SSM+Shiro写的一个简单的登录验证
来源:互联网 发布:linux 编译java 编辑:程序博客网 时间:2024/05/16 17:31
项目结构
web.XML配置
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>Archetype Created Web Application</display-name> <!-- 读取spring配置文件 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:config/spring.xml; classpath*:config/spring-mybatis.xml </param-value> </context-param> <!-- 设计路径变量值 --> <context-param> <param-name>webAppRootKey</param-name> <param-value>springmvc.root</param-value> </context-param> <!-- Spring字符集过滤器 --> <filter> <filter-name>SpringEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>SpringEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>shiroFilter</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 日志记录 --> <context-param> <!-- 日志配置文件路径 --> <param-name>log4jConfigLocation</param-name> <param-value>classpath:config/log4j.properties</param-value> </context-param> <context-param> <!-- 日志页面的刷新间隔 --> <param-name>log4jRefreshInterval</param-name> <param-value>6000</param-value> </context-param> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- springMVC核心配置 --> <servlet> <servlet-name>spring</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:config/spring-mvc.xml</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <!-- 错误跳转页面 --> <error-page> <!-- 路径不正确 --> <error-code>404</error-code> <location>/WEB-INF/errorpage/404.jsp</location> </error-page> <error-page> <!-- 没有访问权限,访问被禁止 --> <error-code>405</error-code> <location>/WEB-INF/errorpage/405.jsp</location> </error-page> <error-page> <!-- 内部错误 --> <error-code>500</error-code> <location>/WEB-INF/errorpage/500.jsp</location> </error-page></web-app>
spring配置
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <import resource="config/spring-mybatis.xml"/> <import resource="config/shiro-context.xml"/> <!-- 引入jdbc配置文件 --> <context:property-placeholder location="classpath:config/jdbc.properties" /> <!-- 扫描文件(自动将servicec层注入) --> <context:component-scan base-package="com.deng.serviceImp" /></beans>
spring-mvc配置
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd"> <!-- 扫描controller(controller层注入) --> <context:component-scan base-package="com.deng.controller" /> <!-- 避免IE在ajax请求时,返回json出现下载 --> <bean id="jacksonMessageConverter" class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter"> <property name="supportedMediaTypes"> <list> <value>text/html;charset=UTF-8</value> </list> </property> </bean> <!-- 对模型视图添加前后缀 --> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/" p:suffix=".jsp" /></beans>
mybatis-config配置
<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN""http://mybatis.org/dtd/mybatis-3-config.dtd"><configuration><!-- 主要目的是 配置 命名空间 --> <!-- 命名空间,使用别名 --> <typeAliases > </typeAliases> <!-- 映射map mapper下的xml文件 --> <mappers> <!-- <mapper resource="mapper/UserMapper.xml"/> --> </mappers></configuration>
spring-mybatis配置
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd"> <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close"> <property name="driverClassName"> <value>${jdbc_driverClassName}</value> </property> <property name="url"> <value>${jdbc_url}</value> </property> <property name="username"> <value>${jdbc_username}</value> </property> <property name="password"> <value>${jdbc_password}</value> </property> <!-- 连接池最大使用连接数 --> <property name="maxActive"> <value>20</value> </property> <!-- 初始化连接大小 --> <property name="initialSize"> <value>1</value> </property> <!-- 获取连接最大等待时间 --> <property name="maxWait"> <value>60000</value> </property> <!-- 连接池最大空闲 --> <property name="maxIdle"> <value>20</value> </property> <!-- 连接池最小空闲 --> <property name="minIdle"> <value>3</value> </property> <!-- 自动清除无用连接 --> <property name="removeAbandoned"> <value>true</value> </property> <!-- 清除无用连接的等待时间 --> <property name="removeAbandonedTimeout"> <value>180</value> </property> <!-- 连接属性 --> <property name="connectionProperties"> <value>clientEncoding=UTF-8</value> </property> </bean> <!-- mybatis文件配置,扫描所有mapper文件 --> <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean" p:dataSource-ref="dataSource" p:configLocation="classpath:config/mybatis-config.xml" p:mapperLocations="classpath:com/deng/mapper/*.xml" /><!-- configLocation为mybatis属性 mapperLocations为所有mapper --> <!-- spring与mybatis整合配置,扫描所有dao --> <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer" p:basePackage="com.deng.dao" p:sqlSessionFactoryBeanName="sqlSessionFactory"> </bean> <!-- <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer" p:basePackage="com.imt.general.dao" p:sqlSessionFactoryBeanName="sqlSessionFactory"> </bean> --> <!-- 对数据源进行事务管理 --> <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager" p:dataSource-ref="dataSource" /></beans>
shiro-context配置
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login.jsp" /> <property name="successUrl" value="/home" /> <property name="unauthorizedUrl" value="/403.do" /> <property name="filterChainDefinitions"><!--/admin/**=anon :无参,表示可匿名访问/admin/user/**=authc :无参,表示需要认证才能访问/admin/user/**=authcBasic :无参,表示需要httpBasic认证才能访问/admin/user/**=ssl :无参,表示需要安全的URL请求,协议为https/home=user :表示用户不一定需要通过认证,只要曾被 Shiro 记住过登录状态就可以正常发起 /home 请求/edit=authc,perms[admin:edit]:表示用户必需已通过认证,并拥有 admin:edit 权限才可以正常发起 /edit 请求/admin=authc,roles[admin] :表示用户必需已通过认证,并拥有 admin 角色才可以正常发起 /admin 请求/admin/user/**=port[8081] :当请求的URL端口不是8081时,跳转到schemal://serverName:8081?queryString/admin/user/**=rest[user] :根据请求方式来识别,相当于 /admins/user/**=perms[user:get]或perms[user:post] 等等/admin**=roles["admin,guest"] :允许多个参数(逗号分隔),此时要全部通过才算通过,相当于hasAllRoles()/admin**=perms["user:add:*,user:del:*"]:允许多个参数(逗号分隔),此时要全部通过才算通过,相当于isPermitedAll() --> <value> /login = anon <!--anon表示不需要认证就可以访问的 --> /home = authc, perms[/home] <!--authc 表示需要认证才能访问的页面 perms 表示需要该权限才能访问的页面 --> /** = authc </value> </property> </bean> <bean id="myShiroRealm" class="com.deng.shiro.myReam"> <!-- businessManager 用来实现用户名密码的查询 --> <!-- <property name="userService" ref="accountService" /> --> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myShiroRealm"></property> </bean> <!-- <bean id="accountService" class="com.deng.service.userService"></bean> --> <!-- <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManager" ref="cacheManager" /> </bean> --></beans>
shiro验证登录验证类
package com.deng.shiro;import java.util.List;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.deng.entity.User;import com.deng.entity.UserRole;import com.deng.service.userService;public class myReam extends AuthorizingRealm{ /** 用户的业务类 **/ @Autowired private userService ser; //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pri) { // TODO Auto-generated method stub System.out.println("this is 权限~~~~~~~"); User user=(User) pri.getPrimaryPrincipal(); Integer id = user.getId(); if(id==1){ System.out.println("this is id====1"); List<UserRole> qRole = ser.queryUserRole(id); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); //获取能够访问的URL列表 List<String> qu = ser.queryPermission(qRole.get(0).getRoleId()); for(String r:qu){ System.out.println("r==="+r); info.addStringPermission(r); } return info; } return null; } //登录 @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token1) throws AuthenticationException { // TODO Auto-generated method stub System.out.println("this is 登录shiro 验证·~~~~~~~~~~~~" ); UsernamePasswordToken token=(UsernamePasswordToken)token1; String username = token.getUsername(); char[] password = token.getPassword(); String pass=new String(password); System.out.println(username); System.out.println(pass); System.out.println(22222222); if(username!=null){ User user = ser.queryUserByUsername(username); System.out.println("user====="+user); //账号不存在 if(user == null) { System.out.println("1账号或密码不正确"); throw new UnknownAccountException("账号或密码不正确"); } if(user!=null){ //密码错误 if(!pass.equals(user.getPassword())) { System.out.println("2账号或密码不正确"); throw new IncorrectCredentialsException("账号或密码不正确"); } System.out.println(user); return new SimpleAuthenticationInfo(user, user.getPassword(),getName()); } } return null; }}
logincontroller类
package com.deng.controller;import javax.annotation.Resource;import javax.servlet.http.HttpServletRequest;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import com.deng.entity.User;import com.deng.service.userService;/**** * 用户登录Controller * * @author deng * */@Controllerpublic class LoginController { @Autowired private userService ser; /*** * 实现用户登录 * * @param username * @param password * @return */ @RequestMapping(value = "/login", method = RequestMethod.POST) public String Login(String username, String password,HttpServletRequest req) { try { UsernamePasswordToken token = new UsernamePasswordToken(username,password); Subject subject = SecurityUtils.getSubject(); subject.login(token); } catch (UnknownAccountException e) { e.printStackTrace(); req.getSession().setAttribute("errorMessage", "用户名或密码错误"); return "login"; } catch (AuthenticationException e) { e.printStackTrace(); req.getSession().setAttribute("errorMessage", "用户名或密码错误"); return "login"; } // 登录后存放进shiro token return "home"; }}
login.jsp
<form action="login.do" method="post"> username:<input type="text" name="username"><p> password:<input type="password" name="password"> <input type="submit"> <p> <span>${sessionScope.errorMessage}</span> </form>
密码错误
登录成功
阅读全文
0 0
- SSM+Shiro写的一个简单的登录验证
- SSM+Shiro系统登录验证码的实现
- SSM+Shiro系统登录验证码的实现
- SSM实现最简单的登录验证
- shiro登录的简单demo
- idea+maven+ssm+shiro开发shiro权限登录,验证码
- php写一个简单的登录程序
- WebForm写一个简单的登录
- ssm+shiro的配置文件
- 简单两步快速实现shiro的配置和使用,包含登录验证、角色验证、权限验证以及shiro登录注销流程
- 简单的登录验证
- 简单的登录验证
- 简单的验证登录
- 简单的登录验证
- 如何写一个含验证码的登录界面
- Shiro在web的基础验证(登录验证)
- Shiro与ssm登录权限验证案例演示
- 简单的cas单点登录+加密 SSM
- iOS的后台任务
- [译]关于iOS和OS X废弃的API你需要知道的一切
- 将博客搬至CSDN
- python2.7乱码的问题+HTMLTestRunner报告生成空页面或者有乱码的解决
- NKOJ 3702 打鼹鼠
- SSM+Shiro写的一个简单的登录验证
- android应用调试之如何保存logcat日志到本地
- Sqlite 时间段查询
- Java基础之SimpleDateFormat和GregorianCalendar的使用
- 【“盛大游戏杯”第15届上海大学程序设计联赛 J】【欧拉函数 约数欧拉函数之和为本身】
- 数据结构学习之-二叉树的三种递归遍历C++实现及相关应用
- sails 用户定义路由(1)
- linux基本知识(2)
- javascript深拷贝和浅拷贝