Shiro与Spring集成
来源:互联网 发布:淘宝开源平台 编辑:程序博客网 时间:2024/06/05 16:29
1、shiro相关jar包的maven依赖。
<!-- Spring Shiro --><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.3</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.3</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.3</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.2.3</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-quartz</artifactId> <version>1.2.3</version></dependency>
2、web.xml中shiro的相关配置。
1)引入shiro的配置文件applicationContext-shiro.xml。
<context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath*:/applicationContext-shiro.xml </param-value></context-param>
2)在web.xml中配置shiroFilter过滤器。
<!-- shiro过滤器配置 --><filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param></filter><filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
在web.xml
文件配置中配置注意的问题点:
1.如果你的项目动态请求都是*.action
,*.do
等结尾,那么拦截配置就直接配置为<url-pattern>*.action</url-pattern>
或者<url-pattern>*.do</url-pattern>
2.过滤器配置的顺序,过滤器最好配置的位置是在org.springframework.web.filter.CharacterEncodingFilter
之后,就是处理好字符集就是Shiro的过滤器。
3、Shiro相关配置applicationContext-shiro.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> <description>Spring-Shiro</description> <!-- 配置Shiro Filter过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 将shiro安全管理器注入ShiroFilter中 --> <property name="securityManager" ref="securityManager" /> <!-- 配置登录URL地址 --> <property name="loginUrl" value="/login.html" /> <!-- 配置登录成功后访问地址 --> <!-- <property name="successUrl" value="/index.html" /> --> <!-- 配置不授权URL地址 --> <property name="unauthorizedUrl" value="/error/403.html" /> <!-- 基本系统级别权限配置 --> <!-- filterChainDefinitions的配置顺序为自上而下,以最上面的为准 --> <!-- anon表示可匿名使用,可以理解为匿名用户或游客,即非登录下可访问 --> <!-- authc表示需认证才能使用,即登录后才可使用 --> <property name="filterChainDefinitions"> <value> /css/** = anon /images/** = anon /js/** = anon /login.html = anon /onLogin.html = anon /logout.html = anon /druid/** = anon /attached/** = anon /** = authc </value> </property> </bean> <!-- 基于Form表单的身份验证过滤器 --> <!--<bean id="formAuthenticationFilter" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"> <property name="usernameParam" value="username"/> <property name="passwordParam" value="password"/> <property name="loginUrl" value="/login.jsp"/> <property name="rememberMeParam" value="rememberMe"/> </bean>--> <!-- 配置Shiro 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- 将自定义shiro域注入Shiro安全管理器 --> <property name="realm" ref="shiroRealm" /> <!-- 将缓存管理器注入Shiro安全管理器 --> <property name="cacheManager" ref="ehCacheManager" /> <!-- 将会话管理器注入Shiro安全管理器--> <property name="sessionManager" ref="sessionManager"/> <!-- 将rememberMe管理器注入Shiro安全管理器 --> <property name="rememberMeManager" ref="rememberMeManager"/> </bean> <!-- 配置Shiro 会话管理器 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="1800000"/> <property name="deleteInvalidSessions" value="true"/> <property name="sessionValidationSchedulerEnabled" value="true"/> <!-- 注入会话验证调度器 --> <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/> <!-- 注入会话DAO --> <property name="sessionDAO" ref="sessionDAO"/> <!-- 开启会话Cookie --> <property name="sessionIdCookieEnabled" value="true"/> <!-- 注入会话Cookie模板 --> <property name="sessionIdCookie" ref="sessionIdCookie"/> </bean> <!-- 装载自定义的Shiro Realm(域) --> <bean id="shiroRealm" class="com.gcmobile.console.security.ShiroRealm" > <!-- 注入凭证匹配器 --> <property name="credentialsMatcher" ref="credentialsMatcher"/> <property name="cachingEnabled" value="true"/> <property name="authenticationCachingEnabled" value="true"/> <property name="authenticationCacheName" value="authenticationCache"/> <property name="authorizationCachingEnabled" value="true"/> <property name="authorizationCacheName" value="authorizationCache"/> </bean> <!-- 配置Shiro 缓存管理器,此处采用EhCacheManager实现 --> <bean id="ehCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <!-- 引入缓存配置文件 --> <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" /> </bean> <!-- 凭证匹配器 --> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5" /> <property name="hashIterations" value="2"/> <property name="storedCredentialsHexEncoded" value="true"/> </bean> <!-- 会话Cookie模板 --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="sid"/> <property name="httpOnly" value="true"/> <property name="maxAge" value="180000"/> </bean> <!-- rememberMeCookie模板 --> <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="rememberMe"/> <property name="httpOnly" value="true"/> <property name="maxAge" value="2592000"/><!-- 30天 --> </bean> <!-- 会话ID生成器 --> <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/> <!-- 会话DAO --> <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/> <!-- 注入会话ID生成器 --> <property name="sessionIdGenerator" ref="sessionIdGenerator"/> </bean> <!-- 会话验证调度器 --> <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler"> <property name="sessionValidationInterval" value="1800000"/> <!-- 注入会话管理器 --> <property name="sessionManager" ref="sessionManager"/> </bean> <!-- rememberMe管理器 --> <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/> <!-- 注入rememberMe的cookie --> <property name="cookie" ref="rememberMeCookie"/> </bean> <!-- 静态注入,相当于调用SecurityUtils.setSecurityManager(securityManager) --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" /> <property name="arguments" ref="securityManager" /> </bean> <!-- Shiro生命周期处理器,保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean></beans>
4、Ehcache相关配置ehcache-shiro.xml
<?xml version="1.0" encoding="UTF-8"?><ehcache updateCheck="false" name="shiroCache"> <diskStore path="java.io.tmpdir"/> <defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="false" diskPersistent="false" diskExpiryThreadIntervalSeconds="120" /></ehcache>
5、自定义ShiroRealm实现
import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.realm.Realm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.gcmobile.console.system.entity.User;import com.gcmobile.console.system.mapper.UserMapper;/** * Shiro自定义域,实现认证、授权 */public class ShiroRealm extends AuthorizingRealm{ @Autowired private UserMapper userMapper; // 用户表mapper接口 public ShiroRealm() { setAuthenticationTokenClass(UsernamePasswordToken.class); } /** * Shiro认证方法,实现登录认证 * @param authenticationToken * @return */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) { // 获取usernamePasswordToken里面的用户名、密码 UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken; // 根据用户名查询用户信息 User user = userMapper.selectByUserName(usernamePasswordToken.getUsername()); if (user == null) { throw new UnknownAccountException("Unknown username [" + usernamePasswordToken.getUsername() + "]"); } if (!user.getStatus().equals(0)) { throw new DisabledAccountException("Disabled account [" + usernamePasswordToken.getUsername() + "]"); } // 将用户信息保存至ShiroUser实体类 ShiroUser shiroUser = new ShiroUser(user.getId(), user.getUserName()); shiroUser.setUserName(user.getName()); shiroUser.setUserId(user.getId()); // 将shiroUser用户信息及查出的密码与usernamePasswordToken中的用户名、密码进行比较,并将shiroUser实体类保存至缓存中 return new SimpleAuthenticationInfo(shiroUser, user.getPassword(), getName()); } /** * Shiro授权方法,实现权限控制 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { // 取出当前已登录的用户信息 ShiroUser shiroUser = (ShiroUser) principalCollection.getPrimaryPrincipal(); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); System.out.print("============="); // 将当前用户的角色放入授权信息类的角色组中 info.addRoles(userMapper.queryRolesByUserId(shiroUser.getUserId())); // 将当前用户的权限放入授权信息类的权限组中 info.addStringPermissions(userMapper.queryPermissionsByUserId(shiroUser.getUserId())); return info; }}6、ShiroUser类,自定义Authentication对象,使得Subject除了携带用户登录名外还可以携带更多信息
import java.io.Serializable;/** * 自定义Authentication对象,使得Subject除了携带用户的登录名外还可以携带更多信息. */public class ShiroUser implements Serializable { private static final long serialVersionUID = 4999382582432113545L; private Integer userId; private String userName; private String name; public ShiroUser() {} public ShiroUser(Integer userId, String userName) { this.userId = userId; this.userName = userName; } public Integer getUserId() { return userId; } public void setUserId(Integer userId) { this.userId = userId; } public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } public String getName() { return name; } public void setName(String name) { this.name = name; }}
7、登录调用Shiro进行认证
// 如果已登录,则先退出登录SecurityUtils.getSubject().logout();// 实例化一个subject实体Subject subject = SecurityUtils.getSubject();// UsernamePasswordToken封装用户名、密码UsernamePasswordToken token = new UsernamePasswordToken(username, MD5.toMD5(password));// 开始登录认证subject.login(token);
0 0
- shiro与spring集成
- shiro 与spring集成
- Shiro与Spring集成
- shiro与spring集成
- shiro与spring集成
- 01 shiro与spring集成
- 第十二章Shiro 与Spring集成
- Shiro权限框架及与Spring集成
- Shiro学习(12)与Spring集成
- Shiro学习(12)与Spring集成
- Shiro简介及与spring集成
- Shiro简介及与spring集成
- spring boot集成shiro与缓存ehcache
- shiro框架之与Spring集成
- Apache Shiro 集成-spring
- Apache Shiro 集成-spring
- Shiro集成Spring
- spring-boot集成shiro
- win7x64下的redis安装与使用
- CSS3:Left 和 Top 的使用
- 读取文件之<绝对路径>与<相对路径>
- Spring form
- 政府采购2
- Shiro与Spring集成
- 模块mfc42d.dll可能与您正在运行的windows版本不兼容。检查该模块是否与regsvr32.exe的x86或x64版
- windows server工作组环境开启DHCP 不验证
- void指针(void *的用法)
- 转载 关于程序员的人生思考
- 网页表单提交到mysql数据库里中文乱码
- arcgis中字段的说明
- 蓝桥杯 ALGO-84大小写转换
- 欢迎使用CSDN-markdown编辑器