ssm+shiro基础框架搭建(二)

一、dao层数据

可以用自动生成工具来生成数据表的基本信息，工具生成请看我的另一篇博客。

二、service层数据

service层，手动自己写所需的接口，及实现类。

三、controller类

在这里只说login类，其它action都一样。

@RequestMapping("/login")    public String login(HttpServletRequest request,Model model) {        String result = "login";        // 此处默认有值        String username = request.getParameter("username");        //MD5加密，这里的加密是我有这个类，shiro内部有很多加密解密方法，请查阅相关资料        String password = CipherUtil.generatePassword(request.getParameter("password"));        //String password = request.getParameter("password");        UsernamePasswordToken token = new UsernamePasswordToken(username, password);        String msg="";        Subject currentUser = SecurityUtils.getSubject();        try {            System.out.println("----------------------------");            if (!currentUser.isAuthenticated()){                token.setRememberMe(true);                //System.out.println(currentUser.getPrincipal());                //System.out.println();                currentUser.login(token);                //System.out.println(rolesService.selectCurrentNameRole(currentUser.getPrincipal().toString()));            }            result = "index";        } catch (Exception e) {            logger.error(e.getMessage());            msg="登录信息出错，请重新登录！";            model.addAttribute("message", msg);            result = "login";        }        //System.out.println("result: " + result);        if(request.getParameter("forceLogout") != null) {              model.addAttribute("message", "您已经被管理员强制退出，请重新登录");          }         return result;    }

四、shiroRealm

这里主要是验证用户登录信息，通过和数据库查询的信息，进行验证。验证成功后，在回调函数中，将其的角色，权限一块给了subject

package cn.ssms.realm;import java.util.Collection;import java.util.HashSet;import java.util.List;import java.util.Set;import javax.annotation.PostConstruct;import javax.annotation.Resource;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.IncorrectCredentialsException;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.cache.Cache;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.session.Session;import org.apache.shiro.session.mgt.eis.SessionDAO;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.subject.SimplePrincipalCollection;import org.apache.shiro.subject.Subject;import org.apache.shiro.subject.support.DefaultSubjectContext;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import cn.ssms.dao.RolesMapper;import cn.ssms.model.Users;import cn.ssms.service.RolesService;import cn.ssms.service.UserService;import cn.ssms.util.CipherUtil;import cn.ssms.util.EncryptUtils;public class ShiroDbRealm extends AuthorizingRealm {    private static Logger logger = LoggerFactory.getLogger(ShiroDbRealm.class);    private static final String ALGORITHM = "MD5";    @Autowired    private UserService userService;    @Autowired    private RolesService rolesService;    @Autowired    private SessionDAO sessionDAO;    public ShiroDbRealm() {        super();    }    /**     * 认证回调函数, 登录时调用.     */    @Override    protected AuthenticationInfo doGetAuthenticationInfo(            AuthenticationToken authcToken) throws AuthenticationException {        UsernamePasswordToken token = (UsernamePasswordToken) authcToken;           String name = token.getUsername();        System.out.println(name);        Users user = userService.findUserByLoginName(name);        String loginName=token.getUsername();        Session currentSession = null;        Collection<Session> sessions = sessionDAO.getActiveSessions();        for(Session session:sessions){            if(loginName.equals(String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY)))){                System.out.println(session.getId());                session.setTimeout(60000);//设置session失效时间，即将其踢出系统                break;            }        }        System.out.println(user);        if (user != null) {            return new SimpleAuthenticationInfo(user.getName(), user.getPassword(), getName());//      if(true){//          return new SimpleAuthenticationInfo("lyw","6EB4F98D02C88ADD53D3758DB8572664",getName());        }else{            throw new AuthenticationException();        }    }    /**     * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.     */    @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {        /* 这里编写授权代码 */        Set<String> roleNames = new HashSet<String>();        Set<String> permissions = new HashSet<String>();        Subject currentUser = SecurityUtils.getSubject();        List<String> role =  rolesService.selectCurrentNameRole(currentUser.getPrincipal().toString());        if(role==null){            roleNames.add("guest");        }else{            for(int i=0;i<role.size();i++){                roleNames.add((String)role.get(i));            }        }        //roleNames.add("zhangsan");        permissions.add("user.do?myjsp");        permissions.add("login.do?main");        permissions.add("login.do?logout");        permissions.add("denglu.jsp");        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);        info.setStringPermissions(permissions);        return info;    }    /**     * 更新用户授权信息缓存.     */    public void clearCachedAuthorizationInfo(String principal) {        SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());        clearCachedAuthorizationInfo(principals);    }    /**     * 清除所有用户授权信息缓存.     */    public void clearAllCachedAuthorizationInfo() {        Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();        if (cache != null) {            for (Object key : cache.keys()) {                cache.remove(key);            }        }    }

五、登录jsp

<form action="${ctx}/login.html" method="post">    <input placeholder="请输入用户名" name="username" type="text" class="text-input-hover">    <input placeholder="请输入口令" name="password" type="password" class="text-input-hover">     ${message}    <input class="login_btn" type="submit" value="登录"></form>