zoukankan      html  css  js  c++  java
  • shiro实战(2)--ssm

    一、web.xml的配置

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://xmlns.jcp.org/xml/ns/javaee"
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
    id="WebApp_ID" version="3.1">
    <display-name>shiro_ssm</display-name>
    <!-- spring的配置文件 -->
    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    classpath:applicationContext.xml,
    classpath:applicationContext-shiro.xml
    </param-value>
    </context-param>
    <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    
    

    <!-- spring mvc核心:分发servlet -->
    <servlet>
    <servlet-name>mvc-dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <!-- spring mvc的配置文件 -->
    <init-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:springMVC.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
    </servlet-mapping>

    
    

    <!-- Shiro配置 -->
    <filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
    <param-name>targetFilterLifecycle</param-name>
    <param-value>true</param-value>
    </init-param>
    </filter>
    <filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    </web-app>

     

    二、数据库访问配置文件applicationContext.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <context:annotation-config />
    <context:component-scan base-package="com.yuanbo.service"></context:component-scan>

    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName">
    <value>com.mysql.jdbc.Driver</value>
    </property>
    <property name="url">
    <value>jdbc:mysql://127.0.0.1:3306/shiro?serverTimezone=GMT%2B8</value>
    </property>
    <property name="username">
    <value>root</value>
    </property>
    <property name="password">
    <value>123456</value>
    </property>
    </bean>

    <bean id="sqlSession" class="org.mybatis.spring.SqlSessionFactoryBean">
    <property name="typeAliasesPackage" value="com.yuanbo.pojo"></property>
    <property name="dataSource" ref="dataSource"></property>
    <property name="mapperLocations" value="classpath:com/yuanbo/mapper/*.xml"></property>
    </bean>

    <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
    <property name="basePackage" value="com.yuanbo.mapper"></property>
    </bean>
    </beans>

     

    三、shiro配置文件applicationContext-shiro.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util"
        xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"
        xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx
        http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/aop
        http://www.springframework.org/schema/aop/spring-aop-3.2.xsd http://www.springframework.org/schema/util 
        http://www.springframework.org/schema/util/spring-util.xsd">
        
        <!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <!-- 调用我们配置的权限管理器 -->
            <property name="securityManager" ref="securityManager" />
            <!-- 配置我们的登录请求地址 -->
            <property name="loginUrl" value="/login" />
            <!-- 如果您请求的资源不再您的权限范围,则跳转到/403请求地址 -->
            <property name="unauthorizedUrl" value="/unauthorized" />
            <!-- 退出 -->
            <property name="filters">
                <util:map>
                    <entry key="logout" value-ref="logoutFilter" />
                </util:map>
            </property>
            <!-- 权限配置 -->
            <property name="filterChainDefinitions">
                <value>
                    <!-- anon表示此地址不需要任何权限即可访问 -->
                    /login=anon
                    /index=anon
                    /static/**=anon
                    /doLogout=logout
                    <!--所有的请求(除去配置的静态资源请求或请求地址为anon的请求)都要通过登录验证,如果未登录则跳到/login -->
                    /** = authc
                </value>
            </property>
        </bean>
        <!-- 退出过滤器 -->
        <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
            <property name="redirectUrl" value="/index" />
        </bean>
    
        <!-- 会话ID生成器 -->
        <bean id="sessionIdGenerator"
            class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />
        <!-- 会话Cookie模板 关闭浏览器立即失效 -->
        <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
            <constructor-arg value="sid" />
            <property name="httpOnly" value="true" />
            <property name="maxAge" value="-1" />
        </bean>
        <!-- 会话DAO -->
        <bean id="sessionDAO"
            class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
            <property name="sessionIdGenerator" ref="sessionIdGenerator" />
        </bean>
        <!-- 会话验证调度器,每30分钟执行一次验证 ,设定会话超时及保存 -->
        <bean name="sessionValidationScheduler"
            class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
            <property name="interval" value="1800000" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
        <!-- 会话管理器 -->
        <bean id="sessionManager"
            class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
            <!-- 全局会话超时时间(单位毫秒),默认30分钟 -->
            <property name="globalSessionTimeout" value="1800000" />
            <property name="deleteInvalidSessions" value="true" />
            <property name="sessionValidationSchedulerEnabled" value="true" />
            <property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
            <property name="sessionDAO" ref="sessionDAO" />
            <property name="sessionIdCookieEnabled" value="true" />
            <property name="sessionIdCookie" ref="sessionIdCookie" />
        </bean>
    
        <!-- 安全管理器 -->
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="databaseRealm" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
        <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
        <bean
            class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
            <property name="staticMethod"
                value="org.apache.shiro.SecurityUtils.setSecurityManager" />
            <property name="arguments" ref="securityManager" />
        </bean>
    
        <bean id="databaseRealm" class="com.yuanbo.realm.DatabaseRealm">
        </bean>
        
        <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
    </beans> 

    四、springmvc基本配置springMVC.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
        xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:mvc="http://www.springframework.org/schema/mvc"
        xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
            http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
            http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
            http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
         
         <context:annotation-config />
         <context:component-scan base-package="com.yuanbo.controller">
             <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
         </context:component-scan>
         
         <mvc:annotation-driven/>
         
         <mvc:default-servlet-handler/>
         
         <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
             <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property>
             <property name="prefix" value="/WEB-INF/jsp"></property>
             <property name="suffix" value=".jsp"></property>
         </bean>
         
         <!-- 启用shiro注解 -->
         <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
                 depends-on="lifecycleBeanPostProcessor">
             <property name="proxyTargetClass" value="true"></property>
         </bean>
         <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
             <property name="securityManager" ref="securityManager"></property>
         </bean>
         
         <!-- 控制器异常处理 -->
         <bean id="exceptionHandlerExceptionResolver" class="org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver"></bean>
         <bean class="com.yuanbo.exception.DefaultExceptionHandler"></bean>
    
    </beans>

    五、日志文件log4j.properties

    # Global logging configuration
    log4j.rootLogger=ERROR, stdout
    # MyBatis logging configuration...
    log4j.logger.com.yuanbo=TRACE
    # Console output...
    log4j.appender.stdout=org.apache.log4j.ConsoleAppender
    log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
    log4j.appender.stdout.layout.ConversionPattern=%5p [%t] - %m%n

    六、PageController

    package com.yuanbo.controller;
    
    import org.apache.shiro.authz.annotation.RequiresPermissions;
    import org.apache.shiro.authz.annotation.RequiresRoles;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    
    @Controller
    @RequestMapping("")
    public class PageController {
    
        @RequestMapping("index")
        public String index() {
            return "index";
        }
        
        @RequiresPermissions("deleteOrder")
        @RequestMapping("deleteOrder")
        public String deleteOrder() {
            return "deleteOrder";
        }
        
        @RequiresRoles("productManager")
        @RequestMapping("deleteProduct")
        public String deleteProduct() {
            return "deleteProduct";
        }
        
        @RequestMapping("listProduct")
        public String listProduct() {
            return "listProduct";
        }
        
        @RequestMapping(value="/login",method=RequestMethod.GET)
        public String login() {
            return "login";
        }
        
        @RequestMapping("unauthorized")
        public String noPerms() {
            return "unauthorized";
        }
        
    }

    七、LoginController

    package com.yuanbo.controller;
    
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.session.Session;
    import org.apache.shiro.subject.Subject;
    import org.springframework.stereotype.Controller;
    import org.springframework.ui.Model;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    
    @Controller
    @RequestMapping("")
    public class LoginController {
    
        @RequestMapping(value = "/login", method = RequestMethod.POST)
        public String login(Model model, String name, String password) {
            Subject subject = SecurityUtils.getSubject();
            UsernamePasswordToken token = new UsernamePasswordToken(name, password);
            try {
                subject.login(token);
                Session session = subject.getSession();
                session.setAttribute("subject", subject);
                return "redirect:index";
            } catch (Exception e) {
                model.addAttribute("error","验证失败");
                return "login";
            }
        }
    
    }

    八、realm

    package com.yuanbo.realm;
    
    import java.util.Set;
    
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.authz.SimpleAuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.springframework.beans.factory.annotation.Autowired;
    
    import com.yuanbo.service.PermissionService;
    import com.yuanbo.service.RoleService;
    import com.yuanbo.service.UserService;
    
    public class DatabaseRealm extends AuthorizingRealm {
    
        @Autowired
        private UserService userService;
        @Autowired
        private RoleService roleService;
        @Autowired
        private PermissionService permissionService;
    
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            String userName = principalCollection.getPrimaryPrincipal().toString();
            Set<String> roles = roleService.listRoles(userName);
            Set<String> permissions = permissionService.listPermissions(userName);
    
            SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
            authorizationInfo.setRoles(roles);
            authorizationInfo.setStringPermissions(permissions);
            return authorizationInfo;
        }
    
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            UsernamePasswordToken t = (UsernamePasswordToken) token;
            String userName = t.getUsername();
            String password = t.getPassword().toString();
            String passwordInDB = userService.getPassword(userName);
    
            if (passwordInDB == null || !password.equals(passwordInDB))
                throw new AuthenticationException();
            SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(userName, password, getName());
            return authenticationInfo;
        }
    
    }

    九、exception

    package com.yuanbo.exception;
    
    import org.apache.shiro.authz.UnauthorizedException;
    import org.springframework.http.HttpStatus;
    import org.springframework.web.bind.annotation.ControllerAdvice;
    import org.springframework.web.bind.annotation.ExceptionHandler;
    import org.springframework.web.bind.annotation.ResponseStatus;
    import org.springframework.web.context.request.NativeWebRequest;
    import org.springframework.web.servlet.ModelAndView;
    
    @ControllerAdvice
    public class DefaultExceptionHandler {
    
        @ExceptionHandler({ UnauthorizedException.class })
        @ResponseStatus(HttpStatus.UNAUTHORIZED)
        public ModelAndView processUnauthenticatedException(NativeWebRequest request, UnauthorizedException exception) {
            ModelAndView mav = new ModelAndView();
            mav.addObject("ex", exception);
            mav.setViewName("unauthorized");
            return mav;
        }
    
    }

    最后,推荐一个java学习平台吧,感觉挺不错的,写得挺细的,还有问答,可以解疑

    https://how2j.cn/k/shiro/shiro-ssm/1727.html?p=81485

  • 相关阅读:
    剑指 Offer 53
    Visual Studio Ultimate 2013
    手把手教你如何把java代码,打包成jar文件以及转换为exe可执行文件
    DirectX的Vertex Buffer顶点缓冲的理解和应用 Shader必知必会
    Qt5.2中的android环境搭建
    JavaScript的基础学习篇
    九月十月百度,迅雷,华为,阿里巴巴最新校招笔试面试三十题(10.18)
    十月下旬腾讯,网易游戏,百度迅雷校园招聘笔试题集锦(第271-330题)
    九月十月百度人搜,阿里巴巴,腾讯华为笔试面试八十题(第331-410题)
    十月上旬百度,阿里巴巴,迅雷搜狗最新面试七十题(第201-270题)
  • 原文地址:https://www.cnblogs.com/zhangyuanbo/p/11888856.html
Copyright © 2011-2022 走看看