SpringMVC与shiro的整合
来源:互联网 发布:把网站生成app源码 编辑:程序博客网 时间:2024/06/05 08:09
好久没有写过博客了,之前有好几篇想记录下来的,但是拖着拖着,就不了了之了。这次趁印象还很深刻,记录下Springmvc与shiro的整合过程,方便以后学习。
首先,来看下pom.xml。
[html] view plain copy print?
- <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <groupId>com.lora</groupId>
- <artifactId>test</artifactId>
- <packaging>war</packaging>
- <version>0.0.1-SNAPSHOT</version>
- <name>test Maven Webapp</name>
- <url>http://maven.apache.org</url>
- <dependencies>
- <!-- Spring -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context</artifactId>
- <version>4.2.4.RELEASE</version>
- </dependency>
- <!-- SpringMVC -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- <version>4.2.4.RELEASE</version>
- </dependency>
- <!-- 事务传播 -->
- <dependency>
- <groupId>org.aspectj</groupId>
- <artifactId>aspectjweaver</artifactId>
- <version>1.8.2</version>
- </dependency>
- <!-- jstl标签 -->
- <dependency>
- <groupId>jstl</groupId>
- <artifactId>jstl</artifactId>
- <version>1.2</version>
- </dependency>
- <dependency>
- <groupId>taglibs</groupId>
- <artifactId>standard</artifactId>
- <version>1.1.2</version>
- </dependency>
- <!-- SpringJDBC -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-jdbc</artifactId>
- <version>4.0.3.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>mysql</groupId>
- <artifactId>mysql-connector-java</artifactId>
- <version>5.1.30</version>
- </dependency>
- <!-- servlet -->
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <version>3.0.1</version>
- </dependency>
- <!-- shiro start-->
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- <version>1.2.4</version>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-spring</artifactId>
- <version>1.2.3</version>
- </dependency>
- <!-- shiro end -->
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-simple</artifactId>
- <version>1.7.7</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
- <build>
- <finalName>test</finalName>
- </build>
- </project>
这里添加了spring、SpringMVC、shiro的整合所依赖的jar包,里面还涉及到了SpringJDBC。可以根据自己的项目需要,摘取自己想要的Maven依赖。
添加完依赖,我们需要在web.xml配置shiro的过滤器
[html] view plain copy print?
- <?xml version="1.0" encoding="UTF-8"?>
- <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
- http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
- <!-- Web容器加载顺序ServletContext-context-param-listener-filter-servlet -->
- <!-- 指定Spring的配置文件 -->
- <!-- 否则Spring会默认从WEB-INF下寻找配置文件,contextConfigLocation属性是Spring内部固定的 -->
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring/applicationContext*.xml</param-value>
- </context-param>
- <!-- 实例化Spring容器 -->
- <!-- 应用启动时,该监听器被执行,它会读取Spring相关配置文件,其默认会到WEB-INF中查找applicationContext.xml -->
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
- <!-- shiro权限过滤 (此配置一定要在别的配置之前) -->
- <filter>
- <filter-name>shiroFilter</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- <init-param>
- <param-name>targetFilterLifecycle</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>shiroFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <servlet>
- <servlet-name>springMVC</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <init-param>
- <param-name>contextConfigLocation</param-name>
- <!-- <param-value>classpath*:spring-context.xml</param-value> -->
- <param-value>WEB-INF/spring/spring-mvc.xml</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>springMVC</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
- <filter>
- <filter-name>encodingFilter</filter-name>
- <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
- <init-param>
- <param-name>encoding</param-name>
- <param-value>UTF-8</param-value>
- </init-param>
- <init-param>
- <param-name>forceEncoding</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
- <filter-mapping>
- <filter-name>encodingFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- 默认欢迎页 -->
- <!-- 这里使用了SpringMVC提供的<mvc:view-controller>标签,实现了首页隐藏的目的,详见applicationContext.xml -->
- <welcome-file-list>
- <welcome-file>login.jsp</welcome-file>
- </welcome-file-list>
- </web-app>
最后我们来看看shiro的配置文件
[html] view plain copy print?
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
- <description>Shiro 配置</description>
- <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
- <property name="securityManager" ref="securityManager"/>
- <property name="loginUrl" value="/login"/>
- <property name="successUrl" value="/"/>
- <property name="unauthorizedUrl" value="/static/no-permission.jsp"/>
- <property name="filters">
- <util:map>
- </util:map>
- </property>
- <!-- 读取自定义权限内容-->
- <property name="filterChainDefinitions">
- <value>
- <!-- /shiro-cas = casFilter -->
- /record/** =authc
- /login = anon
- /static/** = anon
- /static/no-permission.jsp = anon
- </value>
- </property>
- </bean>
- <bean id="myRealm" class="com.lora.shiro.myRealm">
- </bean>
- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
- <!-- 设置自定义realm ref="myRealm" -->
- <property name="realms" ref="myRealm"/>
- </bean>
- <!--
- <bean
- class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
- <property name="staticMethod"
- value="org.apache.shiro.SecurityUtils.setSecurityManager" />
- <property name="arguments" ref="securityManager" />
- </bean>
- <bean
- class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
- <property name="securityManager" ref="securityManager" />
- </bean> -->
- </beans>
[java] view plain copy print?
- package com.lora.shiro;
- import org.apache.shiro.SecurityUtils;
- import org.apache.shiro.authc.AuthenticationException;
- import org.apache.shiro.authc.AuthenticationInfo;
- import org.apache.shiro.authc.AuthenticationToken;
- import org.apache.shiro.authc.SimpleAuthenticationInfo;
- import org.apache.shiro.authc.UsernamePasswordToken;
- import org.apache.shiro.authz.AuthorizationInfo;
- import org.apache.shiro.authz.SimpleAuthorizationInfo;
- import org.apache.shiro.realm.AuthorizingRealm;
- import org.apache.shiro.session.Session;
- import org.apache.shiro.subject.PrincipalCollection;
- public class myRealm extends AuthorizingRealm {
- @Override
- /**
- * 授权信息
- */
- protected AuthorizationInfo doGetAuthorizationInfo(
- PrincipalCollection principals) {
- String username = (String) principals.fromRealm(getName()).iterator()
- .next();
- SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
- if (username != null && "lora".equals(username)) {
- // 添加一个角色,不是配置意义上的添加,而是证明该用户拥有admin角色
- simpleAuthorInfo.addRole("admin");
- // 添加权限
- simpleAuthorInfo.addStringPermission("admin:manage");
- System.out.println("已为用户[lora]赋予了[admin]角色和[admin:manage]权限");
- return simpleAuthorInfo;
- }
- // 若该方法什么都不做直接返回null的话,就会导致任何用户访问都会自动跳转到unauthorizedUrl指定的地址
- return null;
- }
- /**
- * 认证信息
- */
- @Override
- protected AuthenticationInfo doGetAuthenticationInfo(
- AuthenticationToken authcToken) throws AuthenticationException {
- UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
- String userName = token.getUsername();
- //此处无需比对,比对的逻辑Shiro会做,我们只需返回一个和令牌相关的正确的验证信息
- //说白了就是第一个参数填登录用户名,第二个参数填合法的登录密码(可以是从数据库中取到的,本例中为了演示就硬编码了)
- if ("lora".equals(token.getUsername())) {
- AuthenticationInfo authcInfo = new SimpleAuthenticationInfo("lora", "lora", this.getName());
- // 将用户保存在SESSION回话中
- Session session = SecurityUtils.getSubject().getSession();
- session.setAttribute("currentUser", "lora");
- return authcInfo;
- }
- return null;
- }
- }
最后附上Springmvc的配置文件spring-mvc.xml
[html] view plain copy print?
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:mvc="http://www.springframework.org/schema/mvc"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
- http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">
- <context:component-scan base-package="com.lora"></context:component-scan>
- <mvc:annotation-driven></mvc:annotation-driven>
- <bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
- <property name="viewClass"
- value="org.springframework.web.servlet.view.JstlView" />
- <property name="prefix" value="/WEB-INF/views" />
- <property name="suffix" value=".jsp" />
- </bean>
- </beans>
0 0
- SpringMVC与shiro的整合
- shiro与springMVC的整合
- SpringMVC与shiro的整合
- shiro与springMVC整合
- SpringMvc-Httl-shiro的整合
- SpringMVC整合Shiro与filterChainDefinitions过滤器配置
- 【Spring shiro】Spring与Shiro的整合
- 关于shiro+springMVC整合使用的问题
- Springmvc整合shiro安全框架的教程
- SpringMvc+MyBatis+Shiro整合,shiro的realm不能注入Bean
- shiro学习:shiro整合SpringMVC的web项目
- SpringMVC整合Shiro
- SpringMVC整合Shiro
- SpringMVC整合shiro
- SpringMVC整合Shiro
- SpringMVC整合Shiro
- SpringMVC整合Shiro
- SpringMVC整合Shiro
- Factory(工厂模式)
- python爬虫获取编码时中文乱码问题
- Java 集合枚举泛型(一)
- 题目1183:守形数 九度OJ
- SVN使用出现由于计算机积极拒绝,无法连接的问题
- SpringMVC与shiro的整合
- IntelliJ IDEA 教程
- java中随机数的生成
- 读书笔记之设计模式(工厂模式)
- Spring最简单的配置
- HRBUST 1012 Catch That Cow (BFS)
- web项目做外网端口映射
- ASN.1探索 - 1 简介(转)
- 400 Bad request 一例