Spring整合Shiro
来源:互联网 发布:php curl模拟登录 编辑:程序博客网 时间:2024/06/03 17:55
最近开始学习shiro框架,今天用Spring整合了一下,顺便记录一下,方便下次使用。第一次写博客,有写不好的地方,望各位大佬多包容包容。
1.使用Maven进行依赖管理。我们需要在pom.xml加入下面配置:
<!-- 统一管理shiro的版本 --> <properties> <shiro.version>1.3.2</shiro.version> </properties> <!--Spring--> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.3.9.RELEASE</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <!-- 配置shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro.version}</version> </dependency> <!-- 连接数据库 这里使用的是 阿里连接池druid --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.0.28</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.1</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.21</version> </dependency>
2.配置web.xml文件
<!-- Shiro拦截器 --> <!--这里注意的是,filter-name必须与shiro配置文件里面的拦截器bean的id一致。因为 Shiro 会来 IOC 容器中查找和 <filter-name> 名字对应的 filter bean.--> <filter> <filter-name>shiroFilter</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-shiro.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>springDispatcherServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:springmvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springDispatcherServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>/login.jsp</welcome-file> </welcome-file-list>
3.1 jdbc.properties连接数据库
这里属性就简单的用了,仅为了连接数据库
driver=com.mysql.jdbc.Driverurl=jdbc:mysql://localhost:3306/shirousername=rootpassword=123456
3.2.spring-shiro.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> <!-- 载入jdbc.properties配置文件 --> <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="location" value="classpath:jdbc.properties" /> </bean> <!-- 连接池,连接数据库 --> <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"> <property name="url" value="${url}"></property> <property name="username" value="${username}"></property> <property name="password" value="${password}"></property> </bean> <!-- 1.配置SecurityManager--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"></property> <!-- 一个realm的时候,就用属性<property name="realm" ref="myRealm"/> --> <!-- 多个realm的时候, 可以用--> <property name="authenticator" ref="authenticator"></property> </bean> <!-- 2.配置cacheManager,这里我使用的是自带的缓存管理--> <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"></bean> <!-- 3.配置authenticator --> <bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="realms"> <list> <ref bean="jdbcRealm"/> <ref bean="myRealm"/> </list> </property> <!-- 可以修改多个realm之间的匹配策略, FirstSuccessfulStrategy:只要有一个Realm验证成功即可,只返回第一个Realm身份验证成功的认证信息,其他的忽略; 默认 AtLeastOneSuccessfulStrategy:只要有一个Realm验证成功即可,和FirstSuccessfulStrategy不同,返回所有Realm身份验证成功的认证信息; AllSuccessfulStrategy:所有Realm验证成功才算成功,且返回所有 Realm身份验证成功的认证信息, 如果有一个失败就失败了。 --> <property name="authenticationStrategy"> <bean class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy"></bean> </property> </bean> <!-- 3.1配置realm --> <!--这个MyRealm是我自己定义的,密码的加密方式和加密次数跟这里要对应,不然匹配不起来--> <bean id="myRealm" class="com.wbb.shiro.realms.ShiroRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="MD5"></property><!--加密方式--> <property name="hashIterations" value="1024"></property><!--加密次数--> </bean> </property> </bean> <!--这个Realm,使用的是shiro自带的JdbcRealm,这个Class类, 自带了很多属性和方法,因为我这里仅仅实现了登录的功能, 使用仅用到authenticationQuery属性,它是这样定义的: protected String authenticationQuery = DEFAULT_AUTHENTICATION_QUERY; protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?"; --> <bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm"> <property name="dataSource" ref="dataSource"> <!--如果你数据库里面的定义的表,跟class自带的查询使用 到属性不一致的话,你可以自己在这里重新定义select语句,来覆盖 掉自带的select,比如以下: <property name="authenticationQuery" value="select password from user where name = ?"></property>--></property> </bean> <!-- 4.配置LifecycleBeanPostProcessor,可以自动的来调用配置在Spring IOC容器中shiro bean的生命周期方法 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"> </bean> <!-- 5.启动呢IOC容器中使用Shiro的注解,但是必须配置在LifecycleBeanPostProcessor之后,才能使用 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"></property> </bean> <!-- 6. 配置 ShiroFilter. 6.1 id 必须和 web.xml 文件中配置的 DelegatingFilterProxy 的 <filter-name> 一致. 若不一致, 则会抛出: NoSuchBeanDefinitionException. 因为 Shiro 会来 IOC 容器中查找和 <filter-name> 名字对应的 filter bean. --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"></property> <property name="loginUrl" value="/login.jsp"></property> <!--这里直接用Controller里面跳转到成功界面,所以没设置参数--> <property name="successUrl" value="/"></property> <property name="unauthorizedUrl" value="/"></property> <!-- 配置哪些页面需要受保护. 以及访问这些页面需要的权限. 1). anon(anonymous) 可以被匿名访问 2). authc(authentication) 必须认证(即登录)后才可能访问的页面. 3). logout 登出.4)等等其他的,没用到 我就不写出来了 --> <property name="filterChainDefinitions"> <value> /login.jsp=anon /login=anon /logout=logout #表示其他所有的url都需要认证 /** = authc </value> </property> </bean></beans>
3.3springmvc.xml这个文件没什么说的,扫包加转发就行,我就不展示出来了
4.自己定义的Realm
package com.wbb.shiro.realms;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.LockedAccountException;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.crypto.hash.SimpleHash;import org.apache.shiro.realm.AuthenticatingRealm;import org.apache.shiro.util.ByteSource;public class ShiroRealm extends AuthenticatingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { System.out.println("ShiroRealm"); UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken; String username=token.getUsername(); String principal=username; String credentials=""; <!--因为我这里没连接数据库,所以就自己生成了个密码,仅为了测试用,密码生成在main方法里--> if("admin".equalsIgnoreCase(username)){ credentials="038bdaf98f2037b31f1e75b5b4c9b26e"; } String realmName=getName(); ByteSource salt=ByteSource.Util.bytes(username); SimpleAuthenticationInfo info=null; info=new SimpleAuthenticationInfo(principal, credentials,salt,realmName); return info; } public static void main(String[] args) { String algorithmName="MD5"; Object credentials="123456"; Object salt=ByteSource.Util.bytes("admin"); int hashIterations=1024; Object result=new SimpleHash(algorithmName, credentials, salt, hashIterations); System.out.println(result); } }
5.login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body><h1 >Login Page</h1><form action="login" > Username:<input type="text" name="username"/> <br/><br/> Password:<input type="password" name="password"/> <br/><br/> <% if(session.getAttribute("message")!=null){ out.println(session.getAttribute("message")); } %> <input type="submit" value="login"/></form></body></html>
6.success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body><h1>Success!!!Welcome:<span style="color:red">${sessionScope.username}</span></h1><a href="logout">logout</a></body></html>
7.Controller
package com.wbb.shiro.handler;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpSession;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;@Controllerpublic class ShiroController { @RequestMapping("/login") public String login(HttpServletRequest request){ System.out.println("login"); String username = request.getParameter("username"); String password = request.getParameter("password"); HttpSession session=request.getSession(true); UsernamePasswordToken token = new UsernamePasswordToken(username, password); Subject subject = SecurityUtils.getSubject(); try { subject.login(token); if (subject.isAuthenticated()) { session.setAttribute("username", username); return "success"; } else { return "login"; } } catch (Exception e) { session.setAttribute("message", "wrong"); e.printStackTrace(); return "login"; } }}
阅读全文
0 0
- 【shiro】--- spring整合shiro
- spring + Shiro 整合
- spring整合shiro
- Spring与Shiro整合
- spring 整合shiro
- shiro 整合spring
- Shiro+Spring MVC整合
- Shiro整合spring
- Shiro+Spring MVC整合
- Spring整合Shiro(一)
- Spring整合Shiro(二)
- shiro整合spring+springmvc
- shiro 整合 spring
- Shiro整合Spring maven
- Spring+Shiro权限整合
- Shiro与Spring整合
- shiro整合spring
- Spring整合Shiro
- 年轻时候就俩事:一长本事二长见识
- Sharedpreferences
- 4种场景下最合适的原型设计工具推荐
- [Leetcode] 292. Nim Game 解题报告
- getView()不复用convertView,ListView即毫无复用!(ListView回收机制)
- Spring整合Shiro
- js数组处理代码
- git生成公钥私钥
- nyoj 61 传纸条(一)(双线DP)
- (四)WAVE协议的802.11p与802.11a主要区别MAC/PHY
- Python导入sciry包出错
- 总结PHP中几种常用的网页跳转代码
- HTTP、TCP和Socket的概念和原理及其区别
- 浅谈 Adaboost 算法