Shiro与ssm登录权限验证案例演示
来源:互联网 发布:mac闪讯怎么用 编辑:程序博客网 时间:2024/06/05 20:06
Shiro与ssm登录权限验证案例
- 1.Shiro文件目录详解
- 2.Shiro与SSM整合
- 3.Shiro登录实例
如果对Shiro暂时还有一些不了解的话可先看看我的另外一篇文章:基于RBAC访问控制框架Shiro简介
1.本文运行环境为 spring+springMVC+mybatis+Shiro1.2.4+MySql+maven。2.软件环境为 JDK1.7+Tomcat7.03.当前为Shiro与SpringMVC基础案例,原理就不放上来了...
1.Shiro文件目录详解
- Shiro工程目录
- Shiro配置文件目录
2.Shiro与SSM整合
- pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.accp</groupId> <artifactId>Shiro</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>Shiro</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-framework-bom</artifactId> <version>4.3.9.RELEASE</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <dependencies> <!-- log4j --> <dependency> <groupId>org.slf4j</groupId> <artifactId>jcl-over-slf4j</artifactId> <version>1.7.6</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.6</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.6</version> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!-- junit --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> <!-- mysql --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.35</version> </dependency> <!-- mybatis --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>3.2.8</version> </dependency> <!-- mybatis lazy --> <dependency> <groupId>cglib</groupId> <artifactId>cglib</artifactId> <version>2.2.2</version> </dependency> <!-- spring --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <exclusions> <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-expression</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>1.6.12</version> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>1.6.12</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> </dependency> <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <version>1.4</version> <scope>runtime</scope> </dependency> <!-- mybatis+spring --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>1.2.3</version> </dependency> <!-- springWEB --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> </dependency> <!-- Servlet,JSP,JSTL,EL --> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>2.1</version> <scope>provided</scope> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <!-- fastjson --> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.7</version> </dependency> <!-- shiro --> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.4</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-web --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.4</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.4</version> </dependency> </dependencies> <build> <finalName>shiro</finalName> <resources> <resource> <directory>src/main/resources</directory> <includes> <include>**/*.properties</include> <include>**/*.xml</include> </includes> <filtering>false</filtering> </resource> <resource> <directory>src/main/java</directory> <includes> <include>**/*.properties</include> <include>**/*.xml</include> </includes> <filtering>false</filtering> </resource> </resources> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.1</version> <configuration> <source>1.7</source> <target>1.7</target> <encoding>${project.build.sourceEncoding}</encoding> <debug>true</debug> </configuration> </plugin> </plugins> </build></project>
- web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <!-- 指定上下文配置文件 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-ctx.xml,classpath:spring-shiro.xml</param-value> </context-param> <!-- log4j日志配置 --> <context-param> <param-name>log4jConfigLocation</param-name> <param-value>classpath:log4j.properties</param-value> </context-param> <!-- 设计路径变量值 --> <context-param> <param-name>webAppRootKey</param-name> <!-- 注意修改项目名称 --> <param-value>shiro.root</param-value> </context-param> <!-- spring监听器,监听springMvc环境 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.WebAppRootListener</listener-class> </listener> <!-- 配置Shiro过滤器,先让Shiro过滤系统接收到的请求 --> <!-- 通常将这段代码中的filter-mapping放在所有filter-mapping之前,以达到shiro是第一个对web请求进行拦截过滤之目的。 这里的fileter-name(shiroFilter) 对应下面applicationContext.xml中的<bean id="shiroFilter" /> DelegatingFilterProxy会自动到Spring容器中查找名字为shiroFilter的bean并把filter请求交给它处理 --> <!-- 使用[/*]匹配所有请求,保证所有的可控请求都经过Shiro的过滤 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 --> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 处理post请求字符编码过滤器 --> <filter> <filter-name>EncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>EncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- ctrl+shift+h 类搜索 --> <!-- springmvc核心控制器【非常重要】 --> <servlet> <servlet-name>CoreServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-web.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>CoreServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping></web-app>
- spring-shiro.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd" default-lazy-init="true"> <description>Shiro Configuration</description> <!-- 自定义Realm --> <bean id="myRealm" class="com.accp.shiro.relam.ShiroRealm" /> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm" /> </bean> <!-- Shiro过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- Shiro的核心安全接口,这个属性是必须的 --> <property name="securityManager" ref="securityManager" /> <!-- 身份认证失败,则跳转到登录页面的配置 --> <property name="loginUrl" value="/adm_index/login" /> <!-- 权限认证失败,则跳转到指定页面 --> <property name="unauthorizedUrl" value="/unauthorized" /> <!-- Shiro连接约束配置,即过滤链的定义 --> <property name="filterChainDefinitions"> <value> /login=anon /index/**=authc </value> </property> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" /> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean></beans>
3.Shiro登录实例
- 登录页面Login.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%><% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Shiro 登录</title></head><body> <form action="<%=basePath%>loginIn" method="post"> <span>用户名:</span><input type="text" name="nickname" /><br /> <span>密 码:</span><input type="password" name="pswd" /><br /> <input type="submit" value="登录" /> </form></body></html>
- 登录发送请求到Controller
package com.accp.shiro.action;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import com.accp.shiro.entity.User;@Controllerpublic class UserAction { @RequestMapping("loginIn") public String loginIn(User user) throws Exception { // 1.创建当前登录操作用户 Subject subject = SecurityUtils.getSubject(); // 2.创建token令牌,token中有用户提交的认证信息即账号和密码 UsernamePasswordToken token = new UsernamePasswordToken( user.getNickname(), user.getPswd()); try { subject.login(token); return "index"; } catch (Exception e) { // TODO: handle exception return "redirect:/login.jsp"; } }}
- 自定义Realm
package com.accp.shiro.relam;import java.util.HashSet;import java.util.Set;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.accp.shiro.biz.UserBiz;import com.accp.shiro.entity.User;public class ShiroRealm extends AuthorizingRealm { @Autowired private UserBiz userBiz; @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { // 数据需要从数据库中查询 SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo(); // 根据角色ID查询角色(role),放入到Authorization里。 Set<String> roles = new HashSet<String>(); roles.add("角色1"); roles.add("角色2"); simpleAuthorInfo.setRoles(roles); // 根据用户ID查询权限(permission),放入到Authorization里。 Set<String> permissions = new HashSet<String>(); permissions.add("权限1"); permissions.add("权限2"); simpleAuthorInfo.setStringPermissions(permissions); return simpleAuthorInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { // 获取基于用户名和密码的令牌 // 1.把AuthenticationToken转换成UsernamePasswordToken UsernamePasswordToken token = (UsernamePasswordToken) authcToken; // 2.从UsernamePasswordToken获取username User user = userBiz.findUserByName(token.getUsername()); if (user != null) { AuthenticationInfo authcInfo = new SimpleAuthenticationInfo( user.getNickname(), user.getPswd(), getName()); return authcInfo; } else { return null; } }}
- Service和DAO层就不上代码了
当前Shiro案例完整DEMO链接在此:[免费]Shiro登录简单实例源码
阅读全文
0 0
- Shiro与ssm登录权限验证案例演示
- idea+maven+ssm+shiro开发shiro权限登录,验证码
- Jeeplus框架SSM+shiro权限控制中实现跳过登录验证访问接口数据
- spring mvc整合shiro登录 权限验证
- spring mvc整合shiro登录 权限验证
- spring mvc整合shiro登录 权限验证
- spring mvc整合shiro登录 权限验证
- SSM+Shiro系统登录验证码的实现
- SSM+Shiro系统登录验证码的实现
- SSM+Shiro写的一个简单的登录验证
- Shiro(1) 身份与权限验证
- Shiro登录验证实例详解与源码
- 基于权限安全框架Shiro的登录验证功能实现
- ssm整合shiro实现权限
- SSM+Shiro搭建权限管理
- shiro权限验证标签
- shiro权限验证标签
- shiro权限验证标签
- Java语言 封装创建 简单工厂方法(Simple Factory method)
- Java自学能学会吗?Java新手学习路线
- 尾递归的学习
- C++避免程序运行完后窗口一闪而过的方法
- Shell脚本统计文件行数的8种方法
- Shiro与ssm登录权限验证案例演示
- idea快捷键
- 20个高级Java面试题汇总
- bootstrap表格样式
- 基于TVGridView的效果优化
- jquery创建添加append、prepend、appendTo、prependTo、after、insertAfter、before、insertBefore
- java核心技术卷一 读书笔记
- 微信开发下载对账单-公众号支付开发-视频教程12
- linux下安装sublime的几种方法