4.SSM配置shiro权限管理
来源:互联网 发布:嵌入式linux简介 编辑:程序博客网 时间:2024/06/05 17:43
作者QQ:1095737364 QQ群:123300273 欢迎加入!
1.搭建SSM项目:
http://www.cnblogs.com/yysbolg/p/6909021.html
2.在http的resources文件夹下新建shiro配置文件:shiro.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd" default-lazy-init="true"> <description>Shiro安全配置</description> <!--安全管理器--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--设置自定义Realm--> <property name="realm" ref="shiroDbRealm"/> <!--将缓存管理器,交给安全管理器--> <property name="cacheManager" ref="shiroEhcacheManager"/> <!-- 记住密码管理 --> <property name="rememberMeManager" ref="rememberMeManager"/> </bean> <!-- 項目自定义的Realm --> <bean id="shiroDbRealm" class="com.yys.http.shiro.ShiroDbRealm"/> <!-- 记住密码Cookie --> <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="rememberMe"/> <property name="httpOnly" value="true"/> <!-- 7天,采用spring el计算方便修改[细节决定成败]! --> <property name="maxAge" value="#{7 * 24 * 60 * 60}"/> </bean> <!-- rememberMe管理器,cipherKey生成见{@code Base64Test.java} --> <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('5aaC5qKm5oqA5pyvAAAAAA==')}"/> <property name="cookie" ref="rememberMeCookie"/> </bean> <!-- Shiro Filter --> <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 安全管理器 --> <property name="securityManager" ref="securityManager"/> <!-- 默认的登陆访问url --> <property name="loginUrl" value="/login"/> <!-- 登陆成功后跳转的url --> <property name="successUrl" value="/index"/> <!-- 没有权限跳转的url --> <property name="unauthorizedUrl" value="/unauth"/> <property name="filterChainDefinitions"> <value> <!-- anon 不需要认证 authc 需要认证 user 验证通过或RememberMe登录的都可以 --> /index = anon /login = anon /** = authc </value> </property> </bean> <!-- 用户授权信息Cache, 采用EhCache --> <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/> </bean> <!-- 在方法中 注入 securityManager ,进行代理控制 --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/> <property name="arguments" ref="securityManager"/> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- AOP式方法级权限检查 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <!-- 启用shrio授权注解拦截方式 --> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean></beans>
3.在http的resources文件夹下新建缓冲配置文件:ehcache-shiro.xml
<?xml version="1.0" encoding="UTF-8"?><ehcache updateCheck="false" name="shiroCache"> <defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="false" diskPersistent="false" diskExpiryThreadIntervalSeconds="120" /></ehcache>
4.修改Spring的applicationContext.xml文件
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"> <!-- spring管理接口和事物,只扫描 --> <context:component-scan base-package="com.yys.common.*,com.yys.http.*"> <context:include-filter type="annotation" expression="org.springframework.stereotype.Service"/> </context:component-scan> <!-- 引入配置文件 --> <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="location" value="classpath:application.properties" /> </bean> <aop:aspectj-autoproxy/> <import resource="spring-datasource-master.xml"/> <import resource="spring-datasource-slave.xml"/> <import resource="classpath:spring-shiro.xml"/></beans>
5.修改SpringMVC的spring-mvc.xml文件
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"> <!-- 自动扫描该包,使SpringMVC认为包下用了@controller注解的类是控制器 --> <context:component-scan base-package="com.yys.http.*" > <context:exclude-filter type="annotation" expression="org.springframework.stereotype.Service"/> </context:component-scan> <!-- <mvc:annotation-driven /> 是一种简写形式,完全可以手动配置替代这种简写形式,简写形式可以让初学都快速应用默认配置方案。 <mvc:annotation-driven /> 会自动注册DefaultAnnotationHandlerMapping与AnnotationMethodHandlerAdapter 两个bean, 是spring MVC为@Controllers分发请求所必须的。 并提供了:数据绑定支持,@NumberFormatannotation支持,@DateTimeFormat支持, @Valid支持,读写XML的支持(JAXB),读写JSON的支持(Jackson)。后面,我们处理响应ajax请求时,就使用到了对json的支持。 后面,对action写JUnit单元测试时,要从spring IOC容器中取DefaultAnnotationHandlerMapping与AnnotationMethodHandlerAdapter 两个bean,来完成测试,取的时候要知道是<mvc:annotation-driven />这一句注册的这两个bean。 --><!-- <mvc:annotation-driven /> <!– 避免IE执行AJAX时,返回JSON出现下载文件–> <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"> <property name="supportedMediaTypes"> <list> <value>application/json;charset=UTF-8</value> <value>text/html;charset=UTF-8</value> </list> </property> </bean> <!– 启动SpringMVC的注解功能,完成请求和注解POJO的映射 –> <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"> <property name="messageConverters"> <list> <ref bean="mappingJacksonHttpMessageConverter" /> <!– JSON转换器 –> </list> </property> </bean>--> <mvc:annotation-driven> <mvc:message-converters> <bean class="org.springframework.http.converter.ByteArrayHttpMessageConverter" /> <bean class="org.springframework.http.converter.FormHttpMessageConverter" /> <bean class="org.springframework.http.converter.xml.SourceHttpMessageConverter" /> <!--<bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter" />--> <bean class="com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter" /> </mvc:message-converters> </mvc:annotation-driven> <mvc:default-servlet-handler /> <!-- 避免IE执行AJAX时,返回JSON出现下载文件 --> <!-- 支持JSON数据格式 --> <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"> <property name="messageConverters"> <list> <bean class="org.springframework.http.converter.ByteArrayHttpMessageConverter"/><!-- 解析导出文件byte流 --> <ref bean="fastJsonHttpMessageConverter" /> <!-- <ref bean="mappingJacksonHttpMessageConverter" /> --> </list> </property> </bean> <!--<bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter"> </bean>--> <!-- 使用fastJson来支持JSON数据格式 --> <bean id="fastJsonHttpMessageConverter" class="com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter"> <property name="supportedMediaTypes"> <list> <value>text/html;charset=UTF-8</value> <value>application/json</value> </list> </property> <property name="features"> <list> <value>WriteMapNullValue</value> <value>QuoteFieldNames</value> </list> </property> </bean> <!-- 定义跳转的文件的前后缀 ,视图模式配置--> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <!-- 这里的配置我的理解是自动给后面action的方法return的字符串加上前缀和后缀,变成一个 可用的url地址 --> <property name="prefix" value="/WEB-INF/view/" /> <property name="suffix" value=".jsp" /> </bean> <!-- 静态资源配置 --> <mvc:resources mapping="/static/**" location="static/"/> <!-- <aop:config proxy-target-class="true"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean>--> <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> <property name="exceptionMappings"> <props> <prop key="org.apache.shiro.authz.UnauthorizedException">/template/front/404</prop> <prop key="java.lang.Throwable">/template/front/500</prop> </props> </property> <property name="statusCodes"> <props> <prop key="500">500</prop> <prop key="404">404</prop> <prop key="403">403</prop> </props> </property> <property name="warnLogCategory" value="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver" /> <property name="defaultErrorView" value="/template/front/500" /> <property name="defaultStatusCode" value="200" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <!-- <!– 支持Shiro对Controller的方法级AOP安全控制 begin–> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <!– 保证实现了Shiro内部lifecycle函数的bean执行 –> <bean class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>--> <!-- 拦截器配置 --> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**"/> <bean class="com.yys.http.interceptor.HttpInterceptor"> <!--是否开启longebo头部信息认证--> <property name="isYysblogAccess" value="true"/> <property name="allowUrls"> <list> <!-- 如果请求中包含以下路径,则不进行拦截 --> <value>/</value> <value>/static</value> </list> </property> </bean> </mvc:interceptor> </mvc:interceptors></beans>
6.在web.xml中添加Shiro Filter:
<!-- shiro的filter --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>targetBeanName</param-name> <param-value>shiroFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
7.在总工程目录下面pop.xml文件中添加一下依赖包:
<!--shiro 权限工具--> <!-- shiro 工具包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-quartz</artifactId> <version>${shiro.version}</version> </dependency> <!--事物依赖包--> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>${aspectj.version}</version> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>${aspectj.version}</version> </dependency> <!--AOP 底层的动态代理--> <dependency> <groupId>cglib</groupId> <artifactId>cglib</artifactId> <version>2.2.2</version> </dependency>
8.shiro 权限认证类:ShiroDbRealm.java
package com.yys.http.shiro;import com.yys.common.entity.User;import com.yys.common.service.RoleService;import com.yys.common.service.UserRoleService;import com.yys.common.service.UserService;import com.yys.common.util.StringUtils;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import javax.persistence.criteria.CriteriaBuilder;import java.util.HashSet;import java.util.List;import java.util.Map;import java.util.Set;/** * User: 杨永生 * Date: 10:08 2017/9/4 * Email: 1095737364@qq.com */public class ShiroDbRealm extends AuthorizingRealm { private static final Logger LOGGER = LoggerFactory.getLogger(ShiroDbRealm.class); @Autowired private UserService userService; @Autowired private RoleService roleService; @Autowired private UserRoleService userRoleService; /** * Shiro登录认证(原理:用户提交 用户名和密码 --- shiro 封装令牌 ---- realm 通过用户名将密码查询返回 ---- shiro 自动去比较查询出密码和用户输入密码是否一致---- 进行登陆控制 ) */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { LOGGER.info("Shiro开始登录认证"); UsernamePasswordToken token = (UsernamePasswordToken) authcToken; User user = userService.findUserByUserName(token.getUsername());//查询可以自己设置个值模拟数据库查询 // 账号不存在 if (user == null) { return null; } // 账号未启用// if (user.getStatus() == 1) {// return null;// } List<Integer> roleList = userRoleService.findRoleIdListByUserId(user.getUserId());//查询可以自己设置个值模拟数据库查询 ShiroUser shiroUser = new ShiroUser(user.getUserId(), user.getUserName(), roleList); // 认证缓存信息 return new SimpleAuthenticationInfo(shiroUser, user.getPassword().toCharArray(), getName()); } /** * Shiro权限认证 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { LOGGER.info("Shiro权限认证"); ShiroUser shiroUser = (ShiroUser) principals.getPrimaryPrincipal(); List<Integer> roleList = shiroUser.roleList; Set<String> urlSet = new HashSet<String>(); for (Integer roleId : roleList) { List<Map<Integer, String>> roleResourceList = roleService.findRoleResourceListByRoleId(roleId);//查询可以自己设置个值模拟数据库查询 if (roleResourceList != null) { for (Map<Integer, String> map : roleResourceList) { if (!StringUtils.isNullOrEmpty(map.get("url"))) { urlSet.add(map.get("url")); } } } } //添加角色// Set<String> roles=new HashSet<String>();// roles.add("admin");// SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles); //不添加角色 ,只添加资源 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.addStringPermissions(urlSet); return info; } public UserService getUserService() { return userService; } public void setUserService(UserService userService) { this.userService = userService; } public RoleService getRoleService() { return roleService; } public void setRoleService(RoleService roleService) { this.roleService = roleService; } public UserRoleService getUserRoleService() { return userRoleService; } public void setUserRoleService(UserRoleService userRoleService) { this.userRoleService = userRoleService; }}
9.封装实体类:ShiroUser.java
package com.yys.http.shiro;import java.io.Serializable;import java.util.List;/** * User: 杨永生 * Date: 10:08 2017/9/4 * Email: 1095737364@qq.com */public class ShiroUser implements Serializable { private static final long serialVersionUID = -1373760761780840081L; public Integer id; public String name; public List<Integer> roleList; public ShiroUser(Integer id, String name, List<Integer> roleList) { this.id = id; this.name = name; this.roleList = roleList; } public String getName() { return name; } /** * 本函数输出将作为默认的<shiro:principal/>输出. */ @Override public String toString() { return name; }}
10.controller控制类:UserController.java
package com.yys.http.controller;import com.yys.common.entity.User;import com.yys.common.service.UserService;import com.yys.common.util.DigestUtils;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.DisabledAccountException;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.annotation.RequiresRoles;import org.apache.shiro.subject.Subject;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.bind.annotation.ResponseBody;import org.springframework.web.servlet.ModelAndView;/** * 用户操作表 * User: 杨永生 * Date: 15:09 2017/9/1 * Email: 1095737364@qq.com */@Controllerpublic class UserController { @Autowired private UserService userSerivce; /** * 首页get请求 * @return */ @RequestMapping(value = "/", method = {RequestMethod.GET}) public String index() { //判断 是否 已经登陆认证: 认证成功就跳转到index 页面 if (SecurityUtils.getSubject().isAuthenticated()) { return "index"; } return "redirect:/login"; } /** * 首页 * * @return */ @RequestMapping(value = "/index", method = {RequestMethod.GET}) public String index2() { if (SecurityUtils.getSubject().isAuthenticated()) { return "index"; } return "redirect:/login"; } /** * GET 登录 * @return {String} */ @RequestMapping(value = "/login", method = {RequestMethod.GET}) public String login() { if (SecurityUtils.getSubject().isAuthenticated()) { return "redirect:/index"; } return "login"; } /** * 登陆 * @return */ @RequestMapping(value = "/login", method = {RequestMethod.POST}) @ResponseBody public String login(User user) { Subject userShiro = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(user.getUserName(),DigestUtils.md5Hex(user.getUserName()).toCharArray()); // 默认设置为记住密码,你可以自己在表单中加一个参数来控制 token.setRememberMe(true); try { userShiro.login(token); return "success!"; } catch (UnknownAccountException e) { throw new RuntimeException("账号不存在!", e); } catch (DisabledAccountException e) { throw new RuntimeException("账号未启用!", e); } catch (IncorrectCredentialsException e) { throw new RuntimeException("密码错误!", e); } catch (Throwable e) { throw new RuntimeException("未知错误,请联系管理员!", e); } } /** * 注册 * @return */ @RequestMapping(value = "/register", method = {RequestMethod.POST}) @ResponseBody public String register(User user) { System.out.println(user); try { int issuccess= userSerivce.saveUser(user); return "success!"; } catch (Exception e) { return "fail!"; } } /** * 字段管理页 * * @return */ @RequestMapping(value = "/manager", method = {RequestMethod.GET}) public String manager() { return "success"; } @RequestMapping(value = "/dataGrid", method = {RequestMethod.GET}) public Object dataGrid(Integer page, Integer rows, String sort, String order) { return "success"; } @RequestMapping(value = "/addPage", method = {RequestMethod.GET}) public String addPage() { return "success"; } /** * 添加字段 * * @return */ @RequestMapping(value = "/add", method = {RequestMethod.GET}) public Object add() { return "success"; } /** * 未授权 * @return {String} */ @RequestMapping(value = "/unauth", method = {RequestMethod.GET}) public String unauth() { if (SecurityUtils.getSubject().isAuthenticated() == false) { return "redirect:/login"; } return "unauth"; } /** * 退出 * @return {Result} */ @RequestMapping(value = "/logout", method = {RequestMethod.GET}) public Object logout() { Subject subject = SecurityUtils.getSubject(); subject.logout(); return "login"; }}
以上就是所有的配置信息了,面来给出测试页面:
11.login.jsp
<%-- Created by IntelliJ IDEA. User: 杨永生 Date: 2017/9/4 Time: 10:13 To change this template use File | Settings | File Templates.--%><%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %><html><head> <title>index</title></head><body><h1>login</h1><form action="/register" method="post"> <input type="text" name="userName" value="admin2"> <input type="text" name="password" value="admin"> <button type="submit">register</button></form><form action="/login" method="get"> <input type="text" name="userName" value="admin"> <input type="text" name="password" value="admin"> <button type="submit">login</button></form><form action="/login" method="post"> <input type="text" name="userName" value="admin"> <input type="text" name="password" value="admin"> <button type="submit">login</button></form></body></html>
12.success.jsp
<%-- Created by IntelliJ IDEA. User: 杨永生 Date: 2017/9/4 Time: 10:13 To change this template use File | Settings | File Templates.--%><%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %><html><head> <title>index</title></head><body><h1>访问成功</h1></body></html>
13.unauth.jsp:暂时没有实现未授权跳转
<%-- Created by IntelliJ IDEA. User: 杨永生 Date: 2017/9/4 Time: 10:13 To change this template use File | Settings | File Templates.--%><%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %><html><head> <title>index</title></head><body><h1>未授权</h1></body></html>
14.index.jsp
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %><%-- Created by IntelliJ IDEA. User: 杨永生 Date: 2017/9/4 Time: 10:13 To change this template use File | Settings | File Templates.--%><%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %><html><head> <title>index</title></head><body><h1>index</h1><shiro:hasPermission name="/logout"> <a href="/logout">logout</a></shiro:hasPermission><shiro:hasPermission name="/addPage"> <a href="/addPage">addPage</a></shiro:hasPermission><shiro:hasPermission name="/add"> <a href="/add">add</a></shiro:hasPermission><shiro:hasPermission name="/manager"> <a href="/manager">manager</a></shiro:hasPermission><shiro:hasPermission name="/dataGrid"> <a href="/dataGrid">dataGrid</a></shiro:hasPermission>登陆名称<shiro:principal></shiro:principal><shiro:hasRole name="admin"> <br><br> <a href="admin.jsp">Admin Page</a></shiro:hasRole><shiro:hasRole name="user"> <br><br> <a href="user.jsp">User Page</a></shiro:hasRole></body></html>
实体类的数据库增删改查文件太多, 这里就不展示了,下面给出ShiroDbRealm.java中三个service查询的数据
User{userId=1, userName='admin', password='21232f297a57a5a743894a0e4a801fc3'}
roleList={1}
上面的密码是加密的,因此要有加密工具:
15.DigestUtils.java
package com.yys.common.util;import org.apache.commons.io.Charsets;/** * User: 杨永生 * Date: 10:08 2017/9/4 * Email: 1095737364@qq.com */public class DigestUtils extends org.springframework.util.DigestUtils { public static String md5Hex(final String data) { return DigestUtils.md5DigestAsHex(data.getBytes(Charsets.UTF_8)); } public static String md5Hex(final byte[] bytes) { return DigestUtils.md5DigestAsHex(bytes); }}
16.StringUtils.java
package com.yys.common.util;import java.util.Collection;/** * User: 杨永生 * Date: 10:08 2017/9/4 * Email: 1095737364@qq.com */public final class StringUtils { private StringUtils() { } public static String join(Object[] array, String sep) { return join((Object[])array, sep, (String)null); } public static String join(Collection list, String sep) { return join((Collection)list, sep, (String)null); } public static String join(Collection list, String sep, String prefix) { Object[] array = list == null?null:list.toArray(); return join(array, sep, prefix); } public static String join(Object[] array, String sep, String prefix) { if(array == null) { return ""; } else { int arraySize = array.length; if(arraySize == 0) { return ""; } else { if(sep == null) { sep = ""; } if(prefix == null) { prefix = ""; } StringBuilder buf = new StringBuilder(prefix); for(int i = 0; i < arraySize; ++i) { if(i > 0) { buf.append(sep); } buf.append(array[i] == null?"":array[i]); } return buf.toString(); } } } public static String jsonJoin(String[] array) { int arraySize = array.length; int bufSize = arraySize * (array[0].length() + 3); StringBuilder buf = new StringBuilder(bufSize); for(int i = 0; i < arraySize; ++i) { if(i > 0) { buf.append(','); } buf.append('\"'); buf.append(array[i]); buf.append('\"'); } return buf.toString(); } /** * 判断 Object 是否时空 * @param s * @return */ public static boolean isNullOrEmpty(Object s) { return org.springframework.util.StringUtils.isEmpty(s); } /** * 判断是否是字符串数组 * @param s * @param array * @return */ public static boolean inStringArray(String s, String[] array) { String[] var2 = array; int var3 = array.length; for(int var4 = 0; var4 < var3; ++var4) { String x = var2[var4]; if(x.equals(s)) { return true; } } return false; }}
下面是一个成功事例的页面:
需要源代码的同学, 可以加群,共同学习!!
阅读全文
0 0
- 4.SSM配置shiro权限管理
- SSM+Shiro搭建权限管理
- 权限管理系统 shiro + ssm实现
- 【Shiro权限管理】5. Shiro权限URL 配置细节
- 【Shiro权限管理】4. Shiro工作流程
- Shiro 权限管理filterChainDefinitions过滤器配置
- Shiro 权限管理filterChainDefinitions过滤器配置
- Shiro 权限管理filterChainDefinitions过滤器配置
- Shiro 权限管理filterChainDefinitions过滤器配置
- 【Shiro权限管理】13. SecurityManager配置realms
- ssm整合shiro实现权限
- 【Shiro】SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- shiro管理端权限
- SpringMVC+Shiro权限管理
- 史无前例开放!阿里内部集群管理系统Sigma混布数据
- redis4.0之Lua脚本新姿势
- 滴滴内推一面
- 触发器—增删改—存储过程
- <c:if></c:if>包含
- 4.SSM配置shiro权限管理
- linux命令
- Anaconda简介及CentOS下的安装及使用
- wife
- UVA 573
- C++控制台程序不显示控制台黑框
- listView常见问题
- MixPHP:基于 Swoole 的常驻内存型 PHP 框架
- eclipse:常用的10个java程序调试技巧
