SpringMVC与shiro的整合

好久没有写过博客了，之前有好几篇想记录下来的，但是拖着拖着，就不了了之了。这次趁印象还很深刻，记录下Springmvc与shiro的整合过程，方便以后学习。

首先，来看下pom.xml。

[html] view plain copy

 print?

1. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
2.     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">  
3.     <modelVersion>4.0.0</modelVersion>  
4.     <groupId>com.lora</groupId>  
5.     <artifactId>test</artifactId>  
6.     <packaging>war</packaging>  
7.     <version>0.0.1-SNAPSHOT</version>  
8.     <name>test Maven Webapp</name>  
9.     <url>http://maven.apache.org</url>  
10.     <dependencies>  
11.         <!-- Spring -->  
12.         <dependency>  
13.             <groupId>org.springframework</groupId>  
14.             <artifactId>spring-context</artifactId>  
15.             <version>4.2.4.RELEASE</version>  
16.         </dependency>  
17.   
18.         <!-- SpringMVC -->  
19.         <dependency>  
20.             <groupId>org.springframework</groupId>  
21.             <artifactId>spring-webmvc</artifactId>  
22.             <version>4.2.4.RELEASE</version>  
23.         </dependency>  
24.           
25.         <!-- 事务传播 -->  
26.         <dependency>  
27.             <groupId>org.aspectj</groupId>  
28.             <artifactId>aspectjweaver</artifactId>  
29.             <version>1.8.2</version>  
30.         </dependency>  
31.   
32.         <!-- jstl标签 -->  
33.         <dependency>  
34.             <groupId>jstl</groupId>  
35.             <artifactId>jstl</artifactId>  
36.             <version>1.2</version>  
37.         </dependency>  
38.         <dependency>  
39.             <groupId>taglibs</groupId>  
40.             <artifactId>standard</artifactId>  
41.             <version>1.1.2</version>  
42.         </dependency>  
43.   
44.         <!-- SpringJDBC -->  
45.         <dependency>  
46.             <groupId>org.springframework</groupId>  
47.             <artifactId>spring-jdbc</artifactId>  
48.             <version>4.0.3.RELEASE</version>  
49.         </dependency>  
50.   
51.         <dependency>  
52.             <groupId>mysql</groupId>  
53.             <artifactId>mysql-connector-java</artifactId>  
54.             <version>5.1.30</version>  
55.         </dependency>  
56.           
57.         <!-- servlet -->  
58.         <dependency>  
59.             <groupId>javax.servlet</groupId>  
60.             <artifactId>javax.servlet-api</artifactId>  
61.             <version>3.0.1</version>  
62.         </dependency>  
63.   
64.         <!-- shiro start-->  
65.         <dependency>  
66.           <groupId>org.apache.shiro</groupId>  
67.           <artifactId>shiro-core</artifactId>  
68.           <version>1.2.4</version>  
69.         </dependency>  
70.           
71.         <dependency>  
72.             <groupId>org.apache.shiro</groupId>  
73.             <artifactId>shiro-spring</artifactId>  
74.             <version>1.2.3</version>  
75.         </dependency>  
76.         <!-- shiro end -->  
77.           
78.            <dependency>  
79.                     <groupId>org.slf4j</groupId>  
80.                     <artifactId>slf4j-simple</artifactId>  
81.                     <version>1.7.7</version>  
82.                     <scope>test</scope>  
83.                </dependency>  
84.          
85.     </dependencies>  
86.   
87.   
88.     <build>  
89.         <finalName>test</finalName>  
90.     </build>  
91. </project>  

这里添加了spring、SpringMVC、shiro的整合所依赖的jar包，里面还涉及到了SpringJDBC。可以根据自己的项目需要，摘取自己想要的Maven依赖。

添加完依赖，我们需要在web.xml配置shiro的过滤器

[html] view plain copy

 print?

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
3.     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  
4.           http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"  
5.     version="3.0">  
6.   
7.     <!-- Web容器加载顺序ServletContext-context-param-listener-filter-servlet -->  
8.     <!-- 指定Spring的配置文件 -->  
9.     <!-- 否则Spring会默认从WEB-INF下寻找配置文件,contextConfigLocation属性是Spring内部固定的 -->  
10.     <context-param>  
11.         <param-name>contextConfigLocation</param-name>  
12.         <param-value>/WEB-INF/spring/applicationContext*.xml</param-value>  
13.     </context-param>  
14.       
15.     <!-- 实例化Spring容器 -->  
16.     <!-- 应用启动时,该监听器被执行,它会读取Spring相关配置文件,其默认会到WEB-INF中查找applicationContext.xml -->  
17.     <listener>  
18.         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
19.     </listener>  
20.       
21.     <!-- shiro权限过滤 (此配置一定要在别的配置之前) -->  
22.         <filter>  
23.         <filter-name>shiroFilter</filter-name>  
24.         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
25.         <init-param>  
26.             <param-name>targetFilterLifecycle</param-name>  
27.             <param-value>true</param-value>  
28.         </init-param>  
29.     </filter>  
30.     <filter-mapping>  
31.         <filter-name>shiroFilter</filter-name>  
32.         <url-pattern>/*</url-pattern>  
33.     </filter-mapping>  
34.      
35.   
36.     <servlet>  
37.         <servlet-name>springMVC</servlet-name>  
38.         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>  
39.         <init-param>  
40.             <param-name>contextConfigLocation</param-name>  
41.             <!-- <param-value>classpath*:spring-context.xml</param-value> -->  
42.             <param-value>WEB-INF/spring/spring-mvc.xml</param-value>  
43.         </init-param>  
44.         <load-on-startup>1</load-on-startup>  
45.     </servlet>  
46.     <servlet-mapping>  
47.         <servlet-name>springMVC</servlet-name>  
48.         <url-pattern>/</url-pattern>  
49.     </servlet-mapping>  
50.       
51.       
52.     <filter>  
53.         <filter-name>encodingFilter</filter-name>  
54.         <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>  
55.         <init-param>  
56.             <param-name>encoding</param-name>  
57.             <param-value>UTF-8</param-value>  
58.         </init-param>  
59.         <init-param>  
60.             <param-name>forceEncoding</param-name>  
61.             <param-value>true</param-value>  
62.         </init-param>  
63.     </filter>  
64.     <filter-mapping>  
65.         <filter-name>encodingFilter</filter-name>  
66.         <url-pattern>/*</url-pattern>  
67.     </filter-mapping>  
68.   
69.   
70.   
71.     <!-- 默认欢迎页 -->  
72.     <!-- 这里使用了SpringMVC提供的<mvc:view-controller>标签,实现了首页隐藏的目的,详见applicationContext.xml -->  
73.     <welcome-file-list>  
74.         <welcome-file>login.jsp</welcome-file>  
75.     </welcome-file-list>  
76.   
77. </web-app>  

这里需要强调一点，shiro的权限过滤需要放在别的配置之前，否则会不起作用。

最后我们来看看shiro的配置文件

[html] view plain copy

 print?

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <beans xmlns="http://www.springframework.org/schema/beans"  
3.        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
4.        xmlns:util="http://www.springframework.org/schema/util"  
5.        xsi:schemaLocation="    
6.        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd    
7.        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">  
8.   
9.     <description>Shiro 配置</description>  
10.   
11.      <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
12.         <property name="securityManager" ref="securityManager"/>  
13.         <property name="loginUrl" value="/login"/>  
14.         <property name="successUrl" value="/"/>  
15.         <property name="unauthorizedUrl" value="/static/no-permission.jsp"/>  
16.         <property name="filters">  
17.             <util:map>  
18.           
19.             </util:map>  
20.         </property>  
21.   
22.         <!-- 读取自定义权限内容-->  
23.         <property name="filterChainDefinitions">  
24.             <value>  
25.                 <!-- /shiro-cas = casFilter -->  
26.                 /record/** =authc  
27.                 /login = anon  
28.                 /static/** = anon  
29.                 /static/no-permission.jsp = anon  
30.             </value>  
31.         </property>  
32.     </bean>  
33.       
34.      <bean id="myRealm" class="com.lora.shiro.myRealm">  
35.     </bean>  
36.   
37.   
38.     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">  
39.        <!--  设置自定义realm  ref="myRealm" -->  
40.         <property name="realms" ref="myRealm"/>    
41.     </bean>  
42. <!--  
43.     <bean  
44.         class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">  
45.         <property name="staticMethod"  
46.             value="org.apache.shiro.SecurityUtils.setSecurityManager" />  
47.         <property name="arguments" ref="securityManager" />  
48.     </bean>  
49.   
50.     <bean  
51.         class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">  
52.         <property name="securityManager" ref="securityManager" />  
53.     </bean> -->  
54.           
55. </beans>    

myRealm.java

[java] view plain copy

 print?

1.  package com.lora.shiro;  
2.   
3. import org.apache.shiro.SecurityUtils;  
4. import org.apache.shiro.authc.AuthenticationException;  
5. import org.apache.shiro.authc.AuthenticationInfo;  
6. import org.apache.shiro.authc.AuthenticationToken;  
7. import org.apache.shiro.authc.SimpleAuthenticationInfo;  
8. import org.apache.shiro.authc.UsernamePasswordToken;  
9. import org.apache.shiro.authz.AuthorizationInfo;  
10. import org.apache.shiro.authz.SimpleAuthorizationInfo;  
11. import org.apache.shiro.realm.AuthorizingRealm;  
12. import org.apache.shiro.session.Session;  
13. import org.apache.shiro.subject.PrincipalCollection;  
14.   
15. public class myRealm extends AuthorizingRealm {  
16.   
17.     @Override  
18.     /** 
19.      * 授权信息 
20.      */  
21.     protected AuthorizationInfo doGetAuthorizationInfo(  
22.             PrincipalCollection principals) {  
23.         String username = (String) principals.fromRealm(getName()).iterator()  
24.                 .next();  
25.         SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();  
26.         if (username != null && "lora".equals(username)) {  
27.             // 添加一个角色,不是配置意义上的添加,而是证明该用户拥有admin角色  
28.             simpleAuthorInfo.addRole("admin");  
29.             // 添加权限  
30.             simpleAuthorInfo.addStringPermission("admin:manage");  
31.             System.out.println("已为用户[lora]赋予了[admin]角色和[admin:manage]权限");  
32.             return simpleAuthorInfo;  
33.         }  
34.         // 若该方法什么都不做直接返回null的话,就会导致任何用户访问都会自动跳转到unauthorizedUrl指定的地址  
35.         return null;  
36.     }  
37.   
38.     /** 
39.      * 认证信息 
40.      */  
41.     @Override  
42.     protected AuthenticationInfo doGetAuthenticationInfo(  
43.             AuthenticationToken authcToken) throws AuthenticationException {  
44.         UsernamePasswordToken token = (UsernamePasswordToken) authcToken;  
45.         String userName = token.getUsername();  
46.         //此处无需比对,比对的逻辑Shiro会做,我们只需返回一个和令牌相关的正确的验证信息    
47.         //说白了就是第一个参数填登录用户名,第二个参数填合法的登录密码(可以是从数据库中取到的,本例中为了演示就硬编码了)   
48.         if ("lora".equals(token.getUsername())) {  
49.             AuthenticationInfo authcInfo = new SimpleAuthenticationInfo("lora", "lora", this.getName());    
50.             // 将用户保存在SESSION回话中  
51.             Session session = SecurityUtils.getSubject().getSession();  
52.             session.setAttribute("currentUser", "lora");  
53.             return authcInfo;    
54.         }  
55.         return null;  
56.     }  
57.   
58. }  

最后附上Springmvc的配置文件spring-mvc.xml

[html] view plain copy

 print?

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <beans xmlns="http://www.springframework.org/schema/beans"  
3.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
4.     xmlns:context="http://www.springframework.org/schema/context"  
5.     xmlns:mvc="http://www.springframework.org/schema/mvc"  
6.     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd  
7.         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd  
8.         http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">  
9.            
10.     <context:component-scan base-package="com.lora"></context:component-scan>  
11.        
12.     <mvc:annotation-driven></mvc:annotation-driven>  
13.        
14.     <bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">  
15.         <property name="viewClass"  
16.             value="org.springframework.web.servlet.view.JstlView" />  
17.         <property name="prefix" value="/WEB-INF/views" />  
18.         <property name="suffix" value=".jsp" />  
19.     </bean>  
20. </beans>