SpringMVC+Shiro权限管理
使用SHIRO的步骤:
1,导入jar
2,配置web.xml
3,建立dbRelm
4,在Spring中配置
pom.xml中配置如下:
1 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0http://maven.apache.org/maven-v4_0_0.xsd">
3 <modelVersion>4.0.0</modelVersion>
4 <groupId>com.hyx</groupId>
5 <artifactId>springmvc</artifactId>
6 <packaging>war</packaging>
7 <version>0.0.1-SNAPSHOT</version>
8 <name>springmvc Maven Webapp</name>
9 <url>http://maven.apache.org</url>
10 <dependencies>
11 <dependency>
12 <groupId>junit</groupId>
13 <artifactId>junit</artifactId>
14 <version>3.8.1</version>
15 <scope>test</scope>
16 </dependency>
17 <!-- SpringMVC核心jar -->
18 <dependency>
19 <groupId>org.springframework</groupId>
20 <artifactId>spring-webmvc</artifactId>
21 <version>3.2.4.RELEASE</version>
22 </dependency>
23 <!-- springmvc连接数据库需要的jar -->
24 <dependency>
25 <groupId>org.springframework</groupId>
26 <artifactId>spring-jdbc</artifactId>
27 <version>3.2.4.RELEASE</version>
28 </dependency>
29 <dependency>
30 <groupId>org.springframework</groupId>
31 <artifactId>spring-orm</artifactId>
32 <version>3.2.4.RELEASE</version>
33 </dependency>
34 <!--************************************ -->
35 <!-- Hibernate相关jar -->
36 <dependency>
37 <groupId>org.hibernate</groupId>
38 <artifactId>hibernate-core</artifactId>
39 <version>4.2.5.Final</version>
40 </dependency>
41 <dependency>
42 <groupId>org.hibernate</groupId>
43 <artifactId>hibernate-ehcache</artifactId>
44 <version>4.2.5.Final</version>
45 </dependency>
46 <dependency>
47 <groupId>net.sf.ehcache</groupId>
48 <artifactId>ehcache</artifactId>
49 <version>2.7.2</version>
50 </dependency>
51 <dependency>
52 <groupId>commons-dbcp</groupId>
53 <artifactId>commons-dbcp</artifactId>
54 <version>1.4</version>
55 </dependency>
56 <dependency>
57 <groupId>mysql</groupId>
58 <artifactId>mysql-connector-java</artifactId>
59 <version>5.1.26</version>
60 </dependency>
61 <!-- javax提供的annotation -->
62 <dependency>
63 <groupId>javax.inject</groupId>
64 <artifactId>javax.inject</artifactId>
65 <version>1</version>
66 </dependency>
67 <!-- ****************************-->
68
69 <!-- hibernate验证 -->
70 <dependency>
71 <groupId>org.hibernate</groupId>
72 <artifactId>hibernate-validator</artifactId>
73 <version>5.0.1.Final</version>
74 </dependency>
75 <!-- 用于对@ResponseBody注解的支持 -->
76 <dependency>
77 <groupId>org.codehaus.jackson</groupId>
78 <artifactId>jackson-mapper-asl</artifactId>
79 <version>1.9.13</version>
80 </dependency>
81 <!-- 提供对c标签的支持 -->
82 <dependency>
83 <groupId>javax.servlet</groupId>
84 <artifactId>jstl</artifactId>
85 <version>1.2</version>
86 </dependency>
87 <!-- servlet api -->
88 <dependency>
89 <groupId>javax.servlet</groupId>
90 <artifactId>servlet-api</artifactId>
91 <version>2.5</version>
92 </dependency>
93
94 <!--Apache Shiro所需的jar包-->
95 <dependency>
96 <groupId>org.apache.shiro</groupId>
97 <artifactId>shiro-core</artifactId>
98 <version>1.2.2</version>
99 </dependency>
100 <dependency>
101 <groupId>org.apache.shiro</groupId>
102 <artifactId>shiro-web</artifactId>
103 <version>1.2.2</version>
104 </dependency>
105 <dependency>
106 <groupId>org.apache.shiro</groupId>
107 <artifactId>shiro-spring</artifactId>
108 <version>1.2.2</version>
109 </dependency>
110 </dependencies>
111
112 <build>
113 <finalName>springmvc</finalName>
114 <!-- maven的jetty服务器插件 -->
115 <plugins>
116 <plugin>
117 <groupId>org.mortbay.jetty</groupId>
118 <artifactId>jetty-maven-plugin</artifactId>
119 <configuration>
120 <scanIntervalSeconds>10</scanIntervalSeconds>
121 <webApp>
122 <contextPath>/</contextPath>
123 </webApp>
124 <!-- 修改jetty的默认端口 -->
125 <connectors>
126 <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector">
127 <port>80</port>
128 <maxIdleTime>60000</maxIdleTime>
129 </connector>
130 </connectors>
131 </configuration>
132 </plugin>
133 </plugins>
134 </build>
135 </project>
136 <?xml version="1.0" encoding="UTF-8" ?>
137 <web-app version="2.5"
138 xmlns="http://java.sun.com/xml/ns/javaee"
139 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
140 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
141 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
142 <display-name>Archetype Created Web Application</display-name>
143
144 <!-- spring-orm-hibernate4的OpenSessionInViewFilter-->
145 <filter>
146 <filter-name>opensessioninview</filter-name>
147 <filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
148 </filter>
149 <filter-mapping>
150 <filter-name>opensessioninview</filter-name>
151 <url-pattern>/*</url-pattern>
152 </filter-mapping>
153
154 <!-- 配置springmvc servlet -->
155 <servlet>
156 <servlet-name>springmvc</servlet-name>
157 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
158 <load-on-startup>1</load-on-startup>
159 </servlet>
160 <servlet-mapping>
161 <servlet-name>springmvc</servlet-name>
162 <!-- / 表示所有的请求都要经过此serlvet -->
163 <url-pattern>/</url-pattern>
164 </servlet-mapping>
165
166 <!-- spring的监听器 -->
167 <context-param>
168 <param-name>contextConfigLocation</param-name>
169 <param-value>classpath:applicationContext*.xml</param-value>
170 </context-param>
171 <listener>
172 <listener-class>
173 org.springframework.web.context.ContextLoaderListener
174 </listener-class>
175 </listener>
176
177 <!-- Shiro配置 -->
178 <filter>
179 <filter-name>shiroFilter</filter-name>
180 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
181 </filter>
182 <filter-mapping>
183 <filter-name>shiroFilter</filter-name>
184 <url-pattern>/*</url-pattern>
185 </filter-mapping>
186
187 </web-app>
在spring的配置文件中配置,为了区别spring原配置和shiro我们将shiro的配置独立出来。
applicationContext-shiro.xml
188 <?xml version="1.0" encoding="UTF-8" ?>
189 <beans xmlns="http://www.springframework.org/schema/beans"
190 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
191 xmlns:aop="http://www.springframework.org/schema/aop"
192 xmlns:tx="http://www.springframework.org/schema/tx"
193 xmlns:context="http://www.springframework.org/schema/context"
194 xsi:schemaLocation="
195 http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsd
196 http://www.springframework.org/schema/txhttp://www.springframework.org/schema/tx/spring-tx.xsd
197 http://www.springframework.org/schema/aophttp://www.springframework.org/schema/aop/spring-aop.xsd
198 http://www.springframework.org/schema/contexthttp://www.springframework.org/schema/context/spring-context.xsd">
199
200 <!-- 配置权限管理器 -->
201 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
202 <!-- ref对应我们写的realm MyShiro -->
203 <property name="realm" ref="myShiro"/>
204 <!-- 使用下面配置的缓存管理器 -->
205 <property name="cacheManager" ref="cacheManager"/>
206 </bean>
207
208 <!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->
209 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
210 <!-- 调用我们配置的权限管理器 -->
211 <property name="securityManager" ref="securityManager"/>
212 <!-- 配置我们的登录请求地址 -->
213 <property name="loginUrl" value="/login"/>
214 <!-- 配置我们在登录页登录成功后的跳转地址,如果你访问的是非/login地址,则跳到您访问的地址 -->
215 <property name="successUrl" value="/user"/>
216 <!-- 如果您请求的资源不再您的权限范围,则跳转到/403请求地址 -->
217 <property name="unauthorizedUrl" value="/403"/>
218 <!-- 权限配置 -->
219 <property name="filterChainDefinitions">
220 <value>
221 <!-- anon表示此地址不需要任何权限即可访问 -->
222 /static/**=anon
223 <!-- perms[user:query]表示访问此连接需要权限为user:query的用户 -->
224 /user=perms[user:query]
225 <!-- roles[manager]表示访问此连接需要用户的角色为manager -->
226 /user/add=roles[manager]
227 /user/del/**=roles[admin]
228 /user/edit/**=roles[manager]
229 <!--所有的请求(除去配置的静态资源请求或请求地址为anon的请求)都要通过登录验证,如果未登录则跳到/login-->
230 /** = authc
231 </value>
232 </property>
233 </bean>
234
235
236 <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />
237 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
238
239 </beans>