springmvc配置shiro进行权限控制
来源:互联网 发布:涟源市私立行知中学 编辑:程序博客网 时间:2024/06/06 05:58
Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能。本文将简单介绍springmvc中如何配置shiro。
1.首先是maven中配置shiro所需要的jar包
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.3</version>
</dependency>
2.往web.xml中配置shiro过滤器
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
3.在web.xml中配置shiro所要拦截的请求或资源
<!--拦截所有.do请求-->
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
4.在spring的配置文件中配置shiro
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager" />
<!-- 登录的页面,当shiro验证不同过的时候,会进入该页面,请根据自己项目的实际需求配置 -->
<property name="loginUrl" value="/views/common/login.jsp" />
<!-- 登录成功之后跳转的页面 -->
<property name="successUrl" value="/views/login.jsp" />
<!-- 定义shiro过滤规则 -->
<property name="filterChainDefinitions">
<value>
<!-- 这里面配置响应的请求一及所需的权限 -->
<!-- authc表示仅需对 /information/deal_change.do进行登录验证,即必须登录之后才可以正常发送改请求,如果没有登录,即会跳转到上边配置好的loginUrl对应的页面-->
/information/deal_change.do = authc
<!-- 此处表示既要登录,而且只允许角色是[]里面定义好的角色才可以访问-->
/demand/getDemand.do = authc,perms[designer]
</value>
在spring配置文件中再添加如下配置其他配置
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--设置自定义realm -->
<property name="realm" ref="monitorRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!--自定义Realm 继承自AuthorizingRealm -->
<bean id="monitorRealm" class="com.gdqy.FCS.common.api.MonitorRealm"></bean>
<!-- securityManager -->
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager" />
<property name="arguments" ref="securityManager" />
</bean>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
配置到此就已经完成
接下来就是编写自定义的realm
package com.gdqy.FCS.common.api;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.subject.SimplePrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.gdqy.FCS.entity.User;import com.gdqy.FCS.service.UserService;//自定义的类必须继承<span style="font-family: Arial, Helvetica, sans-serif;">AuthorizingRealm ,并重写其方法</span>public class MonitorRealm extends AuthorizingRealm {public MonitorRealm() {super();}//注入角色对应的service@Autowiredprivate UserService userService;
<span style="white-space:pre"></span><span style="font-family:Consolas, Bitstream Vera Sans Mono, Courier New, Courier, monospace;color:#808080;"><span style="font-size: 12.5px; line-height: 13.75px;"></span></span>public void clearCachedAuthorizationInfo(String principal) {SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());clearCachedAuthorizationInfo(principals);}<span style="white-space:pre"></span><pre name="code" class="html"><span style="font-family:Consolas, Bitstream Vera Sans Mono, Courier New, Courier, monospace;color:#808080;"><span style="font-size: 12.5px; line-height: 13.75px;"><span style="white-space:pre"></span>//</span></span><span style="font-size: 12.5px; line-height: 13.75px; color: rgb(128, 128, 128); font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;">该方法的调用时机为需授权资源被访问时执行 </span><span style="font-size: 12.5px; line-height: 13.75px; color: rgb(128, 128, 128); font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;"> </span>@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
<span style="white-space:pre"></span>//获取用户名,在登录的Controller中加入SecurityUtils.getSubject().login(new UsernamePasswordToken(user.getUsername(), user.getPassword()));//就可以在此处使用<span style="font-family: Arial, Helvetica, sans-serif;">String currentUsername = (String)super.getAvailablePrincipal(principals);去获取角色的用户名</span>String currentUsername = (String)super.getAvailablePrincipal(principals);
<span style="white-space:pre"></span>//访问数据库,查找对应的角色 User user = userService.selectByName(currentUsername); if(user !=null) {
<span style="white-space:pre"></span> //分配权限 SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo(); simpleAuthorInfo.addRole(user.getRole()); simpleAuthorInfo.addStringPermission(user.getRole()); return simpleAuthorInfo; }return null;}<span style="white-space:pre"></span>//<span style="color: rgb(128, 128, 128); font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 12.5px; line-height: 13.75px; white-space: pre;">LoginController.login()方法中执行Subject.login()时调用此方法</span>@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;return new SimpleAuthenticationInfo(token.getUsername(),token.getPassword(),getName());}}
到这里。shiro的配置就算完成了
- springmvc配置shiro进行权限控制
- shiro、SpringMVC权限控制
- shiro、SpringMVC权限控制
- Shiro进行权限控制
- springmvc整合shiro权限控制
- Apache Shiro权限控制实战,权限控制SpringMVC + Mybatis + Shiro
- Apache Shiro权限控制实战,权限控制SpringMVC + Mybatis + Shiro
- shiro-springmvc-mybatis登录认证 权限控制
- Springmvc整合Apache Shiro 权限控制。
- Jfinal配合Shiro进行权限控制
- Spring结合Shiro进行权限控制
- Shiro基于JDBC的配置权限控制
- 【Shiro】SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- SpringMVC+Shiro权限管理
- ImageLoader使用记录
- do{...}while(0)的意义和用法
- OpenCV 2.4.6在VS2010的重编译 (OpenCV 源代码 查看)
- ZYB's Premutation(挺简单的数据结构题目)
- Mac OS X Yosemite 10.10 配置 Apache+PHP 教程注意事项
- springmvc配置shiro进行权限控制
- sql语句查询一对一,一对多,多对多
- Java 程序性能优化《第一章》Java性能调优概述 1.4小结
- iOS cocoa touch 部分控件学习笔记
- 【springmvc+mybatis项目实战】杰信商贸-5.生产厂家DAO+SERVICE+CONTROLLER+JSP+配置文件
- Tomcat8.0 虚拟目录配置案例
- vsb9站群浏览器兼容性
- 2015.12.7
- 【springmvc+mybatis项目实战】杰信商贸-6.重点知识回顾