zoukankan      html  css  js  c++  java
  • (三)Shiro整合SSM实践

    maven工程的pom文件引入相关的依赖就不赘述了。下面开始过程:
    shiro本质还是过滤器所以,
    首先在web.xml中进行如下配置:

    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    

    然后spring-shiro.xml的配置大致如下:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    	xmlns:p="http://www.springframework.org/schema/p" xmlns:aop="http://www.springframework.org/schema/aop"
    	xmlns:tx="http://www.springframework.org/schema/tx"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context.xsd
            http://www.springframework.org/schema/aop
            http://www.springframework.org/schema/aop/spring-aop.xsd
            http://www.springframework.org/schema/tx
            http://www.springframework.org/schema/tx/spring-tx.xsd">
        <!-- 自定义的Realm实现 -->    
        <bean id="bugeasyRealm" class="bugeasy.shiro.BugeasyRealm"></bean>
    	<!-- 安全管理器 -->
    	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    		<property name="realm" ref="bugeasyRealm" />
    		<property name="sessionManager" ref="sessionManager" />
            <property name="cacheManager" ref="cacheManager"/>
    	</bean>
    	
    	<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"/>
    
    	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    		<property name="securityManager" ref="securityManager" />
    		<property name="loginUrl" value="/pages/login.jsp"></property>
    		<property name="successUrl" value="/pages/main.jsp"/>
    		<property name="unauthorizedUrl" value="/pages/unauthorized.jsp"/>
    		
    		<property name="filterChainDefinitions">
    		<!-- 
    			anon 访客访问;
    			authc 认证通过即可;
    			user  记住的或者认证通过的;
    		 -->
    			<value>
    				/user/login = anon
    				/js/** = anon
    				/images/** = anon
    				/index.jsp = anon
    				/pages/register.jsp = anon  
    	            /pages/login.jsp = anon 
    	            /logout = logout
    	            /pages/test/testFileUpload.jsp = anon 
    	            /file/upload = anon
    	            /** = authc
    			</value>
    			
    		</property>
    	</bean>
    	
    	<!-- 基于Form表单的身份验证过滤器,不配置将也会注册此过虑器,表单中的用户账号、密码及loginurl将采用默认值,建议配置 -->
        <!-- <bean id="formAuthenticationFilter"
            class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
            表单中账号的input名称
            <property name="usernameParam" value="usercode" />
            表单中密码的input名称
            <property name="passwordParam" value="password" />
            <property name="rememberMeParam" value="rememberMe"/>
            loginurl:用户登陆地址,此地址是可以http访问的url地址
            <property name="loginUrl" value="/user/login" />
        </bean> -->
    
    	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
    
    	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
    		<property name="proxyTargetClass" value="true"/>
    	</bean>
        
    	    
    	
    	<!-- 会话ID生成器 -->  
    	<bean id="sessionIdGenerator"   
    	class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>  
    	<!-- 会话DAO -->  
    	<bean id="sessionDAO"   
    	class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">  
    	    <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>  
    	    <property name="sessionIdGenerator" ref="sessionIdGenerator"/>  
    	</bean>  
    	<!-- 会话验证调度器 -->  
    	<bean id="sessionValidationScheduler"   
    	class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">  
    	    <property name="sessionValidationInterval" value="1800000"/>  
    	    <property name="sessionManager" ref="sessionManager"/>  
    	</bean>  
    	<!-- 会话Cookie模板 -->  
    	<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">  
    	    <!-- <constructor-arg value="sid"/>  --> 
    	    <property name="httpOnly" value="true"/>  
    	    <property name="maxAge" value="180000"/> 
    	    <constructor-arg name="name" value="shiro.sesssion"/>
        	<property name="path" value="/"/> 
    	</bean>  
    	<!-- 会话管理器 -->  
    	<bean id="sessionManager"   
    		class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">  
    	    <property name="globalSessionTimeout" value="1800000"/>  
    	    <property name="deleteInvalidSessions" value="true"/>  
    	    <property name="sessionValidationSchedulerEnabled" value="true"/>  
    	    <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>  
    	    <property name="sessionDAO" ref="sessionDAO"/>  
    	    <property name="sessionIdCookieEnabled" value="true"/>  
    	    <property name="sessionIdCookie" ref="sessionIdCookie"/>  
    	</bean> 
    	
    	
    </beans>
    

    注意:如果用shiro的注解,需要在spring-mvc.xml中配置下面:

    <!-- 开启shiro注解的支持。 -->
        <aop:config proxy-target-class="true"></aop:config> 
        <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        	<property name="securityManager" ref="securityManager"/>
        </bean>
    

    自定义的Realm类:

    public class BugeasyRealm extends AuthorizingRealm {
    	
    	@Autowired
    	private UserService userService;
    	
    	@Autowired
    	private RoleService roleService;
    
    	@Override
    	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    		
    		System.out.println("--------------------------开始授权认证---------------------------------");
    		//授权
    		String username = (String)principals.getPrimaryPrincipal();
    
            SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
            
            Set<String> roles = userService.getUserRoleByName(username);
            authorizationInfo.setRoles(roles);
            
            Set<String> permissions = roleService.getRolePermissionsByRoleIds(username);
            authorizationInfo.setStringPermissions(permissions);
            
            return authorizationInfo;
    	}
    
    	@Override
    	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    		
    		//身份认证
    		String name = (String) token.getPrincipal();
    		String password = new String( (char[])token.getCredentials());
    		UserBean userBean = new UserBean();
    		userBean.setName(name);
    		userBean.setPassword(password);
    		
    		UserBean hasBean = userService.getUserByNameAndPwd(userBean);
    		if(hasBean == null){
    			throw new UnknownAccountException();//没找到帐号
    		}
    		AuthenticationInfo info = new SimpleAuthenticationInfo(name,password,"bugeasyRealm");
    		return info;
    	}
    
    }
    
    

    service、dao代码暂时省去。

    controller代码如下:

    @PostMapping(path="/login")
    public ModelAndView loginByShiro(HttpServletRequest request, HttpServletResponse response,@ModelAttribute("user") UserBean user){
    	ModelAndView mv = new ModelAndView();
    	if(user != null){
    		Subject subject = SecurityUtils.getSubject();  
    	    UsernamePasswordToken token = new UsernamePasswordToken(user.getName(), user.getPassword());
    	    try{
    	    	subject.login(token);
    	    	mv.addObject("user", user);
    	    	mv.addObject("userName", user.getName());
    	    	
    	    	mv.setViewName("/main");
    	    }catch(Exception e){
    	    	e.printStackTrace();
    	    	mv.addObject("errmsg", "登录的用户名/密码错误,请重新登录");
    	    	mv.setViewName("/login");
    	    }
    	    return mv;
    	      
    	}
    	return mv;
    }
    

    JSP页面如果使用标签,需要引入:

    <%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
    

    这样,就完成了和ssm的整合,项目中就可以使用编程式、注解、JSP标签进行shiro的使用了。

  • 相关阅读:
    【linux】驱动-13-阻塞与非阻塞
    【linux】驱动-12-并发与竞态
    【linux】驱动-11-gpio子系统
    【linux】驱动-10-pinctrl子系统
    【linux】驱动-9-设备树插件
    手写Java分页模块
    JDBC连接与自定义线程池
    类加载器
    网络编程之TCP
    网络编程之UDP
  • 原文地址:https://www.cnblogs.com/Kevin-1992/p/12608388.html
Copyright © 2011-2022 走看看