shiro-06
2018-11-03 17:12 crow! 阅读(153) 评论(0) 编辑 收藏 举报输据库认证
Member.java
package cn.mldn.vo; import java.io.Serializable; public class Member implements Serializable { private String mid ; private String name ; private String password ; public String getMid() { return mid; } public void setMid(String mid) { this.mid = mid; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
MemberLoginService.java
package cn.mldn.service; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.HashSet; import java.util.Set; import cn.mldn.vo.Member; public class MemberLoginService { private Connection conn ; private static final String DBDRIVER = "org.git.mm.mysql.Driver" ; private static final String DBURL = "jdbc:mysql://192.168.42.3:3306/shirodb" ; private static final String DBUSER = "ROOT" ; private static final String PASSWORD = "mysqladmin" ; private PreparedStatement pstmt = null ; public MemberLoginService () { this.connectDataBase(); } public Member get (String username) { Member vo = null ; try { String sql = "SELECT mid , password FROM member WHERE mid=?" ; this.pstmt = this.conn.prepareStatement(sql); this.pstmt.setString(1, username); ResultSet rs = this.pstmt.executeQuery(); if (rs.next()) { vo = new Member() ; vo.setMid(rs.getString(1)); vo.setPassword(rs.getString(2)); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return vo ; } /** * SELECT flag FROM role WHERE rid IN ( * SELECT rid FROM member_role WHERE mid=? ) */ public Set<String> listRolesByMember(String mid) { Set<String> allRoles = new HashSet<String>() ; String sql = " SELECT flag FROM role WHERE rid IN ( SELECT rid FROM member_role WHERE mid=? )" ; try { this.pstmt = this.conn.prepareStatement(sql) ; this.pstmt.setString(1, mid); ResultSet rs = this.pstmt.executeQuery() ; while(rs.next()){ allRoles.add(rs.getString(1)) ; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return allRoles; } /** * * @param mid * @return */ public Set<String> listActionsByMember(String mid) { Set<String> allActions = new HashSet<String>() ; String sql = " SELECT flag FROM action WHERE actid IN ( SELECT actid FROM role_action WHERE rid in (" + "SELECT rid FROM member_role WHERE mid=?" + ") )" ; try { this.pstmt = this.conn.prepareStatement(sql) ; this.pstmt.setString(1, mid); ResultSet rs = this.pstmt.executeQuery() ; while(rs.next()){ allActions.add(rs.getString(1)) ; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return allActions; } public void close() { if(this.conn != null){ try { this.conn.close(); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } } } private void connectDataBase(){ try { Class.forName(DBDRIVER); this.conn = DriverManager.getConnection(DBURL,DBUSER,PASSWORD); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } }
MyRealm.java
package cn.mldn.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.SimpleAccount; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import cn.mldn.service.MemberLoginService; import cn.mldn.vo.Member; public class MyRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("*********** 1、用户登录认证操作的处理 doGetAuthenticationInfo ***********"); // 登录认证的方法先执行,需要用它来判断登录的用户信息是否合法 String username = (String) token.getPrincipal() ; // 取得用户名 MemberLoginService service = new MemberLoginService() ; Member vo = service.get(username) ; // 取得的是用户的信息 service.close(); if (vo == null) { throw new UnknownAccountException("该用户不存在!"); } else { //进心密码验证处理 String password = new String((char []) token.getCredentials()); // 将数据库中的密码与输入的密码进行比较,这样就可以确定当前用户是否可以正常的登录了。 if(vo.getPassword().equals(password)) { AuthenticationInfo auth = new SimpleAuthenticationInfo(username,password,"memberRealm"); return auth ; } else { throw new IncorrectCredentialsException("密码错误"); } } } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("*********** 2、用户角色与权限 doGetAuthorizationInfo ***********"); String username = (String) principals.getPrimaryPrincipal() ; // 取得用户名 SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo() ; // 定义授权信息的返回处理 MemberLoginService service = new MemberLoginService() ; auth.setRoles(service.listRolesByMember(username)); // 所有的角色必须以set集合出现 auth.setStringPermissions(service.listActionsByMember(username)); service.close(); return null; } }
数据库创建脚本
CREATE DATABASE shirodb CHARACTER SET UTF8 ; USE shirodb ; DROP TABLE member ; CREATE TABLE member ( mid VARCHAR(50) , password VARCHAR(50) , name VARCHAR(50) , locked INT , CONSTRAINT pk_mid PRIMARY KEY (mid) ) ; CREATE TABLE role ( rid INT AUTO_INCREMENT , title VARCHAR(50) , flag VARCHAR(50) , CONSTRAINT pk_rid PRIMARY KEY (rid) ) ; CREATE TABLE member_role ( mid VARCHAR(50) , rid INT , CONSTRAINT fk_mid1 FOREIGN KEY(mid) REFERENCES member(mid) , CONSTRAINT fd_rid FOREIGN KEY(rid) REFERENCES role(rid) ) ; CREATE TABLE action ( actid INT AUTO_INCREMENT , title VARCHAR(50) , flag VARCHAR(50) , CONSTRAINT pk_actid PRIMARY KEY (actid) ) ; CREATE TABLE role_action ( rid INT , actid INT , CONSTRAINT fk_rid6 FOREIGN KEY(rid) REFERENCES role(rid), CONSTRAINT fd_actid6 FOREIGN KEY(actid) REFERENCES action(actid) ) ;
shiro.ini
[main] jdbcRealm=cn.mldn.realm.MyRealm securityManager.realms=$jdbcRealm
