<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.6</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
// 权限管理——拦截器或过滤器
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
public class CustomRealm extends AuthorizingRealm {
Map<String, String> userMap = new HashMap<>(16);
{
userMap.put("Mark", "283538989cef48f3d7d8a1c1bdf2008f");
super.setName("customRealm");
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String userName = (String) principalCollection.getPrimaryPrincipal();
// 从数据库或者缓存中获取角色数据
Set<String> roles = getRolesByUserName(userName);
Set<String> permissions = getPermissionsByUserName(userName);
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setStringPermissions(permissions);
simpleAuthorizationInfo.setRoles(roles);
return simpleAuthorizationInfo;
}
private Set<String> getPermissionsByUserName(String userName) {
Set<String> sets = new HashSet<>();
sets.add("user:delete");
sets.add("user:add");
return sets;
}
private Set<String> getRolesByUserName(String userName) {
Set<String> sets = new HashSet<>();
sets.add("admin");
sets.add("user");
return sets;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 1. 从主体传过来的认证信息中,获得用户名
String userName = (String) authenticationToken.getPrincipal();
// 2. 通过用户名到数据库中获取凭证
String password = getPasswordByUserName(userName);
if (password == null) {
return null;
}
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo("Mark", password, "customRealm");
authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("Mark"));
return authenticationInfo;
}
private String getPasswordByUserName(String userName) {
return userMap.get(userName);
}
public static void main(String[] args) {
Md5Hash md5Hash = new Md5Hash("123456", "Mark");
System.out.println(md5Hash.toString());
}
}
<import resource="spring-dao.xml" />
<context:component-scan base-package="com.imooc" />
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="login.html" />
<property name="unauthorizedUrl" value="403.html" />
<property name="filterChainDefinitions">
<value>
/login.html = anon
/subLogin = anon
/* = authc
</value>
</property>
</bean>
// 创建SecurityManager对象
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="realm" />
</bean>
<bean class="com.imooc.shiro.realm.CustomRealm" id="realm">
<property name="credentialsMatcher" ref="credentialsMatcher" />
</bean>
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher" id="credentialsMathcer">
<property name="hashAlgorithmName" value="md5" />
<property name="hashIterations" value="1" />
</bean>
<context:component-scan base-package="com.imooc.controller" />
<mvc:annotation-driven />
<mvc:resource mapping="/*" location="/" />
<html>
<body>
<h2>欢迎光临,这里是慕课shiro教程</h2>
</body>
</html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<form action="subLogin" method="post">
用户名:<input type="text" name="username" /><br>
密码:<input type="password" name="password" /><br>
<input type="submit" value="登录">
</form>
</body>
</html>
@Controller
public class UserController {
@RequestMapping(value = "/subLogin", method = RequestMethod.POST, produces = "application/json;charset=utf-8")
@ResponseBody
public String subLogin(User user) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
try {
subject.login(token);
} catch (AuthenticationException e) {
return e.getMessage();
}
if (subject.hasRole("admin")) {
return "有admin权限";
}
return "无admin权限";
}
}
public class User {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
Shiro集成Spring——从数据库获取数据
<bean class="com.alibaba.druid.pool.DruidDataSource">
<property name="url" value="jdbc:mysql://localhost:3306/test" />
<property name="username" value="root" />
<property name="password" value="root" />
</bean>
<bean class="org.springframework.jdbc.core.JdbcTemplate" id="jdbcTemplate">
<property name="datasource" ref="datasource" />
</bean>
@Resource
private JdbcTemplate jdbcTemplate;
@Override
public User getUserByUserName(String userName) {
String sql = "select username, password from users where username = ?";
List<User> list = jdbcTemplate.query(sql, new String[]{userName}, new RowMapper<User>() {
@Override
public User mapRow(ResultSet resultSet, int i) throws SQLException {
User user = new User();
user.setUsername(resultSet.getString("username"));
user.setPassword(resultSet.getString("password"));
return user;
}
});
if (CollectionUtils.isEmpty(list)) {
return null;
}
return list.get(0);
}
@Override
public List<String> queryRolesByUserName(String userName) {
String sql = "select role_name from user_roles where username = ?";
return jdbcTemplate.query(sql, new String[]{userName}, new RowMapper<String>(){
@Override
public String mapRow(ResultSet resultSet, int i) throws SQLException {
return resultSet.getString("role_name");
}
});
}
public class CustomRealm extends AuthorizingRealm {
@Resource
private UserDao userDao;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 1. 从主体传过来的认证信息中,获得用户名
String userName = (String) authenticationToken.getPrincipal();
// 2. 通过用户名到数据库中获取凭证
String password = getPasswordByUserName(userName);
if (password == null) {
return null;
}
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(userName, password, "customRealm");
authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(userName));
return authenticationInfo;
}
private Set<String> getRolesByUserName(String userName) {
List<String> list = userDao.queryRolesByUserName(userName);
Set<String> sets = new HashSet<>();
return sets;
}
private String getPasswordByUserName(String userName) {
User user = userDao.getUserByUserName(userName);
if (user != null) {
return users.getPassword();
}
return null;
}
public static void main(String[] args) {
Md5Hash md5Hash = new Md5Hash("123456", "Mark");
System.out.println(md5Hash.toString());
}
}