zoukankan      html  css  js  c++  java
  • Shiro学习笔记六(自定义Reaml-使用数据库设置 user roles permissions)

    1.工程目录

    pom文件还和以前设置的一样就是添加了一个数据库驱动,

     <dependencies>
        <dependency>
          <groupId>junit</groupId>
          <artifactId>junit</artifactId>
          <version>3.8.1</version>
          <scope>test</scope>
        </dependency>
        
        <!-- 添加servlet支持 -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
        </dependency>
        
        <dependency>
            <groupId>javax.servlet.jsp</groupId>
            <artifactId>javax.servlet.jsp-api</artifactId>
            <version>2.3.1</version>
        </dependency>
        
        <!-- 添加jstl支持 -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
        
        <!-- 添加日志支持 -->
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.17</version>
        </dependency>
        
        
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        
        <!-- 添加shiro支持 -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.2.4</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.2.4</version>
        </dependency>
        
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
            <version>1.7.12</version>
        </dependency>
        
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.37</version>
        </dependency>
        
        
      </dependencies>

    shiro.ini中的配置

    [main]
    authc.loginUrl=/login
    roles.unauthorizedUrl=/unauthorized.jsp
    perms.unauthorizedUrl=/unauthorized.jsp
    
    
    myRealm=com.zuoyan.shiro.realm.MyRealm
    securityManager.realms=$myRealm
    
    [urls]
    /login=anon
    /admin*=authc
    /student=roles[teacher]
    /teacher=perms["user:create"]

    简单的解释说明一下Realm,这个我解释不清楚,就引用了别人博客上面的

    对于什么是Realm,我使用过之后,个人总结一下:shiro要进行身份验证,就要从realm中获取相应的身份信息来进行验证,简单来说,我们可以自行定义realm,在realm中,从数据库获取身份信息,然后和 用户输入的身份信息进行匹配。这一切都由我们自己来定义。

    下面就贴出我们自定义realm 的代码

     1 package com.zuoyan.shiro.realm;
     2 
     3 import java.sql.Connection;
     4 
     5 import org.apache.shiro.authc.AuthenticationException;
     6 import org.apache.shiro.authc.AuthenticationInfo;
     7 import org.apache.shiro.authc.AuthenticationToken;
     8 import org.apache.shiro.authc.SimpleAuthenticationInfo;
     9 import org.apache.shiro.authz.AuthorizationInfo;
    10 import org.apache.shiro.authz.SimpleAuthorizationInfo;
    11 import org.apache.shiro.realm.AuthorizingRealm;
    12 import org.apache.shiro.subject.PrincipalCollection;
    13 
    14 import com.zuoyan.shiro.dao.UserDao;
    15 import com.zuoyan.shiro.entity.User;
    16 import com.zuoyan.shiro.utils.DbUtil;
    17 
    18 public class MyRealm extends AuthorizingRealm{
    19 
    20     private UserDao userDao=new UserDao();
    21     private DbUtil dbUtil=new DbUtil();
    22     
    23     /*
    24      * 用于授权
    25      */
    26     @Override
    27     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    28         String userName=(String)principals.getPrimaryPrincipal();
    29         SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
    30         Connection con=null;
    31         try{
    32             con=dbUtil.getCon();
    33             authorizationInfo.setRoles(userDao.getRoles(con,userName));
    34             authorizationInfo.setStringPermissions(userDao.getPermissions(con,userName));
    35         }catch(Exception e){
    36             e.printStackTrace();
    37         }finally{
    38             try {
    39                 dbUtil.closeCon(con);
    40             } catch (Exception e) {
    41                 // TODO Auto-generated catch block
    42                 e.printStackTrace();
    43             }
    44         }
    45         return authorizationInfo;
    46     }
    47     
    48     /*
    49      * 用于认证
    50      */
    51 
    52     @Override
    53     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    54         String userName=(String)token.getPrincipal();
    55         Connection con=null;
    56         try{
    57             con=dbUtil.getCon();
    58             User user=userDao.getByUserName(con, userName);
    59             if(user!=null){
    60                 AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx");
    61                 return authcInfo;
    62             }else{
    63                 return null;
    64             }
    65         }catch(Exception e){
    66             e.printStackTrace();
    67         }finally{
    68             try {
    69                 dbUtil.closeCon(con);
    70             } catch (Exception e) {
    71                 // TODO Auto-generated catch block
    72                 e.printStackTrace();
    73             }
    74         }
    75         return null;
    76     }
    77 
    78 }
    AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx");
    对于这句话,我一开始的理解就是 先查出来标准的账号密码在自定义中的Realm中进行比对,但是正确的是这里设置的是标准的账号密码
    比对应该是在下一步

    UserDao的就是在数据库中进行查找
     1 package com.zuoyan.shiro.dao;
     2 
     3 import java.sql.Connection;
     4 import java.sql.PreparedStatement;
     5 import java.sql.ResultSet;
     6 import java.util.HashSet;
     7 import java.util.Set;
     8 
     9 import com.zuoyan.shiro.entity.User;
    10 
    11 
    12 
    13 public class UserDao {
    14 
    15     public User getByUserName(Connection con,String userName)throws Exception{
    16         User resultUser=null;
    17         String sql="select * from t_user where userName=?";
    18         PreparedStatement pstmt=con.prepareStatement(sql);
    19         pstmt.setString(1, userName);
    20         ResultSet rs=pstmt.executeQuery();
    21         if(rs.next()){
    22             resultUser=new User();
    23             resultUser.setId(rs.getInt("id"));
    24             resultUser.setUserName(rs.getString("userName"));
    25             resultUser.setPassword(rs.getString("password"));
    26         }
    27         return resultUser;
    28     }
    29 
    30     public Set<String> getRoles(Connection con, String userName) throws Exception{
    31         Set<String> roles=new HashSet<String>();
    32         String sql="select * from t_user u,t_roles r where u.roleId=r.id and u.userName=?";
    33         PreparedStatement pstmt=con.prepareStatement(sql);
    34         pstmt.setString(1, userName);
    35         ResultSet rs=pstmt.executeQuery();
    36         while(rs.next()){
    37             roles.add(rs.getString("roleName"));
    38         }
    39         return roles;
    40     }
    41 
    42     public Set<String> getPermissions(Connection con, String userName)throws Exception {
    43         Set<String> permissions=new HashSet<String>();
    44         String sql="select * from t_user u,t_roles r,t_permission p where u.roleId=r.id and p.roleId=r.id and u.userName=?";
    45         PreparedStatement pstmt=con.prepareStatement(sql);
    46         pstmt.setString(1, userName);
    47         ResultSet rs=pstmt.executeQuery();
    48         while(rs.next()){
    49             permissions.add(rs.getString("permissionName"));
    50         }
    51         return permissions;
    52     }
    53 }

  • 相关阅读:
    java 用代码实现判断字符串的开头和结尾
    java基础 1-path
    C#基础(语句 for循环)
    C#基础(数组)
    C#基础(语句 if else)
    C#基础(变量、常量、运算符)
    继承-person
    继承-字母表
    继承-monkey
    继承-people
  • 原文地址:https://www.cnblogs.com/kangxinxin/p/7965608.html
Copyright © 2011-2022 走看看