ssm+shiro基础框架搭建(二)
来源:互联网 发布:中国影子银行规模数据 编辑:程序博客网 时间:2024/05/17 04:58
一、dao层数据
可以用自动生成工具来生成数据表的基本信息,工具生成请看我的另一篇博客。
二、service层数据
service层,手动自己写所需的接口,及实现类。
三、controller类
在这里只说login类,其它action都一样。
@RequestMapping("/login") public String login(HttpServletRequest request,Model model) { String result = "login"; // 此处默认有值 String username = request.getParameter("username"); //MD5加密,这里的加密是我有这个类,shiro内部有很多加密解密方法,请查阅相关资料 String password = CipherUtil.generatePassword(request.getParameter("password")); //String password = request.getParameter("password"); UsernamePasswordToken token = new UsernamePasswordToken(username, password); String msg=""; Subject currentUser = SecurityUtils.getSubject(); try { System.out.println("----------------------------"); if (!currentUser.isAuthenticated()){ token.setRememberMe(true); //System.out.println(currentUser.getPrincipal()); //System.out.println(); currentUser.login(token); //System.out.println(rolesService.selectCurrentNameRole(currentUser.getPrincipal().toString())); } result = "index"; } catch (Exception e) { logger.error(e.getMessage()); msg="登录信息出错,请重新登录!"; model.addAttribute("message", msg); result = "login"; } //System.out.println("result: " + result); if(request.getParameter("forceLogout") != null) { model.addAttribute("message", "您已经被管理员强制退出,请重新登录"); } return result; }
四、shiroRealm
这里主要是验证用户登录信息,通过和数据库查询的信息,进行验证。验证成功后,在回调函数中,将其的角色,权限一块给了subject
package cn.ssms.realm;import java.util.Collection;import java.util.HashSet;import java.util.List;import java.util.Set;import javax.annotation.PostConstruct;import javax.annotation.Resource;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.cache.Cache;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.session.Session;import org.apache.shiro.session.mgt.eis.SessionDAO;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.subject.SimplePrincipalCollection;import org.apache.shiro.subject.Subject;import org.apache.shiro.subject.support.DefaultSubjectContext;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import cn.ssms.dao.RolesMapper;import cn.ssms.model.Users;import cn.ssms.service.RolesService;import cn.ssms.service.UserService;import cn.ssms.util.CipherUtil;import cn.ssms.util.EncryptUtils;public class ShiroDbRealm extends AuthorizingRealm { private static Logger logger = LoggerFactory.getLogger(ShiroDbRealm.class); private static final String ALGORITHM = "MD5"; @Autowired private UserService userService; @Autowired private RolesService rolesService; @Autowired private SessionDAO sessionDAO; public ShiroDbRealm() { super(); } /** * 认证回调函数, 登录时调用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String name = token.getUsername(); System.out.println(name); Users user = userService.findUserByLoginName(name); String loginName=token.getUsername(); Session currentSession = null; Collection<Session> sessions = sessionDAO.getActiveSessions(); for(Session session:sessions){ if(loginName.equals(String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY)))){ System.out.println(session.getId()); session.setTimeout(60000);//设置session失效时间,即将其踢出系统 break; } } System.out.println(user); if (user != null) { return new SimpleAuthenticationInfo(user.getName(), user.getPassword(), getName());// if(true){// return new SimpleAuthenticationInfo("lyw","6EB4F98D02C88ADD53D3758DB8572664",getName()); }else{ throw new AuthenticationException(); } } /** * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { /* 这里编写授权代码 */ Set<String> roleNames = new HashSet<String>(); Set<String> permissions = new HashSet<String>(); Subject currentUser = SecurityUtils.getSubject(); List<String> role = rolesService.selectCurrentNameRole(currentUser.getPrincipal().toString()); if(role==null){ roleNames.add("guest"); }else{ for(int i=0;i<role.size();i++){ roleNames.add((String)role.get(i)); } } //roleNames.add("zhangsan"); permissions.add("user.do?myjsp"); permissions.add("login.do?main"); permissions.add("login.do?logout"); permissions.add("denglu.jsp"); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames); info.setStringPermissions(permissions); return info; } /** * 更新用户授权信息缓存. */ public void clearCachedAuthorizationInfo(String principal) { SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName()); clearCachedAuthorizationInfo(principals); } /** * 清除所有用户授权信息缓存. */ public void clearAllCachedAuthorizationInfo() { Cache<Object, AuthorizationInfo> cache = getAuthorizationCache(); if (cache != null) { for (Object key : cache.keys()) { cache.remove(key); } } }
五、登录jsp
<form action="${ctx}/login.html" method="post"> <input placeholder="请输入用户名" name="username" type="text" class="text-input-hover"> <input placeholder="请输入口令" name="password" type="password" class="text-input-hover"> ${message} <input class="login_btn" type="submit" value="登录"></form>
0 0
- ssm+shiro基础框架搭建(二)
- ssm+shiro基础框架搭建(一)
- ssm搭建shiro安全框架
- ssm+shiro框架搭建笔记(1)
- ssm+shiro框架搭建笔记(2)
- ssm+shiro框架搭建笔记(3)
- ssm+shiro框架搭建笔记(4)
- ssm+shiro框架搭建笔记(5)
- ssm+shiro框架搭建笔记(6)
- ssm+shiro框架搭建笔记(7)
- ssm框架搭建二----环境搭建
- ssm+shiro+druid搭建
- 史上最全SSM框架整合(二)-----SSM框架实践搭建
- MAVEN IDEA SSM框架搭建《二》
- ssm框架搭建(二)-Service层
- SSM基础框架的搭建和测试
- SSM+Shiro搭建权限管理
- SSM集成安全框架shiro
- OpenCV调用树莓派原装摄像头的方法
- Mysql中的count()与sum()区别
- jquery 给当前页面或者跳转后页面对应的导航栏添加选中样式
- 七牛云上传图片
- JS基础第10课:控制类名(className 属性)
- ssm+shiro基础框架搭建(二)
- ServletConfig与ServletContext详解
- Netty server demo
- RxJava 详解
- Mysql字符串字段判断是否包含某个拼接字符串的2种方法
- 图解SSL/TLS协议
- php安装memcache扩展
- NSRunloop
- netty4&5私有协议开发