spring整合shiro
首先要在web.xml中配置shiro的filter
<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
还有在spring的主配置文件中添加配置
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="login.html"/> <!--没有权限跳转的页面--> <property name="unauthorizedUrl" value="403.html"/> <!--过滤链--> <property name="filterChainDefinitions"> <value> /login.html = anon /login.jsp = anon /subLogin.do = anon /bbb.do = roles["admin","admin1"] /ccc.do = roleOr["admin","admin1"] /pages/* = anon /* = authc </value> </property> <property name="filters"> <map> <entry key="roleOr" value-ref="roleOrFilter"/> </map> </property> </bean> <bean id="roleOrFilter" class="com.imooc.filter.roleOrFilter"></bean> <!--创建SecurityManager对象--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="realm"/> </bean> <!--自定义realm--> <bean id="realm" class="com.imooc.realm.CustomRealm"> <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> <!--加密--> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <!--加密算法--> <property name="hashAlgorithmName" value="md5"/> <!--加密的次数--> <property name="hashIterations" value="1"/> </bean>
可以使用shiro自带的realm,也可以使用自定义的
下面是自定义realm:
package com.imooc.realm; import com.imooc.dao.UserDao; import com.imooc.domain.User; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.crypto.hash.Md5Hash; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import org.springframework.beans.factory.annotation.Autowired; import java.util.*; public class CustomRealm extends AuthorizingRealm { @Autowired private UserDao userDao ; /** * 授权 * @param principalCollection * @return */ @Override//授权 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String username = (String) principalCollection.getPrimaryPrincipal(); Set<String> roles = getRolesByUserName(username); Set<String> permissions = getPermissionByUserName(username); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); simpleAuthorizationInfo.setStringPermissions(permissions); simpleAuthorizationInfo.setRoles(roles); return simpleAuthorizationInfo; } private Set<String> getPermissionByUserName(String username) { Set<String> permissions = new HashSet<>(); permissions.add("user:select"); permissions.add("user:delete"); permissions.add("user:add"); return permissions; } private Set<String> getRolesByUserName(String username) { List<String> list = userDao.getRolesByUserName(username); for (String s : list) { System.out.println(s); } Set<String> roles = new HashSet<>(list); return roles; } /** * 认证 * @param authenticationToken * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String userName = (String) authenticationToken.getPrincipal(); String password = getPasswordByUserName(userName); if (password == null){ return null; } SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(userName,password,"customRealm"); authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(userName)); return authenticationInfo; } private String getPasswordByUserName(String userName) { User user = userDao.getUserByUserName(userName); System.out.println(user.getPassword()); if (user != null)return user.getPassword(); return null; } public static void main(String[] args) { Md5Hash md5Hash = new Md5Hash("123456","xiaoming"); System.out.println(md5Hash); } }
还可以自定义shiro 的filter,shiro 自带的过滤器有:
anon authc autncbasic logout nosessioncreation perms port rest roles role ssl user