Apache shiro 笔记整理之整合spring

以下内容是在看了涛哥的《跟我一起学shiro》 和 视频《一头扎入进shiro》 后整理出来备忘和方便自己和其他人学习。

个人主页：http://www.itit123.cn/ 更多干货等你来拿

shiro整合spring 通用配置。

用到的框架有spring + springMVC + mybatis

spring简介：http://blog.csdn.net/qq_19558705/article/details/49992021

springMVC简介：http://blog.csdn.net/qq_19558705/article/details/49930719

mybatis简介：暂时没有 ToT（找到一篇比较好的文章会及时更新）

第一步：创建maven web项目：http://blog.csdn.net/qq_19558705/article/details/49887717

第二步：导入相关的jar包

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>shiro-spring</groupId><artifactId>shiro.spring</artifactId><version>0.0.1-SNAPSHOT</version><packaging>war</packaging><dependencies><!-- Spring start --><dependency><groupId>org.springframework</groupId><artifactId>spring-core</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-beans</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-context</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-context-support</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-aop</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-aspects</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>4.1.7.RELEASE</version></dependency><dependency><groupId>org.mybatis</groupId><artifactId>mybatis-spring</artifactId><version>1.2.3</version></dependency><!-- Spring end --><!-- logger start --><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><!-- logger end --><!-- mybatis start --><dependency><groupId>org.mybatis</groupId><artifactId>mybatis</artifactId><version>3.3.0</version></dependency><!-- mybatis end --><!-- jdbc start --><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>5.1.22</version></dependency><!-- jdbc end --><!-- shiro start --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.12</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.2.4</version></dependency><!-- shiro end --></dependencies></project>

第三步：整合框架 

（其配置为查用配置，可以根据具体业务修改。笔者也是安装教程来做的，和公司项目中有很多相似之处，仅供学习使用。）

配置web.xml文件：

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"id="WebApp_ID" version="3.0"><!-- 定义shiro过滤器 --><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><init-param><!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 --><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- Spring配置文件 --><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xml</param-value></context-param><!-- 编码过滤器 --><filter><filter-name>encodingFilter</filter-name><filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class><async-supported>true</async-supported><init-param><param-name>encoding</param-name><param-value>UTF-8</param-value></init-param></filter><filter-mapping><filter-name>encodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- Spring监听器 --><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><!-- 添加对springmvc的支持 --><servlet><servlet-name>springMVC</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:spring-mvc.xml</param-value></init-param><load-on-startup>1</load-on-startup><async-supported>true</async-supported></servlet><servlet-mapping><servlet-name>springMVC</servlet-name><url-pattern>*.do</url-pattern></servlet-mapping></web-app>

spring配置文件applicationContext.xml：

<?xml version="1.0" encoding="UTF-8"?>    <beans xmlns="http://www.springframework.org/schema/beans"        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:p="http://www.springframework.org/schema/p"      xmlns:aop="http://www.springframework.org/schema/aop"       xmlns:context="http://www.springframework.org/schema/context"      xmlns:jee="http://www.springframework.org/schema/jee"      xmlns:tx="http://www.springframework.org/schema/tx"      xsi:schemaLocation="            http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd          http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd          http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd          http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd          http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">            <!-- 自动扫描 --><context:component-scan base-package="com.shiro.service" /><!-- 配置数据源 --><bean id="dataSource"class="org.springframework.jdbc.datasource.DriverManagerDataSource"><property name="driverClassName" value="com.mysql.jdbc.Driver"/><property name="url" value="jdbc:mysql://localhost:3306/db_shiro"/><property name="username" value="root"/><property name="password" value="root"/></bean><!-- 配置mybatis的sqlSessionFactory --><bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"><property name="dataSource" ref="dataSource" /><!-- 自动扫描mappers.xml文件 --><property name="mapperLocations" value="classpath:com/shiro/mappers/*.xml"></property><!-- mybatis配置文件 --><property name="configLocation" value="classpath:mybatis-config.xml"></property></bean><!-- DAO接口所在包名，Spring会自动查找其下的类 --><bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"><property name="basePackage" value="com.shiro.dao" /><property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"></property></bean><!-- (事务管理)transaction manager, use JtaTransactionManager for global tx --><bean id="transactionManager"class="org.springframework.jdbc.datasource.DataSourceTransactionManager"><property name="dataSource" ref="dataSource" /></bean><!-- 自定义Realm --><bean id="myRealm" class="com.shiro.realm.MyRealm"/>  <!-- 安全管理器 --><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">      <property name="realm" ref="myRealm"/>  </bean>  <!-- Shiro过滤器 --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">      <!-- Shiro的核心安全接口,这个属性是必须的 -->      <property name="securityManager" ref="securityManager"/>    <!-- 身份认证失败，则跳转到登录页面的配置 -->      <property name="loginUrl" value="/index.jsp"/>    <!-- 权限认证失败，则跳转到指定页面 -->      <property name="unauthorizedUrl" value="/unauthor.jsp"/>      <!-- Shiro连接约束配置,即过滤链的定义 -->      <property name="filterChainDefinitions">      <!-- 一般修改以下内容 -->        <value>               /login=anon/admin*=authc/student=roles[teacher]/teacher=perms["user:create"]        </value>      </property></bean>  <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->  <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>  <!-- 开启Shiro注解 --><bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">      <property name="securityManager" ref="securityManager"/>      </bean>    <!-- 配置事务通知属性 -->      <tx:advice id="txAdvice" transaction-manager="transactionManager">          <!-- 定义事务传播属性 -->          <tx:attributes>              <tx:method name="insert*" propagation="REQUIRED" />              <tx:method name="update*" propagation="REQUIRED" />              <tx:method name="edit*" propagation="REQUIRED" />              <tx:method name="save*" propagation="REQUIRED" />              <tx:method name="add*" propagation="REQUIRED" />              <tx:method name="new*" propagation="REQUIRED" />              <tx:method name="set*" propagation="REQUIRED" />              <tx:method name="remove*" propagation="REQUIRED" />              <tx:method name="delete*" propagation="REQUIRED" />              <tx:method name="change*" propagation="REQUIRED" />              <tx:method name="check*" propagation="REQUIRED" />              <tx:method name="get*" propagation="REQUIRED" read-only="true" />              <tx:method name="find*" propagation="REQUIRED" read-only="true" />              <tx:method name="load*" propagation="REQUIRED" read-only="true" />              <tx:method name="*" propagation="REQUIRED" read-only="true" />          </tx:attributes>      </tx:advice>        <!-- 配置事务切面 -->      <aop:config>          <aop:pointcut id="serviceOperation"              expression="execution(* com.shiro.service.*.*(..))" />          <aop:advisor advice-ref="txAdvice" pointcut-ref="serviceOperation" />      </aop:config>     </beans>

springMVC 配置文件 spring-mvc.xml：

<?xml version="1.0" encoding="UTF-8"?>    <beans xmlns="http://www.springframework.org/schema/beans"        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:p="http://www.springframework.org/schema/p"      xmlns:aop="http://www.springframework.org/schema/aop"       xmlns:context="http://www.springframework.org/schema/context"      xmlns:jee="http://www.springframework.org/schema/jee"      xmlns:tx="http://www.springframework.org/schema/tx"      xsi:schemaLocation="            http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd          http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd          http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd          http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd          http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">    <!-- 使用注解的包，包括子集 --><context:component-scan base-package="com.shiro.controller" /><!-- 视图解析器 --><bean id="viewResolver"class="org.springframework.web.servlet.view.InternalResourceViewResolver"><property name="prefix" value="/" /><property name="suffix" value=".jsp"></property></bean></beans>  

第四步：创建实体类并配置对应的映射文件：

package com.shiro.entity;public class User {private Integer id;private String userName;private String password;public Integer getId() {return id;}public void setId(Integer id) {this.id = id;}public String getUserName() {return userName;}public void setUserName(String userName) {this.userName = userName;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}}

mybatis 配置文件 mybatis-config.xml：

觉得用spring data 说不定是更好的选择，通过注解便可以完成映射关系。

<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE configurationPUBLIC "-//mybatis.org//DTD Config 3.0//EN""http://mybatis.org/dtd/mybatis-3-config.dtd"><configuration><!-- 别名 --><typeAliases><package name="com.shiro.entity"/></typeAliases></configuration>

实体类映射文件 UserMap.xml：

<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd"><mapper namespace="com.shiro.dao.UserDao"><resultMap type="User" id="UserResult"><result property="id" column="id"/><result property="userName" column="userName"/><result property="password" column="password"/></resultMap><select id="getByUserName" parameterType="String" resultMap="UserResult">select * from t_user where userName=#{userName}</select><select id="getRoles" parameterType="String" resultType="String">select r.roleName from t_user u,t_role r where u.roleId=r.id and u.userName=#{userName}</select><select id="getPermissions" parameterType="String" resultType="String">select p.permissionName from t_user u,t_role r,t_permission p where u.roleId=r.id and p.roleId=r.id and u.userName=#{userName}</select></mapper> 

第五步：创建实体类对应的Dao层和Server层

UserDao：

package com.shiro.dao;import java.util.Set;import com.shiro.entity.User;public interface UserDao {/** * 通过用户名查询用户 * @param userName * @return */public User getByUserName(String userName);/** * 通过用户名查询角色信息 * @param userName * @return */public Set<String> getRoles(String userName);/** * 通过用户名查询权限信息 * @param userName * @return */public Set<String> getPermissions(String userName);}

UserServer：

package com.shiro.service;import java.util.Set;import com.shiro.entity.User;public interface UserService {/** * 通过用户名查询用户 * @param userName * @return */public User getByUserName(String userName);/** * 通过用户名查询角色信息 * @param userName * @return */public Set<String> getRoles(String userName);/** * 通过用户名查询权限信息 * @param userName * @return */public Set<String> getPermissions(String userName);}

UserServerImpl：

package com.shiro.service.impl;import java.util.Set;import javax.annotation.Resource;import org.springframework.stereotype.Service;import com.shiro.dao.UserDao;import com.shiro.entity.User;import com.shiro.service.UserService;@Service("userService")public class UserServiceImpl implements UserService{@Resourceprivate UserDao userDao;public User getByUserName(String userName) {return userDao.getByUserName(userName);}public Set<String> getRoles(String userName) {return userDao.getRoles(userName);}public Set<String> getPermissions(String userName) {return userDao.getPermissions(userName);}}

第六步：创建自定义realm

package com.shiro.realm;import javax.annotation.Resource;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import com.shiro.entity.User;import com.shiro.service.UserService;public class MyRealm extends AuthorizingRealm{@Resourceprivate UserService userService;/** * 为当限前登录的用户授予角色和权 */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {String userName=(String)principals.getPrimaryPrincipal();SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();authorizationInfo.setRoles(userService.getRoles(userName));authorizationInfo.setStringPermissions(userService.getPermissions(userName));return authorizationInfo;}/** * 验证当前登录的用户 */@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String userName=(String)token.getPrincipal();User user=userService.getByUserName(userName);if(user!=null){AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx");return authcInfo;}else{return null;}}}

第七步：创建UserController：

package com.shiro.controller;import javax.servlet.http.HttpServletRequest;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.session.Session;import org.apache.shiro.subject.Subject;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import com.shiro.entity.User;/** * 用户Controller层 * @author Administrator * */@Controller@RequestMapping("/user")public class UserController {/** * 用户登录 * @param user * @param request * @return */@RequestMapping("/login")public String login(User user,HttpServletRequest request){Subject subject=SecurityUtils.getSubject();UsernamePasswordToken token=new UsernamePasswordToken(user.getUserName(), user.getPassword());try{subject.login(token);Session session=subject.getSession();System.out.println("sessionId:"+session.getId());System.out.println("sessionHost:"+session.getHost());System.out.println("sessionTimeout:"+session.getTimeout());session.setAttribute("info", "session的数据");return "redirect:/success.jsp";}catch(Exception e){e.printStackTrace();request.setAttribute("user", user);request.setAttribute("errorMsg", "用户名或密码错误！");return "index";}}}

第八步：准备两张页面负责登入的index.jsp和登入成功的主页success.jsp

index.jsp：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body><form action="${pageContext.request.contextPath }/user/login.do" method="post">userName:<input type="text" name="userName" value="${user.userName }"/><br/>password:<input type="password" name="password" value="${user.password }"><br/><input type="submit" value="login"/><font color="red">${errorMsg }</font></form></body></html>

success.jsp：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>${info }欢迎你!<shiro:hasRole name="admin">欢迎有admin角色的用户！<shiro:principal/></shiro:hasRole><shiro:hasPermission name="student:create">欢迎有student:create权限的用户！<shiro:principal/></shiro:hasPermission></body></html>

测试和之前一样。访问 http://localhost:8080/shiro.spring/user/login.do 开始测试之旅吧！

源码下载：http://download.csdn.net/detail/qq_19558705/9452197