<!--shiro和spring整合-->
<dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-spring</artifactId>
   <version>1.3.2</version>
</dependency>
<!--shiro核心包-->
<dependency>
   <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.3.2</version>
</dependency>

@SpringBootApplication(scanBasePackages = "cn.zhq")
@EntityScan("cn.zhq.system.entity")
public class MyBlogApplication {
  public static void main(String[] args) {
    SpringApplication.run(MyBlogApplication.class);
  }
}

@Mapper
public interface UserMapper {

  /**
   * 根據(jù)Name查詢用戶數(shù)據(jù)
   */
  SysUser findByName(String username);
}

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="cn.zhq.system.mapper.UserMapper">
  <select id="findByName" resultType="sysuser" parameterType="String">
   select * from tb_user where username = #{username}
  </select>
</mapper>

@Autowired
  private UserMapper userMapper;

  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    //1.獲取登錄的用戶名密碼（token）
    UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
    String username = upToken.getUsername();
    String password = new String( upToken.getPassword());
    //2.根據(jù)用戶名查詢數(shù)據(jù)庫
    SysUser user = userMapper.findByName(username);
    //3.判斷用戶是否存在或者密碼是否一致
    if(user != null && user.getPassword().equals(password)) {
      //4.如果一致返回安全數(shù)據(jù)
      //構(gòu)造方法：安全數(shù)據(jù)，密碼，realm域名
      SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,user.getPassword(),this.getName());
      return info;
    }
    //5.不一致，返回null（拋出異常）
    return null;
  }

//配置自定義的Realm
  @Bean
  public AuthRealm getRealm() {
    return new AuthRealm();
  }

  //配置安全管理器
  @Bean
  public SecurityManager securityManager(AuthRealm realm) {
    //使用默認的安全管理器
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm);
    //將自定義的realm交給安全管理器統(tǒng)一調(diào)度管理
    securityManager.setRealm(realm);
    return securityManager;
  }

@Bean
  public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
    //1.創(chuàng)建過濾器工廠
    ShiroFilterFactoryBean filterFactory = new ShiroFilterFactoryBean();
    //2.設(shè)置安全管理器
    filterFactory.setSecurityManager(securityManager);
    //3.通用配置（跳轉(zhuǎn)登錄頁面，為授權(quán)跳轉(zhuǎn)的頁面）
    filterFactory.setLoginUrl("#");//跳轉(zhuǎn)url地址
    filterFactory.setUnauthorizedUrl("#");//未授權(quán)的url
    return filterFactory;
  }

@RequestMapping(value="/login")
  @ResponseBody
  public String login(String username,String password) {
    try{
      Subject subject = SecurityUtils.getSubject();
      UsernamePasswordToken uptoken = new UsernamePasswordToken(username,password);
      subject.login(uptoken);
      return "登錄成功";
    }catch (Exception e) {
      return "用戶名或密碼錯誤";
    }
  }

Md5Hash的參數(shù)代表的含義分別是 加密的內(nèi)容 | 鹽(加密的混淆字符串) | 加密次數(shù)
System.out.println(new Md5Hash("123456","zhangbo",3).toString());