Spring mvc+shiro+ehcache整合
来源:互联网 发布:阿里云js文件上传下载 编辑:程序博客网 时间:2024/06/05 15:11
Spring mvc+shiro+ehcache整合(详细配置)
发现最近写博客写的少了,正好有时间,把shiro的配置步骤搞上来
本项目是spring mvc整合shiro,用了md5加密,各种配置文件都是从官方例子中拷贝来,注释比较多,
此项目目前只涉及简单的登陆验证。
1.没用maven,直接贴jar包地址:http://download.csdn.net/detail/java__han/9903446
2.web.xml配置
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1"> <display-name>shiro1</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>login.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <!-- needed for ContextLoaderListener --><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xml</param-value></context-param><!-- Bootstraps the root web application context before servlet initialization --><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><!-- The front controller of this Spring Web application, responsible for handling all application requests --><servlet><servlet-name>spring</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><load-on-startup>1</load-on-startup></servlet><!-- Map all requests to the DispatcherServlet for handling --><servlet-mapping><servlet-name>spring</servlet-name><url-pattern>/</url-pattern></servlet-mapping> <!-- 1.配置shiro拦截器 2.DelegatingFilterProxy实际上是Filterde 的一个代理对象。默认情况下Spring 会在IOC 容器中查找<filter-name>对应的filter bean.也可以通过targetBeanName的初始化参数来配置filter bean的id --> <!-- ================================================================== Filters ================================================================== --> <!-- Shiro Filter is defined in the spring application context: --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>3.配置的spring-servlet.xml:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:mvc="http://www.springframework.org/schema/mvc"xmlns:context="http://www.springframework.org/schema/context"xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsdhttp://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"><context:component-scan base-package="com.hc.shiro.ce"></context:component-scan><bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"><property name="prefix" value="/"></property><property name="suffix" value=".jsp"></property></bean><mvc:annotation-driven></mvc:annotation-driven><mvc:default-servlet-handler/></beans>4.applicationContext.xml:实现了md5加密,如果不需要,请自行去掉
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <!-- ========================================================= Shiro Core Components - Not Spring Specific ========================================================= --> <!-- Shiro's main business-tier object for web-enabled applications (use DefaultSecurityManager instead when there is no web environment)--> <!-- 1.配置securityManager --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <property name="realm" ref="jdbcRealm"/> </bean> <!-- Let's use some enterprise caching support for better performance. You can replace this with any enterprise caching framework implementation that you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc --> <!-- 2. 配置cacheManager --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <!-- Set a net.sf.ehcache.CacheManager instance here if you already have one. If not, a new one will be creaed with a default config: <property name="cacheManager" ref="ehCacheManager"/> --> <!-- If you don't have a pre-built net.sf.ehcache.CacheManager instance to inject, but you want a specific Ehcache configuration to be used, specify that here. If you don't, a default will be used.:--> <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> </bean> <!-- Used by the SecurityManager to access security data (users, roles, etc). Many other realm implementations can be used too (PropertiesRealm, LdapRealm, etc. --> <!-- 3.配置realm 3.1直接配置实现了Realm接口的bean --> <bean id="jdbcRealm" class="com.hc.shiro.ce.realms.ShiroRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="MD5"></property> <property name="hashIterations" value="1024"></property> </bean> </property> </bean> <!-- ========================================================= Shiro Spring-specific integration ========================================================= --> <!-- Post processor that automatically invokes init() and destroy() methods for Spring-configured Shiro objects so you don't have to 1) specify an init-method and destroy-method attributes for every bean definition and 2) even know which Shiro objects require these methods to be called. --> <!-- 4.配置lifecycleBeanPostProcessor。自动调用配置在spring ioc 容器中shiro bean的生命周期方法 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: --> <!-- 5.启用ioc容器中使用shiro的注解,但必须在配置了lifecycleBeanPostProcessor后才能使用 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml - web.xml uses the DelegatingFilterProxy to access this bean. This allows us to wire things with more control as well utilize nice Spring things such as PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: --> <!-- 6.配置shiroFilter 6.1 id必须和web.xml中的配合的DelegatingFilterProxy 的filtername一致 如果不一致会抛异常 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="successUrl" value="/list.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> <!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean defined will be automatically acquired and available via its beanName in chain definitions, but you can perform overrides or parent/child consolidated configuration here if you like: --> <!-- <property name="filters"> <util:map> <entry key="aName" value-ref="someFilterPojo"/> </util:map> </property> --> <!-- 配置那些页面需要受保护,以及访问这些页面需要的权限 1)anon 可以别匿名访问 2)authc 必须认证即登陆后才能访问的页面 3)logout登出 url权限采用第一册匹配优先的方式 --> <property name="filterChainDefinitions"> <value> /login.jsp = anon /shiro/login = anon /shiro/logout = logout # everything else requires authentication: /** = authc </value> </property> </bean> </beans>5.ehcache.xml:
<ehcache> <!-- Sets the path to the directory where cache .data files are created. If the path is a Java System Property it is replaced by its value in the running VM. The following properties are translated: user.home - User's home directory user.dir - User's current working directory java.io.tmpdir - Default temp file path --> <diskStore path="java.io.tmpdir"/> <cache name="authorizationCache" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <cache name="authenticationCache" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <cache name="shiro-activeSessionCache" eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0" overflowToDisk="false" statistics="true"> </cache> <!--Default Cache configuration. These will applied to caches programmatically created through the CacheManager. The following attributes are required for defaultCache: maxInMemory - Sets the maximum number of objects that will be created in memory eternal - Sets whether elements are eternal. If eternal, timeouts are ignored and the element is never expired. timeToIdleSeconds - Sets the time to idle for an element before it expires. Is only used if the element is not eternal. Idle time is now - last accessed time timeToLiveSeconds - Sets the time to live for an element before it expires. Is only used if the element is not eternal. TTL is now - creation time overflowToDisk - Sets whether elements can overflow to disk when the in-memory cache has reached the maxInMemory limit. --> <defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="true" /> <!--Predefined caches. Add your cache configuration settings here. If you do not have a configuration for your cache a WARNING will be issued when the CacheManager starts The following attributes are required for defaultCache: name - Sets the name of the cache. This is used to identify the cache. It must be unique. maxInMemory - Sets the maximum number of objects that will be created in memory eternal - Sets whether elements are eternal. If eternal, timeouts are ignored and the element is never expired. timeToIdleSeconds - Sets the time to idle for an element before it expires. Is only used if the element is not eternal. Idle time is now - last accessed time timeToLiveSeconds - Sets the time to live for an element before it expires. Is only used if the element is not eternal. TTL is now - creation time overflowToDisk - Sets whether elements can overflow to disk when the in-memory cache has reached the maxInMemory limit. --> <!-- Sample cache named sampleCache1 This cache contains a maximum in memory of 10000 elements, and will expire an element if it is idle for more than 5 minutes and lives for more than 10 minutes. If there are more than 10000 elements it will overflow to the disk cache, which in this configuration will go to wherever java.io.tmp is defined on your system. On a standard Linux system this will be /tmp" --> <cache name="sampleCache1" maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="600" overflowToDisk="true" /> <!-- Sample cache named sampleCache2 This cache contains 1000 elements. Elements will always be held in memory. They are not expired. --> <cache name="sampleCache2" maxElementsInMemory="1000" eternal="true" timeToIdleSeconds="0" timeToLiveSeconds="0" overflowToDisk="false" /> --> <!-- Place configuration for your caches following --></ehcache>
6.ShiroRealm.java:注意package的路径
package com.hc.shiro.ce.realms;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.LockedAccountException;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.CredentialsMatcher;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.crypto.hash.SimpleHash;import org.apache.shiro.realm.AuthenticatingRealm;import org.apache.shiro.util.ByteSource;public class ShiroRealm extends AuthenticatingRealm {@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {System.out.println("进入"+token);//1.把AuthenticationToken转换为UsernamePasswordTokenUsernamePasswordToken uptoken = (UsernamePasswordToken) token;//2.从UsernamePasswordToken获取usernameString username= uptoken.getUsername();//3.调用数据库的方法,获取数据库中的username对应的用户记录System.out.println("从数据库查询数据username:"+username+"对应的信息");//4.若用户不存在,则可以抛出异常UnknownAccountExceptionif("unname".equals(username)){throw new UnknownAccountException("用户不存在");}//5.根据用户信息,决定是否需要抛出其他u异常if("dahuang".equals(username)){throw new LockedAccountException("用户被锁定");}//6.根据用户的情况构建AuthenticationInfo对象并返回,通常使用//以下信息是从数据库获取的//1.principal:认证的实体信息。可以是username,也可以是数据库对应的用户实体对象Object principal= username;//2.credentials:密码Object credentials="fc1709d0a95a6be30bc5926fdb7f22f4";//realmName:当前realm对象的name,调用父类的getName()方法即可String realmName= getName();SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal, credentials, realmName);return info;}public static void main(String[] args) {String hashAlgorithmName = "MD5";Object credentials = "123456";Object salt = ByteSource.Util.bytes("user");int hashIterations = 1024;Object result = new SimpleHash(hashAlgorithmName, credentials, null, hashIterations);System.out.println(result);}}7.写个登陆的控制器UserAction.java
package com.hc.shiro.ce.action;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;@Controller@RequestMapping("/shiro")public class UserAction {private Log log = LogFactory.getLog(UserAction.class);@RequestMapping("/login")public String login(String name,String password){ Subject currentUser = SecurityUtils.getSubject(); // Do some stuff with a Session (no need for a web or EJB container!!!) //测试使用session //获取session 调用Subject.getSession() /*Session session = currentUser.getSession(); session.setAttribute("someKey", "aValue"); String value = (String) session.getAttribute("someKey"); if (value.equals("aValue")) { log.info("--》Retrieved the correct value! [" + value + "]"); }*/ // let's login the current user so we can check against roles and permissions: //测试当前的用户是否已经被认证,既是否已经登录 //调用Subject 的isAuthenticated if (!currentUser.isAuthenticated()) { //吧用户名和密码封装成UsernamePasswordToken UsernamePasswordToken token = new UsernamePasswordToken(name, password); //RememberMe token.setRememberMe(true); try { //执行登录 currentUser.login(token); } /* //若没有指定的账户,shiro会抛出UnknownAccountException catch (UnknownAccountException uae) { log.info("There is no user with username of " + token.getPrincipal()); } //密码不对,shiro会抛出IncorrectCredentialsException catch (IncorrectCredentialsException ice) { log.info("Password for account " + token.getPrincipal() + " was incorrect!"); } //用户被锁定异常 catch (LockedAccountException lae) { log.info("The account for username " + token.getPrincipal() + " is locked. " + "Please contact your administrator to unlock it."); }*/ // ... catch more exceptions here (maybe custom ones specific to your application? //所有认证异常的父类 catch (AuthenticationException e) { System.out.println("登录失败: "+e.getMessage()); } }return "redirect:/list.jsp";}}8.登陆页面login.jsp<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Insert title here</title></head><body><h1>登陆页面</h1><form action="shiro/login" method="post">username:<input type="text" name="name"><br>password:<input type="text" name="password"><br><input type="submit" value="提交"></form></body></html>9.登陆成功的页面list.jsp
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Insert title here</title></head><body><h1>登陆成功页面</h1><a href="shiro/logout">logout</a></body></html>10.项目一览
阅读全文
0 0
- Spring mvc+shiro+ehcache整合
- Shiro+Spring MVC整合
- Shiro+Spring MVC整合
- spring MVC与Ehcache整合
- 【Shiro + Spring MVC整合】教程
- Spring mvc + MyBatis 整合Shiro
- spring mvc与shiro整合
- Shiro系列之Shiro+Spring MVC整合
- Shiro系列之Shiro+Spring MVC整合
- shiro +spring + spring mvc+ mybatis整合
- shiro +spring + spring mvc+ mybatis整合
- spring mvc +hibernate +spring +shiro整合
- Shiro缓存整合EhCache
- shiro整合ehcache
- spring + shiro +ehcache + redis整合自我总结1
- spring + shiro +ehcache + redis整合自我总结2
- Spring和EhCache整合(针对使用了Shiro)
- spring mvc整合shiro登录 权限验证
- hdu2709-dp
- 对string深拷贝浅拷贝的理解剖析
- linux yum命令详解
- 【Dictionary遍历】C#中Dictionary几种遍历的实现代码
- TimerDialog初识
- Spring mvc+shiro+ehcache整合
- jsp页面格式化数字或时间
- logback.xml 日志
- Tomcat安装后启动一闪而过,启动失败
- 关于Oracle数据库安装
- JavaScript之循环里的闭包
- jdbc连接mysql数据库
- uploadify批量上传图片
- [LeetCode] Rotate Array
