ssm整合shiro
来源:互联网 发布:2016年最火的软件 编辑:程序博客网 时间:2024/05/01 13:42
1、导入shiro相应jar包,也可下载shiro-all.jar;
2、web.xml添加shiroFilter配置,类似于mvc
<!-- shiro 安全过滤器--> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <async-supported>true</async-supported> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
3、添加shiro配置文件,在spring-conf.xml导入
<import resource="classpath*:conf/spring-shiro.xml"/>
<description>Shiro安全配置</description> <!-- 扫描service注入realm --> <context:component-scan base-package="com.myssm.yuan.service" use-default-filters="false"> <context:include-filter type="annotation" expression="org.springframework.stereotype.Service"/> </context:component-scan> <!--securityManager是shiro的核心,初始化时协调各个模块运行--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--单个realm使用realm,如果有多个realm,使用realms属性代替--> <property name="realm" ref="userRealm" /> <property name="cacheManager" ref="shiroEhcacheManager" /> </bean> <!--realm配置,realm是shiro的桥梁,它主要是用来判断subject是否可以登录及权限等--> <bean id="userRealm" class="com.myssm.yuan.shiro.UserRealm" /> <!-- <property name="userService" ref="userService"/></bean> 不扫描可采用此方法注入--> <!--shiro过滤器配置,bean的id值须与web中的filter-name的值相同--> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- 没有权限或者失败后跳转的页面 --> <property name="loginUrl" value="/login.jsp" /> <property name="successUrl" value="/WEB-INF/page/index.jsp" /> <property name="unauthorizedUrl" value="/login/unauthorized" /> <property name="filterChainDefinitions"> <value> /login/logout=logout /login/**=anon /**=authc,rest </value> </property> </bean> <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 --> <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:conf/ehcache-shiro.xml"/> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
3.1 添加shiro缓存配置文件
<?xml version="1.0" encoding="UTF-8"?><ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd"> <diskStore path="java.io.tmpdir"/> <defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="900" timeToLiveSeconds="1800" overflowToDisk="false" memoryStoreEvictionPolicy="LFU" /> <cache name="testEhcache" maxElementsInMemory="10000" eternal="false" overflowToDisk="false" timeToIdleSeconds="900" timeToLiveSeconds="1800" memoryStoreEvictionPolicy="LFU" /> </ehcache>
4、添加配置文件中配置的自定义realm,继承AuthorizingRealm
/** * 授权 * <p>Title: doGetAuthorizationInfo</p> * <p>Description: </p> * @param principals * @return * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();//未进行授权处理 return authorizationInfo; } /** * 认证 * <p>Title: doGetAuthenticationInfo</p> * <p>Description: </p> * @param token * @return * @throws AuthenticationException * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken usernamePasswordToke = (UsernamePasswordToken)token; String account = usernamePasswordToke.getUsername(); String pwd = String.valueOf(usernamePasswordToke.getPassword()); User user = this.userService.getUserByAccount(account); if( user == null ){ throw new UnknownAccountException(); } if( !user.getPassword().equals(pwd)){ throw new IncorrectCredentialsException(); }//if(Boolean.TRUE.equals( user.getLocked())){// throw new LockedAccountException(); //帐号锁定//} SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo( account,pwd,this.getName()); //此处未进行密码加密处理 return authenticationInfo; }
5、增加登录jsp及controller进行测试,java培训机构结果:未登录自动跳到login.jsp,登录成功调到index.jsp
以上为简单的整合shiro,如有错误或好的建议,敬请提出。
3 0
- ssm整合shiro
- ssm+shiro+UEditor整合
- SSM+shiro整合
- 7、ssm整合shiro
- SSM整合shiro完整版
- shiro与SSM项目整合
- shiro与SSM项目整合
- Maven+SSM+Shiro整合配置
- ssm整合shiro实现权限
- Maven+SSM+Shiro整合配置
- SSM+shiro+maven整合配置
- Maven+SSM+Shiro整合配置
- springmvc SSM java redis shiro ehcache 整合
- SSM springmvc mybatis 整合 bootstrap maven shiro
- 把Shiro整合到SSM框架中
- ssm+shiro整合 (未测试版本)
- SSM + Shiro 整合 (6)- Shiro 集成 Spring
- idea ssm整合shiro shiro的基本用法
- MyBatis学习总结(三)——优化MyBatis配置文件中的配置
- 基础总结篇之二:Activity的四种launchMode
- TCC事务
- PopupWindow点击显示的处理
- Android微信支付开发
- ssm整合shiro
- 【那些年遇到过的面试题】new和malloc的区别,free和delete的区别
- Java RMI原理与使用
- Java每一天2
- mysql12小时时间格式字符串转24小时格式
- MyBatis学习总结(四)——解决字段名与实体类属性名不相同的冲突
- win7解决android studio真机运行找不到设备的问题
- 动态图片的添加与删除
- tensorflow示例代码注释3