SpringMVC+maven
项目需要使用shiro,所以自学了几天,仅提供给新手,请根据文档查看…该项目仅是测试项目,并不完善,只实现了需要使用的基本功能,并且只提供了使用shiro模块的代码。楼主新人第一次写,如有问题希望能提出来,由衷的感谢。
首先是pom.xml:
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.0</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.0</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.0</version></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.2.0</version></dependency>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
以下是web.xml配置:
<filter> <filter-name>shiroFilter</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param></filter><filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
以下是shiro的配置:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm" /> </bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> </bean> <bean id="myRealm" class="com.renai.shop.service.admin.AuthenticationRealm"> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login/gotoLogin.html" /> <property name="unauthorizedUrl" value="/unauthorized.jsp" /> <property name="filterChainDefinitions"> <value> /login/gotoLogin.html = anon /login/login.html = anon /login/** = authc /sys/** = authc </value> </property> </bean></beans>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
以下是自定义的Realm类:
package com.renai.shop.service.adminimport java.util.HashSetimport java.util.Listimport java.util.Setimport org.apache.commons.lang3.StringUtilsimport org.apache.shiro.authc.AuthenticationExceptionimport org.apache.shiro.authc.AuthenticationInfoimport org.apache.shiro.authc.AuthenticationTokenimport org.apache.shiro.authc.SimpleAuthenticationInfoimport org.apache.shiro.authc.UnknownAccountExceptionimport org.apache.shiro.authc.UsernamePasswordTokenimport org.apache.shiro.authz.AuthorizationInfoimport org.apache.shiro.authz.SimpleAuthorizationInfoimport org.apache.shiro.realm.AuthorizingRealmimport org.apache.shiro.subject.PrincipalCollectionimport org.springframework.beans.factory.annotation.Autowiredimport com.renai.shop.dao.mapper.SysDictionaryMapperimport com.renai.shop.model.admin.AdmPermissionimport com.renai.shop.model.admin.AdmRoleimport com.renai.shop.model.admin.AdmUserInfopublic class AuthenticationRealm extends AuthorizingRealm { @Autowired private SysDictionaryMapper sysDictionaryMapper @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) throws AuthenticationException{ System.out.println("--------------------------doGetAuthorizationInfo--------------------------") //获取用户名 String userName = (String) getAvailablePrincipal(principals) SimpleAuthorizationInfo info = null if (StringUtils.isNotBlank(userName)) { //按照用户名查询 AdmUserInfo userInfo = sysDictionaryMapper.getUserInfoByUserName(userName) if (userInfo != null) { //获取用户的角色,并保存,过滤角色时使用 List<AdmRole> roles = userInfo.getRoles() Set<String> roleNames = new HashSet<String>() Set<String> permissions = new HashSet<String>() for (AdmRole role : roles) { roleNames.add(role.getName()) //获取角色的权限,并保存,过滤权限时使用 for (AdmPermission permission : role.getPermissions()) { permissions.add(permission.getOperation()) } } //保存角色和权限 info = new SimpleAuthorizationInfo(roleNames) info.setStringPermissions(permissions) } } else { System.out.println("--------------------------用户名不能为空!--------------------------") } return info } @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { System.out.println("--------------------------doGetAuthenticationInfo--------------------------") //获取登录用户的信息 UsernamePasswordToken upToken = (UsernamePasswordToken)token SimpleAuthenticationInfo info = null String userName = upToken.getUsername() String passWord = String.valueOf(upToken.getPassword()) AdmUserInfo userInfo = sysDictionaryMapper.login(userName, passWord) if (userInfo == null) { //抛出的异常在LoginController中处理 throw new UnknownAccountException("用户名或密码错误") } try { info = new SimpleAuthenticationInfo(userName, passWord, getName()) } catch (Exception e) { throw new AuthenticationException("验证失败", e) } return info }}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
登录Controller:
package com.renai.shop.admin.controllerimport java.util.Listimport javax.servlet.http.HttpServletRequestimport javax.servlet.http.HttpServletResponseimport org.apache.commons.lang3.StringUtilsimport org.apache.ibatis.annotations.Paramimport org.apache.shiro.SecurityUtilsimport org.apache.shiro.authc.AuthenticationExceptionimport org.apache.shiro.authc.IncorrectCredentialsExceptionimport org.apache.shiro.authc.UnknownAccountExceptionimport org.apache.shiro.authc.UsernamePasswordTokenimport org.apache.shiro.subject.Subjectimport org.springframework.beans.factory.annotation.Autowiredimport org.springframework.stereotype.Controllerimport org.springframework.ui.ModelMapimport org.springframework.web.bind.annotation.RequestMappingimport org.springframework.web.bind.annotation.ResponseBodyimport com.renai.shop.filter.admin.AdmMenuFilterimport com.renai.shop.model.admin.AdmMenuimport com.renai.shop.model.admin.AdmUserInfoimport com.renai.shop.service.admin.api.ISysDictionaryService@RequestMapping(value = "/login")@Controllerpublic class LoginController { @Autowired private ISysDictionaryService sysDictionaryService @RequestMapping(value = "/gotoLogin.html") public String goToLogin(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap) { return "login" } @RequestMapping(value = "/login.html") @ResponseBody public String login(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap, @Param(value = "username") String username, @Param(value = "password") String password) { UsernamePasswordToken token = new UsernamePasswordToken(username, password) Subject subject = SecurityUtils.getSubject() try { //调用AuthenticationRealm的doGetAuthenticationInfo subject.login(token) } catch (UnknownAccountException ex) { System.out.println("用户名没有找到" + ex.toString()) return "error" } catch (IncorrectCredentialsException ex) { System.out.println("用户名密码不匹配" + ex.toString()) return "error" } catch (AuthenticationException e) { System.out.println("其他的登录错误" + e.toString()) return "error" } catch (Exception e) { System.out.println("登陆失败" + e.toString()) return "error" } // 记住令牌 token.setRememberMe(true) return "success" } @RequestMapping(value = "/goToIndex.html") public String goToIndex(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap) { Subject subject = SecurityUtils.getSubject() String userName = subject.getPrincipal().toString() if (StringUtils.isNotBlank(userName)) { AdmUserInfo userInfo = sysDictionaryService.getUserInfoByUserName(userName) if (userInfo != null ) { AdmMenuFilter filter = new AdmMenuFilter() filter.setMenuType(1) if (userInfo.getRoles().size() > 0) { //按照角色获取用户的菜单 List<AdmMenu> menuList = sysDictionaryService .selectMenuByRolesId(userInfo.getAdmUserRoleInfos(), filter) request.getSession().setAttribute("menuList", menuList) } } } return "index" } @RequestMapping(value = "/goToDefault.html") public String goToDefault(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap) { return "default" } @RequestMapping(value = "/logout.html") public String logout(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap) { Subject subject = SecurityUtils.getSubject() subject.logout() return "login" }}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
系统Controller:
package com.renai.shop.admin.controllerimport java.util.Listimport javax.servlet.http.HttpServletRequestimport javax.servlet.http.HttpServletResponseimport org.apache.commons.lang3.StringUtilsimport org.apache.ibatis.annotations.Paramimport org.apache.shiro.SecurityUtilsimport org.apache.shiro.subject.Subjectimport org.springframework.beans.factory.annotation.Autowiredimport org.springframework.stereotype.Controllerimport org.springframework.ui.ModelMapimport org.springframework.web.bind.annotation.RequestMappingimport com.renai.shop.filter.admin.AdmMenuFilterimport com.renai.shop.model.admin.AdmMenuimport com.renai.shop.model.admin.AdmUserInfoimport com.renai.shop.service.admin.api.ISysDictionaryService@RequestMapping(value = "/sys")@Controllerpublic class SysController { @Autowired private ISysDictionaryService sysDictionaryService @RequestMapping(value = "/getMenuByParent.html") public String getMenuByParent(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap, @Param(value = "parentId") int parentId) { Subject subject = SecurityUtils.getSubject() String userName = subject.getPrincipal().toString() if (StringUtils.isNotBlank(userName)) { AdmUserInfo userInfo = sysDictionaryService.getUserInfoByUserName(userName) if (userInfo != null) { AdmMenuFilter filter = new AdmMenuFilter() filter.setMenuType(2) filter.setParentId(parentId) // 查询权限 if (userInfo.getRoles().size() > 0) { List<AdmMenu> thirdMenuList = sysDictionaryService .selectMenuByRolesId(userInfo.getAdmUserRoleInfos(), filter) request.getSession().setAttribute("thirdMenuList", thirdMenuList) } } } return "ajax/ajaxGetMenu" }}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
以下是页面:
使用shiro的标签需要引用:
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
以下是按照登录时保存的权限显示按钮
<div class="tools"> <ul class="toolbar"> <shiro:hasPermission name="add"> <li class="click" onclick="add()"><span><img src="${ctx}/skin/images/t01.png"></span>添加</li> </shiro:hasPermission> <shiro:hasPermission name="update"> <li class="click" onclick="update()"><span><img src="${ctx}/skin/images/t02.png"></span>修改</li> </shiro:hasPermission> <shiro:hasPermission name="delete"> <li onclick="deletes()"><span><img src="${ctx}/skin/images/t03.png"></span>删除</li> </shiro:hasPermission> </ul></div>
以下是项目数据
表
菜单表
角色表
权限表
![这里写图片描述](http://img.blog.csdn.net/20150615203335163)
以下是项目页面部分截图
第一个是“boos”角色登陆
![这里写图片描述](http://img.blog.csdn.net/20150615201506597)
第二个是“manager”角色登陆
![这里写图片描述](http://img.blog.csdn.net/20150615201549126)
第三个是“admin”角色登陆
![这里写图片描述](http://img.blog.csdn.net/20150615201618499)