shiro+spring
来源:互联网 发布:端口不通怎么办 编辑:程序博客网 时间:2024/05/20 10:56
第一步、导入maven依赖
<!-- shiro --><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${org.apache.shiro.version}</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${org.apache.shiro.version}</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${org.apache.shiro.version}</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${org.apache.shiro.version}</version></dependency>
第二步、在项目中定义shiro的过滤器(shiro的实现主要是通过filter实现)
<!-- Shiro Security filter --><filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param></filter><filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher></filter-mapping>
第三步、创建一个Realm
public class UserRealm extends AuthorizingRealm { @Autowired private UserBiz biz; //验证用户信息,认证的实现 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String userno = (String) authenticationToken.getPrincipal(); String password = new String((char[]) authenticationToken.getCredentials()); Result<RcUser> result = biz.login(userno, password); if (result.isStatus()) { Session session = SecurityUtils.getSubject().getSession(); session.setAttribute(Constants.Token.RONCOO, userno); RcUser user = result.getResultData(); return new SimpleAuthenticationInfo(user.getUserNo(), user.getPassword(), getName()); } return null; } //验证用户的权限,实现认证 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); String userno = (String) principals.getPrimaryPrincipal(); Result<RcUser> result = biz.queryByUserNo(userno); if(result.isStatus()){ Result<List<RcRole>> resultRole = biz.queryRoles(result.getResultData().getId()); if(resultRole.isStatus()){ //获取角色 HashSet<String> roles = new HashSet<String>(); for (RcRole rcRole : resultRole.getResultData()) { roles.add(rcRole.getRoleValue()); } System.out.println("角色:"+roles); authorizationInfo.setRoles(roles); //获取权限 Result<List<RcPermission>> resultPermission = biz.queryPermissions(resultRole.getResultData()); if(resultPermission.isStatus()){ HashSet<String> permissions = new HashSet<String>(); for (RcPermission rcPermission : resultPermission.getResultData()) { permissions.add(rcPermission.getPermissionsValue()); } System.out.println("权限:"+permissions); authorizationInfo.setStringPermissions(permissions); } } } return authorizationInfo; }}
第四步、添加shiro配置
1、shiro缓存<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE xml><ehcache updateCheck="false" name="shiroCache"><!-- http://ehcache.org/ehcache.xml --> <defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="false" diskPersistent="false" diskExpiryThreadIntervalSeconds="120" /></ehcache>2、在spring的core配置文件中配置shiro<description>Shiro安全配置</description><bean id="userRealm" class="com.roncoo.adminlte.controller.realm.UserRealm" /> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="realm" ref="userRealm" /><property name="cacheManager" ref="shiroEhcacheManager" /></bean><!-- Shiro 过滤器 --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><!-- Shiro的核心安全接口,这个属性是必须的 --><property name="securityManager" ref="securityManager" /><!-- 身份认证失败,则跳转到登录页面的配置 --><property name="loginUrl" value="/login" /><property name="successUrl" value="/certification" /><property name="unauthorizedUrl" value="/error" /><!-- Shiro连接约束配置,即过滤链的定义 --><property name="filterChainDefinitions"><value>/login = authc/exit = anon/admin/security/list=authcBasic,perms[admin:read]/admin/security/save=authcBasic,perms[admin:insert]/admin/security/update=authcBasic,perms[admin:update]/admin/security/delete=authcBasic,perms[admin:delete]</value></property></bean><!-- 用户授权信息Cache, 采用EhCache --><bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"><property name="cacheManagerConfigFile" value="classpath:ehcache/ehcache-shiro.xml" /></bean><!-- 保证实现了Shiro内部lifecycle函数的bean执行 --><bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /><!-- AOP式方法级权限检查 --><beanclass="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"depends-on="lifecycleBeanPostProcessor"><property name="proxyTargetClass" value="true" /></bean><beanclass="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"><property name="securityManager" ref="securityManager" /></bean>
第五步、shiro退出登录的实现
第一种方式 /** * 退出登陆操作 */@RequestMapping(value = "/exit", method = RequestMethod.GET)public String exit(RedirectAttributes redirectAttributes, HttpSession session) {session.removeAttribute(Constants.Token.RONCOO);SecurityUtils.getSubject().logout();redirectAttributes.addFlashAttribute("msg", "您已经安全退出");return redirect("/login");}第二种方式:在shiroFilter的约束配置中配置<!-- Shiro连接约束配置,即过滤链的定义 --><property name="filterChainDefinitions"><value> /exit = logout</value></property>
阅读全文
0 0
- 【shiro】--- spring整合shiro
- spring shiro
- spring+shiro
- spring shiro
- shiro+spring
- spring+shiro
- spring shiro
- 【Spring shiro】Spring与Shiro的整合
- Apache Shiro 集成-spring
- spring+apache shiro demo
- spring-shiro.xml
- Spring+Shiro案例分析
- spring+apache shiro登录
- shiro与spring集成
- 13、Spring-shiro.xml
- spring+springmvc+shiro配置
- spring + Shiro 整合
- Spring+Shiro案例分析
- C语言电子词典的实现
- 使用networkx计算网络的介数中心性
- java中常用4种排序方法
- spring的定时任务
- android电话相关功能整合(读取通话记录、自动拨号、自动挂断、自动接听)
- shiro+spring
- SI疾病传播模型实现
- 自写 strlen strcpy函数
- 即将出版《Java EE 互联网轻量级框架整合开发》封面,准备源码中
- 软件测试习题附答案
- 【MySql】MySql之安装
- jquery鼠标移动图片上实现放大效果
- 树莓派智能监控小车(QT+树莓派)------客户端(PC)和服务器(树莓派)
- 转:JAVA实现word doc docx pdf excel的在线浏览