2016.12.9 初步了解shiro

来源：互联网发布：山西省网络文学院编辑：程序博客网时间：2024/06/11 07:35

今天差一点不写了，今天我8点多才到家，一会要去看会视频，但是还是决定继续，我明天或者一会写一个我每天要做的事，告诉自己，也告诉大家

shiro 权限框架：一定会有角色（role），权限（permission）

一个用户可以有多个角色

一个角色可以有多个用户

一个角色可以有多个权限

一个权限只属于一个角色（不一定的）

创建的时候第一个是用户表，角色表，当然还会有一个用户角色映射表，权限表

使用SHIRO的步骤：
1，导入jar
2，配置web.xml
3，建立dbRelm
4，在Spring中配置

官网http://shiro.apache.org/

首先是添加过滤器，在web.xml中：

<filter-name>shiroFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

<init-param>

<param-name>targetFilterLifecycle</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>shiroFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

权限的认证类：

public class ShiroDbRealm extends AuthorizingRealm {

@Inject

private UserService userService ;

/**

* 认证回调函数,登录时调用.

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {

UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

User user= userService.getUserByUserId(token.getUsername());

if (user!= null) {

return new SimpleAuthenticationInfo(user.getUserId(), user.getUserId(), getName());

} else {

return null;

}

/**

* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

String loginName = (String) principals.fromRealm(getName()).iterator().next();

User user= userService.getUserByUserId(loginName);

if (user != null) {

SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

info.addStringPermission("common-user");

return info;

} else {

return null;

}

Spring的配置文件：

<?xml version="1.0" encoding="UTF-8"?>

<description>Shiro Configuration</description>

</bean>

<value>

/resources/** = anon

/manageUsers = perms[user:manage]

/** = authc

</value>

</property>

</bean>

</bean>

</beans>

登录的Controller:

@Controller

@RequestMapping(value = "/common/security/*")

public class SecurityController {

@Inject

private UserService userService;

@RequestMapping(value = "/login")

public String login(String loginName, String password,
HttpServletResponse response, HttpServletRequest request) throws Exception {

User user = userService.getUserByLogin(loginName);

if (null != user) {

setLogin(loginInfoVO.getUserId(), loginInfoVO.getUserId());

return "redirect:/common/security/welcome";

} else {

return "redirect:/common/path?path=showLogin";

}

};

public static final void setLogin(String userId, String password) {

Subject currentUser = SecurityUtils.getSubject();

if (!currentUser.isAuthenticated()) {

//collect user principals and credentials in a gui specific manner

//such as username/password html form, X509 certificate, OpenID, etc.

//We'll use the username/password example here since it is the most common.

//(do you know what movie this is from? ;)

UsernamePasswordToken token = new UsernamePasswordToken(userId, password);

//this is all you have to do to support 'remember me' (no config - built in!):

token.setRememberMe(true);

currentUser.login(token);

}

};

@RequestMapping(value="/logout")

@ResponseBody

public void logout(HttpServletRequest request){

Subject subject = SecurityUtils.getSubject();

if (subject != null) {

subject.logout();

}

request.getSession().invalidate();

};

}

注册和获取当前登录用户：

public static final void setCurrentUser(User user) {

Subject currentUser = SecurityUtils.getSubject();

if (null != currentUser) {

Session session = currentUser.getSession();

if (null != session) {

session.setAttribute(Constants.CURRENT_USER, user);

}

};

public static final User getCurrentUser() {

Subject currentUser = SecurityUtils.getSubject();

if (null != currentUser) {

Session session = currentUser.getSession();

if (null != session) {

User user = (User) session.getAttribute(Constants.CURRENT_USER);

if(null != user){

return user;

}

};

我这是转载的别人的，有空我会重新整理的，谢谢大家！欢迎评论

0 0