shiro+spring相关配置

直接上自己的配置 希望以后的自己能够直接使用....

一个普通的web.xml

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:spring.xml</param-value></context-param><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- 解决HTTP PUT请求Spring无法获取请求参数的问题 --><filter><filter-name>hiddenHttpMethodFilter</filter-name><filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class></filter><filter-mapping><filter-name>hiddenHttpMethodFilter</filter-name><servlet-name>springMVC</servlet-name></filter-mapping><servlet><servlet-name>springMVC</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:springMVC.xml</param-value></init-param><load-on-startup>0</load-on-startup></servlet><servlet-mapping><servlet-name>springMVC</servlet-name><url-pattern>/</url-pattern></servlet-mapping><welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list>  <error-page>    <error-code>500</error-code>    <location>/error/500.html</location>  </error-page></web-app>

下来是spring.xml

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:context="http://www.springframework.org/schema/context"xsi:schemaLocation="http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsdhttp://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd"><context:component-scan base-package="com.ryz.service.impl" /><context:component-scan base-package="com.ryz.service.dao" /><bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"><property name="driverClassName" value="com.mysql.jdbc.Driver" /><property name="url" value="****************数据库地址" /><property name="username" value="root" /><property name="password" value="123" /></bean><bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"><property name="dataSource" ref="dataSource"/><property name="mapperLocations" value="classpath:com/ryz/mapper/*.mapper.xml" /><property name="typeAliasesPackage" value="com.ryz.dto" /></bean><!-- 扫描mybatis映射接口类 --><bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"><property name="basePackage" value="com.ryz.dao,com.ryz.base" /><property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" /></bean>  <!-- 事物配置 --><bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"><property name="dataSource" ref="dataSource" /></bean><import resource="shiro.xml" /></beans>

springMVC.xml的配置:

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsdhttp://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsdhttp://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd"><context:component-scan base-package="com.ryz.controller" /><bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" /><bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" /><mvc:annotation-driven /><bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"><property name="messageConverters"><list><bean class="org.springframework.http.converter.StringHttpMessageConverter"><property name="supportedMediaTypes" value="text/plain;charset=UTF-8" /></bean><bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter" /></list></property></bean><mvc:default-servlet-handler /></beans>

shiro.xml配置:

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd"><!-- Shiro Filter --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><property name="securityManager" ref="securityManager" /><property name="loginUrl" value="/jsp/login1.jsp" /><property name="successUrl" value="/loginController/main.do" /><property name="unauthorizedUrl" value="/403" /><property name="filterChainDefinitions"><value>/homeController/login.do=anon/Jquery/*=anon/jsp/*=anon/dtree/*=anon/error/*=anon/** = authc<!--/role/edit/*=perms[role:edit]/role/save=perms[role:edit]/role/list=perms[role:view]--></value></property><property name="filters"><map><entry key="logout" value-ref="logoutFilter" /></map></property></bean><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="realm" ref="myRealm" /><property name="cacheManager"><bean class="org.apache.shiro.cache.MemoryConstrainedCacheManager" /></property></bean><bean id="myRealm" class="com.ryz.controller.MyRealm" /></beans>

自定义的MyRealm类,来进行登录验证身份和授权:

package com.ryz.controller;import java.util.List;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.subject.Subject;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import com.ryz.dto.SysModule;import com.ryz.dto.SysPermit;import com.ryz.dto.SysRole;import com.ryz.dto.SysUser;import com.ryz.service.ISysModuleService;import com.ryz.service.ISysPermitService;import com.ryz.service.ISysUserRoleService;import com.ryz.service.ISysUserService;@Controllerpublic class MyRealm extends AuthorizingRealm {@Autowiredprivate ISysUserService sysUserService;@Autowiredprivate ISysUserRoleService sysUserRoleService;@Autowiredprivate ISysPermitService sysPermitService;@Autowiredprivate ISysModuleService sysModuleService;/** * 认证信息 */@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {System.out.println("我是认证信息。");AuthenticationInfo info = null;UsernamePasswordToken token = (UsernamePasswordToken) authcToken;//使用令牌里接到的账号进行查询 在下面进行密码的比对 然后抛出不同的异常 在controller里面进行catchSysUser sysUser = sysUserService.getSysUserByLoginName(token.getUsername());if(sysUser != null) {Subject subject = SecurityUtils.getSubject();subject.isPermitted(sysUser.getName());info = new SimpleAuthenticationInfo(sysUser.getUsername(), sysUser.getPassword(), getName());}else{throw new UnknownAccountException();}return info;}/** * 授权信息 */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {SimpleAuthorizationInfo info = null;System.out.println("我是授权信息。");//授权咯 根据自己的业务来进行角色...以及权限的授权 前台直接使用标签来进行展示String username = (String)principals.fromRealm(getName()).iterator().next();SysUser sysUser = sysUserService.getSysUserByLoginName(username);if(sysUser != null) {info = new SimpleAuthorizationInfo();List<SysRole> roleNames = sysUserRoleService.getRoleNames(sysUser.getId());for (SysRole role : roleNames) {info.addRole(role.getName());List<SysPermit> permitList = sysPermitService.getPermitListByRoleId(role.getId());for (SysPermit permit : permitList) {SysModule sysModule = sysModuleService.getObjectById(permit.getModuleId());//info.addRole(sysModule.getName());info.addStringPermission(sysModule.getName());}}}return info;}}

登录进入的controller：

@RequestMapping("/login.do")public String login(String username, String password, HttpServletRequest request) {UsernamePasswordToken token = new UsernamePasswordToken(username, password);Subject subject = SecurityUtils.getSubject();try {if (!subject.isAuthenticated()){//使用shiro来验证token.setRememberMe(true);subject.login(token);//验证角色和权限SysUser sysUser = sysUserService.getSysUserByLoginName(username);request.getSession().setAttribute("user", sysUser);}return "/loginController/main.do";} catch (UnknownAccountException e) {logger.error(e.getMessage());request.setAttribute("errors", "用户名没有找到");}catch (IncorrectCredentialsException e) {request.setAttribute("errors", "密码错误");}catch (AuthenticationException e) {request.setAttribute("errors", "账号异常");}return "/jsp/login1.jsp";}

jsp登陆页面:

<%@page contentType="text/html; charset=UTF-8"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <title>登陆界面</title>  </head>    <body>    <form action="<%=request.getContextPath()%>/homeController/login.do" method="post">    帐户:<input type="text" name="username" /><br />    密码:<input type="password" name="password" /><br />    ${errors}<br />    <input type="submit" value="登陆" />    </form>  </body></html>

登录成功后进入了

/loginController/main.do 仅仅只是一个跳转页面

在jsp页面引用其自己的标签

<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>

页面上的东西也就没什么难度了...