debugException
diff --git a/‎logs/all.log‎
Lines changed: 235 additions & 0 deletions b/‎logs/all.log‎
Lines changed: 235 additions & 0 deletions
diff --git a/‎pom.xml‎
Lines changed: 5 additions & 0 deletions b/‎pom.xml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/main/java/com/xh/basic/bean/Resp.java‎
Lines changed: 4 additions & 0 deletions b/‎src/main/java/com/xh/basic/bean/Resp.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/main/java/com/xh/basic/config/ShiroConfig.java‎
Lines changed: 78 additions & 1 deletion b/‎src/main/java/com/xh/basic/config/ShiroConfig.java‎
Lines changed: 78 additions & 1 deletion
diff --git a/‎src/main/java/com/xh/basic/controller/AdminController.java‎
Lines changed: 13 additions & 1 deletion b/‎src/main/java/com/xh/basic/controller/AdminController.java‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎src/main/java/com/xh/basic/controller/GuestController.java‎
Lines changed: 18 additions & 1 deletion b/‎src/main/java/com/xh/basic/controller/GuestController.java‎
Lines changed: 18 additions & 1 deletion
diff --git a/‎src/main/java/com/xh/basic/controller/LoginController.java‎
Lines changed: 56 additions & 1 deletion b/‎src/main/java/com/xh/basic/controller/LoginController.java‎
Lines changed: 56 additions & 1 deletion
diff --git a/‎src/main/java/com/xh/basic/controller/UserController.java‎
Lines changed: 14 additions & 1 deletion b/‎src/main/java/com/xh/basic/controller/UserController.java‎
Lines changed: 14 additions & 1 deletion
diff --git a/‎src/main/java/com/xh/basic/dao/UserMapper.java‎
Lines changed: 23 additions & 0 deletions b/‎src/main/java/com/xh/basic/dao/UserMapper.java‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎src/main/java/com/xh/basic/model/User.java‎
Lines changed: 43 additions & 0 deletions b/‎src/main/java/com/xh/basic/model/User.java‎
Lines changed: 43 additions & 0 deletions
@@ -104,6 +104,11 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+            <version>1.3.2</version>
+        </dependency>
 
 
     </dependencies>
 
@@ -140,6 +140,10 @@ public static <T>Resp success(){
         return new Resp<T>(SUCCESS_CODE, "请求成功", null);
     }
 
+    public static <T>Resp success(String message){
+        return new Resp<T>(SUCCESS_CODE, message);
+    }
+
     public static <T>Resp success(T result){
         return new Resp<T>(SUCCESS_CODE, "请求成功", result);
     }
 
@@ -1,10 +1,87 @@
 package com.xh.basic.config;
 
+import com.xh.basic.shiro.CustomRealm;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 /**
  * @author szq
  * @Package com.xh.basic.config
- * @Description: to do ...
+ * @Description: Shiro配置类
  * @date 2018/5/214:36
  */
+@Configuration
 public class ShiroConfig {
+
+    private Logger logger = LoggerFactory.getLogger(ShiroConfig.class);
+    /**
+     * 过滤器默认权限表 {anon=anon, authc=authc, authcBasic=authcBasic, logout=logout,
+     * noSessionCreation=noSessionCreation, perms=perms, port=port,
+     * rest=rest, roles=roles, ssl=ssl, user=user}
+     * <p>
+     * anon, authc, authcBasic, user 是第一组认证过滤器
+     * perms, port, rest, roles, ssl 是第二组授权过滤器
+     * <p>
+     * user 和 authc 的不同：当应用开启了rememberMe时, 用户下次访问时可以是一个user, 但绝不会是authc,
+     * 因为authc是需要重新认证的, user表示用户不一定已通过认证, 只要曾被Shiro记住过登录状态的用户就可以正常发起请求,比如rememberMe
+     * 以前的一个用户登录时开启了rememberMe, 然后他关闭浏览器, 下次再访问时他就是一个user, 而不会authc
+     *
+     * @param securityManager 初始化 ShiroFilterFactoryBean 的时候需要注入 SecurityManager
+     */
+    @Bean
+    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
+        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
+        //必须设置 SecurityManager
+        shiroFilterFactoryBean.setSecurityManager(securityManager);
+        //setLoginUrl 默认会自动寻找web工程根目录下的“/login.jsp”页面或“/login”映射
+        shiroFilterFactoryBean.setLoginUrl("/notLogin");
+        //设置无权限时跳转的url
+        shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");
+
+        //设置拦截器
+        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
+        //游客，开发权限
+        filterChainDefinitionMap.put("/guest/**", "anon");
+        //用户，需要角色权限“user”
+        filterChainDefinitionMap.put("/user/**", "roles[user]");
+        //管理员，需要角色权限“admin”
+        filterChainDefinitionMap.put("/admin/**", "roles[admin]");
+        //开发登录接口
+        filterChainDefinitionMap.put("/login", "anon");
+        //其余接口一律拦截
+        //这行代码必须放在所有权限设置的最后，不然会导致所有url都被拦截
+        filterChainDefinitionMap.put("/**", "anon");
+
+        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
+        logger.info("Shiro拦截器工厂类注入成功！");
+        return shiroFilterFactoryBean;
+    }
+
+    /**
+     * 注入securityManager
+     */
+    @Bean
+    public SecurityManager securityManager(){
+        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
+        //设置realm
+        securityManager.setRealm(customRealm());
+        return securityManager;
+    }
+
+    /**
+     * 自定义身份认证 realm
+     * 必须写这个类，并加上@Bean注解，目的是注入CustomRealm，否则会影响CustomRealm类中其他类的依赖注入
+     */
+    @Bean
+    public CustomRealm customRealm(){
+        return new CustomRealm();
+    }
 }
@@ -1,10 +1,22 @@
 package com.xh.basic.controller;
 
+import com.xh.basic.bean.Resp;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
 /**
  * @author szq
  * @Package com.xh.basic.controller
- * @Description: to do ...
+ * @Description: 管理员
  * @date 2018/5/215:42
  */
+@RestController
+@RequestMapping("/admin")
 public class AdminController {
+
+    @RequestMapping(value = "/getMessage", method = RequestMethod.GET)
+    public Resp getMessage(){
+        return new Resp().success("您拥有管理员权限，可以获得该接口的信息！");
+    }
 }
@@ -1,10 +1,27 @@
 package com.xh.basic.controller;
 
+import com.xh.basic.bean.Resp;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
 /**
  * @author szq
  * @Package com.xh.basic.controller
- * @Description: to do ...
+ * @Description: 游客
  * @date 2018/5/215:36
  */
+@RestController
+@RequestMapping("/guest")
 public class GuestController {
+
+    @RequestMapping(value = "/enter", method = RequestMethod.GET)
+    public Resp login(){
+        return new Resp().success("欢迎进入，您的身份是游客。");
+    }
+
+    @RequestMapping(value = "/getMessage", method = RequestMethod.GET)
+    public Resp submitLogin(){
+        return new Resp().success("您用户获得该接口的信息的权限");
+    }
 }
@@ -1,10 +1,65 @@
 package com.xh.basic.controller;
 
+import com.xh.basic.bean.Resp;
+import com.xh.basic.dao.UserMapper;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
 /**
  * @author szq
  * @Package com.xh.basic.controller
- * @Description: to do ...
+ * @Description: 登陆
  * @date 2018/5/215:43
  */
+@RestController
 public class LoginController {
+
+    private final UserMapper userMapper;
+
+    @Autowired
+    public LoginController(UserMapper userMapper){
+        this.userMapper = userMapper;
+    }
+
+    @RequestMapping(value = "/notLogin", method = RequestMethod.GET)
+    public Resp notLogin(){
+        return new Resp().success("您尚未登陆！");
+    }
+
+    @RequestMapping(value = "/notRole", method = RequestMethod.GET)
+    public Resp notRole(){
+        return new Resp().success("您没有权限！");
+    }
+
+    @RequestMapping(value = "/logout", method = RequestMethod.GET)
+    public Resp logout(){
+        Subject subject = SecurityUtils.getSubject();
+        //注销
+        subject.logout();
+        return new Resp().success("成功注销！");
+    }
+
+    @RequestMapping(value = "/login", method = RequestMethod.POST)
+    public Resp login(String username, String password){
+        //从SecurityUtils里边创建一个subject
+        Subject subject = SecurityUtils.getSubject();
+        //在认证提交前准备token令牌
+        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
+        //执行认证登陆
+        subject.login(token);
+        //根据权限指定返回数据
+        String role = userMapper.getRole(username);
+        if ("user".equals(role)){
+            return new Resp().success("欢迎登陆");
+        }
+        if ("admin".equals(role)){
+            return new Resp().success("欢迎来到管理员页面");
+        }
+        return new Resp().success("权限错误");
+    }
 }
@@ -1,10 +1,23 @@
 package com.xh.basic.controller;
 
+import com.xh.basic.bean.Resp;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
 /**
  * @author szq
  * @Package com.xh.basic.controller
- * @Description: to do ...
+ * @Description: 普通登录用户
  * @date 2018/5/215:41
  */
+@RestController
+@RequestMapping("/user")
 public class UserController {
+
+    @RequestMapping(value = "/getMessage", method = RequestMethod.GET)
+    public Resp getMessage() {
+        return new Resp().success("您拥有用户权限，可以获得该接口的信息！");
+    }
+
 }
@@ -0,0 +1,23 @@
+package com.xh.basic.dao;
+
+import com.xh.basic.model.User;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface UserMapper {
+    int deleteByPrimaryKey(String id);
+
+    int insert(User record);
+
+    int insertSelective(User record);
+
+    User selectByPrimaryKey(String id);
+
+    int updateByPrimaryKeySelective(User record);
+
+    int updateByPrimaryKey(User record);
+
+    String getRole(String username);
+
+    String getPassword(String username);
+}
@@ -0,0 +1,43 @@
+package com.xh.basic.model;
+
+public class User {
+    private String id;
+
+    private String username;
+
+    private String password;
+
+    private String role;
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id == null ? null : id.trim();
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username == null ? null : username.trim();
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password == null ? null : password.trim();
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public void setRole(String role) {
+        this.role = role == null ? null : role.trim();
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,10 @@ public static <T>Resp success(){`
`140`	`140`	`return new Resp<T>(SUCCESS_CODE, "请求成功", null);`
`141`	`141`	`}`
`142`	`142`
	`143`	`+ public static <T>Resp success(String message){`
	`144`	`+ return new Resp<T>(SUCCESS_CODE, message);`
	`145`	`+ }`
	`146`	`+`
`143`	`147`	`public static <T>Resp success(T result){`
`144`	`148`	`return new Resp<T>(SUCCESS_CODE, "请求成功", result);`
`145`	`149`	`}`