2016.12.9 初步了解shiro
来源:互联网 发布:山西省网络文学院 编辑:程序博客网 时间:2024/06/11 07:35
今天差一点不写了,今天我8点多才到家,一会要去看会视频,但是还是决定继续,我明天或者一会写一个我每天要做的事,告诉自己,也告诉大家
shiro 权限框架:一定会有角色(role),权限(permission)
一个用户可以有多个角色
一个角色可以有多个用户
一个角色可以有多个权限
一个权限只属于一个角色(不一定的)
创建的时候 第一个是用户表,角色表,当然还会有一个用户角色映射表,权限表
使用SHIRO的步骤:
1,导入jar
2,配置web.xml
3,建立dbRelm
4,在Spring中配置
官网http://shiro.apache.org/
1.
首先是添加过滤器,在web.xml中:
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
权限的认证类:
public class ShiroDbRealm extends AuthorizingRealm {
@Inject
private UserService userService ;
/**
* 认证回调函数,登录时调用.
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
User user= userService.getUserByUserId(token.getUsername());
if (user!= null) {
return new SimpleAuthenticationInfo(user.getUserId(), user.getUserId(), getName());
} else {
return null;
}
}
/**
* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String loginName = (String) principals.fromRealm(getName()).iterator().next();
User user= userService.getUserByUserId(loginName);
if (user != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermission("common-user");
return info;
} else {
return null;
}
}
}
Spring的配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans >
<description>Shiro Configuration</description>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"/>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shiroDbRealm" />
</bean>
<bean id="shiroDbRealm" class="com.company.service.common.shiro.ShiroDbRealm" />
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/common/security/login" />
<property name="successUrl" value="/common/security/welcome" />
<property name="unauthorizedUrl" value="/common/security/unauthorized"/>
<property name="filterChainDefinitions">
<value>
/resources/** = anon
/manageUsers = perms[user:manage]
/** = authc
</value>
</property>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
</beans>
登录的Controller:
@Controller
@RequestMapping(value = "/common/security/*")
public class SecurityController {
@Inject
private UserService userService;
@RequestMapping(value = "/login")
public String login(String loginName, String password,
HttpServletResponse response, HttpServletRequest request) throws Exception {
User user = userService.getUserByLogin(loginName);
if (null != user) {
setLogin(loginInfoVO.getUserId(), loginInfoVO.getUserId());
return "redirect:/common/security/welcome";
} else {
return "redirect:/common/path?path=showLogin";
}
};
public static final void setLogin(String userId, String password) {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
//collect user principals and credentials in a gui specific manner
//such as username/password html form, X509 certificate, OpenID, etc.
//We'll use the username/password example here since it is the most common.
//(do you know what movie this is from? ;)
UsernamePasswordToken token = new UsernamePasswordToken(userId, password);
//this is all you have to do to support 'remember me' (no config - built in!):
token.setRememberMe(true);
currentUser.login(token);
}
};
@RequestMapping(value="/logout")
@ResponseBody
public void logout(HttpServletRequest request){
Subject subject = SecurityUtils.getSubject();
if (subject != null) {
subject.logout();
}
request.getSession().invalidate();
};
}
注册和获取当前登录用户:
public static final void setCurrentUser(User user) {
Subject currentUser = SecurityUtils.getSubject();
if (null != currentUser) {
Session session = currentUser.getSession();
if (null != session) {
session.setAttribute(Constants.CURRENT_USER, user);
}
}
};
public static final User getCurrentUser() {
Subject currentUser = SecurityUtils.getSubject();
if (null != currentUser) {
Session session = currentUser.getSession();
if (null != session) {
User user = (User) session.getAttribute(Constants.CURRENT_USER);
if(null != user){
return user;
}
}
}
};
我这是转载的别人的,有空我会重新整理的,谢谢大家!欢迎评论
- 2016.12.9 初步了解shiro
- 权限控制之Shiro框架--初步了解篇
- shiro初步 shiro认证
- shiro初步 shiro授权
- 初步认识Shiro
- Shiro初步_1
- Shiro初步_2
- shiro初步学习
- Shiro 初步使用
- Shiro入门-授权初步
- shiro框架初步学习
- 快速了解Apache Shiro
- 【Shiro】(一)Shiro初了解
- 如何使用Shiro(快速了解Shiro)
- 二. Shiro 环境初步搭建
- SPRING 了解初步
- Jawe的初步了解
- Jawe的初步了解
- REM or EM
- mysql高性能优化方案
- JSP指令
- C#制作ORM映射学习笔记三 ORM映射实现
- C陷阱和缺陷(C Traps and Pitfalls)-读书笔记
- 2016.12.9 初步了解shiro
- 二叉树
- 栈的应用:四则运算表达式值:
- 组合逻辑与时序逻辑
- [uboot] uboot启动kernel篇(三)——uboot解析uImage的kernel信息
- codeforces 741B
- 有向图的强连通分支算法kosaraju(C语言实现)
- java通过JDBC来访问数据库的过程
- Retrofit 设置 超时时间