("H0003"); This is the way to handle the error}catch (Incorrectcredentialsexception ice) {//Password error throw pexceptionfactory.create ("H0004"
);
}catch (Authenticationexception AE) {//account number or password error throw pexceptionfactory.create ("H0007"); Account Resultaccount = Findbyname (Account.getusername ()); Obtain user information according to account Resultaccount.setsessionid (Request.getsession (). GetId ());
Get the SessionID return resultaccount of this session; }
Account
/** * @Description: Account * @Author: HJ * @Date: 14:43 2017/11/8/public class accounts extends Sessionidbean implements
Serializable {private static final long serialversionuid = 1L; Private Integer ID; ID private String username; User name private String password; Password-encrypt private Integer type; Account Type (1-admin 2-Customer service) @JSONField (format = "Yyyy-mm-dd HH:mm:ss") Private Date gmtcreate; Creation time @JSONField (format = "Yyyy-mm-dd HH:mm:ss") Private Date gmtupdate;
Update Time public Integer GetId () {return id;
The public void SetId (Integer id) {this.id = ID;
Public String GetUserName () {return username;
} public void Setusername (String username) {this.username = username;
Public String GetPassword () {return password;
} public void SetPassword (String password) {this.password = password;
Public Integer GetType () {return type; }
public void SetType (Integer type) {this.type = type;
Public Date Getgmtcreate () {return gmtcreate;
The public void Setgmtcreate (Date gmtcreate) {this.gmtcreate = gmtcreate;
Public Date Getgmtupdate () {return gmtupdate;
The public void Setgmtupdate (Date gmtupdate) {this.gmtupdate = gmtupdate; }
}
Sessionidbean
/**
* @Description: SessionId
* @Author: HJ
* @Date: 14:41 2017/11/8/Public
class Sessionidbean Implements serializable{
private String sessionId;
Public String GetSessionID () {return
sessionId;
}
public void Setsessionid (String sessionId) {
This.sessionid = sessionId;
}
}
Front Part
To remember that session state must remember the session ID after logging in, and then bring this ID on each visit, details are as follows