<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="cn.mldn.dao.IMemberDAO"> <insert id="doCreate" parameterType="Member"> INSERT INTO member(mid,name,age,salary,birthday,note) VALUES (#{mid},#{name},#{age},#{salary},#{birthday},#{note}); </insert> <select id="findAllSplit" parameterType="java.util.Map" resultType="Member"> SELECT mid,name,age,salary,birthday,note FROM member <where> <if test="column != null and keyword != null"> ${column} LIKE #{keyWord} </if> </where> LIMIT #{start},#{lineSize} </select> </mapper>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="cn.mldn.dao.IMemberDAO"> <!-- 是进行登录认证使用的,即,根据身份信息取得密码进行认证 --> <select id="findById" parameterType="String" resultType="Member"> SELECT mid,password,name FROM member WHERE mid=#{mid} </select> <!-- 根据用户名查询出该用户对用的所有角色的标记名称(千万不要用中文) --> <select id="findAllRoleByMember" parameterType="String" resultType="String"> SELECT flag FROM role WHERE rid IN ( SELECT rid FROM member_role WHERE mid=#{mid}) </select> <!-- 查询出一个用户对应的所有的权限数据 --> <select id="findAllActionByMmember" parameterType="String" resultType="String"> SELECT flag FROM action WHERE actid IN ( SELECT actid FROM role_action WHERE rid IN ( SELECT rid FROM member_role WHERE mid = #{mid})) </select> </mapper>
package cn.mldn.dao; import java.util.Set; import cn.mldn.vo.Member; public interface IMemberDAO { public Member findById(String mid); public Set<String> findAllRoleByMember(String mid); public Set<String> findAllActionByMember(String mid); }
package cn.mldn.service; import java.util.Map; import cn.mldn.vo.Member; public interface IMemberService { /** * 此方法是留给Realm进行用户认证使用的,目的是根据用户名取得密码数据 * @param mid * @return * @throws Exception */ public Member get(String mid) throws Exception; /** * 此方法是留给Realm实现授权处理的,主要要根据用户ID查询出所有的角色以及所有对应权限 * @param mid * @return 返回的数据包含有两个内容:<br> * <li>key = allRoles、value = 所有的用户角色:</li> * <li>key = allActions、value = 所有的用户权限。</li> * @throws Exception */ public Map<String,Object> listAuthByMember(String mid) throws Exception; }
写实现子类的时候最好使用自动的注入方式完成。
package cn.mldn.service.impl; import java.util.HashMap; import java.util.Map; import javax.annotation.Resource; import org.springframework.stereotype.Service; import cn.mldn.dao.IMemberDAO; import cn.mldn.service.IMemberService; import cn.mldn.vo.Member; @Service public class IMemberServiceImpl implements IMemberService { @Resource private IMemberDAO memberDAO ; @Override public Member get(String mid) throws Exception { // TODO Auto-generated method stub return this.memberDAO.findById(mid); } @Override public Map<String, Object> listAuthByMember(String mid) throws Exception { // TODO Auto-generated method stub Map<String,Object> map = new HashMap<String,Object>(); map.put("allRoles", this.memberDAO.findAllRoleByMember(mid)); map.put("allActions", this.memberDAO.findAllActionByMember(mid)); return map; } }
package cn.mldn.realm; import java.util.Map; import java.util.Set; import javax.annotation.Resource; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.stereotype.Component; import cn.mldn.service.IMemberService; import cn.mldn.service.MemberLoginService; import cn.mldn.vo.Member; @Component public class MemberRealm extends AuthorizingRealm { @Resource private IMemberService memberService; @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { // TODO Auto-generated method stub System.out.println("************* 1、用户登陆认证:doGetAuthenticationInfo() *************"); // 1、 登录认证的方法需要先执行,需要用他来判断登录的用户信息是否合法 String username = (String) token.getPrincipal(); // 需要通过用户名取得用户的完整信息,利用业务层操作 MemberLoginService service = new MemberLoginService(); //Member vo = new MemberLoginService().get(username); // 需要取得的是用户的信息 //Member vo = service.get(username); // 需要取得的是用户的信息 Member vo = null; try { vo = this.memberService.get(username); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } //service.close(); if(vo == null) { throw new UnknownAccountException("该用户名称不存在!"); } else { // 进行密码的验证处理 //String password = new String((char [])token.getPrincipal()); String password = new String((char []) token.getCredentials()); // 将数据库中的密码与输入的密码进行比较,这样就可以确定当前用户是否可以正常登陆 if (vo.getPassword().equals(password)){ // 密码正确 AuthenticationInfo auth = new SimpleAuthenticationInfo(username, password, "memberRealm"); return auth ; } else { throw new IncorrectCredentialsException("密码错误!"); } } } @SuppressWarnings("unchecked") @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { // TODO Auto-generated method stub System.out.println("*************2、用户角色与权限:doGetAuthorizationInfo() *************"); String username = (String) principals.getPrimaryPrincipal(); // 取得用户登录名 //AuthorizationInfo auth = new SimpleAuthorizationInfo(); // 定义授权信息的返回数据 SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo(); // 定义授权信息的返回数据 //MemberLoginService service = new MemberLoginService();// 进行业务层处理 try{ Map<String,Object> map = this.memberService.listAuthByMember(username); //auth.setRoles(service.listRolesByMember(username));// 所有的角色必须以Set集合的形式出现 //auth.setStringPermissions(service.listActionsByMember(username));// 所有的权限必须以Set集合的形式出现 //auth.setRoles((Set<String>) map.get("allRoles"));// 所有的角色必须以Set集合的形式出现 //auth.setStringPermissions((Set<String>) map.get("allActions"));// 所有的权限必须以Set集合的形式出现 Set<String> allRoles = (Set<String>) map.get("allRoles");// 所有的角色必须以Set集合的形式出现 Set<String> allActions = (Set<String>) map.get("allActions");// 所有的权限必须以Set集合的形式出现 auth.setRoles(allRoles);// 所有的角色必须以Set集合的形式出现 auth.setStringPermissions(allActions);// 所有的权限必须以Set集合的形式出现 } catch (Exception e) { e.printStackTrace(); } //service.close(); return auth; } }
Realm用@Component自动注入
<!-- 配置SecuityManager的管理 --> <bean id="securityManager" class="org.apache.shiro.mgt.DefaultSecurityManager"> <!-- 配置你需要使用的Realms --> <property name="realm" ref="memberRealm"></property> </bean>
<!-- shiro里面需要针对于所有的路径进行配置,所有的配置需要通过文本的形式设置 --> <property name="filterChainDefinitionMap"> <value> /*=anon /shiroLogin=anon /messages/**=authc /admin*=authc /pages/welcome.jsp=authc,perms[member:add],perms[dept:add] </value> </property>
<!-- shiro里面需要针对于所有的路径进行配置,所有的配置需要通过文本的形式设置 --> <property name="filterChainDefinitionMap"> <value> /*=anon /shiroLogin.action=anon /messages/**=authc /admin*=authc /pages/welcome.jsp=authc,perms[member:add],perms[dept:add] </value> </property>
不要用filterChainDefinitionMap,要用filterChainDefinitions
