shiro----整合SSM(身份认证)

搭建环境

1.导包

2.书写web.xml

<!--注册了 DelegatingFilterProxy 使用代理把servlet 容器中 fiter 和 Spring 中的 bean 进行连接
-->
<filter>
<filter-name>shiro</filter-name>
<filter-class>org.springframework.web.filt
er.DelegatingFilterProxy</filter-class>
<!--设置为 truez 之后可以使用过滤器中初始化 销毁等方法-->
<init-param>
<param-name>targetFilterLifecycle</param-n
ame>
<param-value>true</param-value>
</init-param>
<!--给注册了的 bend 起名称-->
<init-param>
<param-name>targetBeanName</param-name>
<param-value>shiroFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiro</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

3.自定义Realm
只完成了认证，并没有授权

public class UserRealm extends AuthorizingRealm {


        @Autowired
        AdminService  adminService;

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {


        Admin admin = adminService.findPwd(authenticationToken.getPrincipal().toString());

        if(admin!=null){

            SimpleAuthenticationInfo  info=new SimpleAuthenticationInfo(authenticationToken.getPrincipal(),admin.getPassword(), ByteSource.Util.bytes(admin.getSalt()),"userRealm");

            return   info;

        }

        return null;
    }



     //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }


}

4.整合spring关于shiro的application.xml文件

 <!--[A]注册凭证匹配器-->

    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">

          <property name="hashAlgorithmName" value="md5"></property>

          <property name="hashIterations" value="2"></property>

    </bean>

    <!--[B]注册自定义Realm-->

    <bean id="userRealm" class="com.bjsxt.realm.UserRealm">

        <property name="credentialsMatcher"  ref="credentialsMatcher"></property>

    </bean>

    <!--[C]注册securityManager-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="realms" ref="userRealm"></property>
    </bean>

    <!--[D]注册ShiroFilterFactoryBean对象-->

    <!-- bean对象中的id名称必须和web.xml中targetBeanName保持一致-->

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

        <property name="securityManager"  ref="securityManager"></property>

        <property name="loginUrl" value="/login"></property>

        <property name="successUrl" value="/success.jsp"></property>

        <property name="unauthorizedUrl" value="/error.jsp"></property>


        <!--设置过滤器链的属性  authc拦截指定路径 anon放行资源  -->
        <property name="filterChainDefinitions">

            <value>
                 /login=authc
                  /**=anon
            </value>

        </property>

    </bean>

5. 编写Controller层

Controller层只进行异常的判断，验证给shiro去执行

@Controller
public class AdminController {



    @RequestMapping("login")
    public    String   login(HttpServletRequest req){

        //查看具体的异常信息，获得一场的信息名称
        Object ex = req.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);


        if(UnknownAccountException.class.getName().equals(ex)){

            req.setAttribute("msg","用户名错误");
        }else  if(IncorrectCredentialsException.class.getName().equals(ex)){

            req.setAttribute("msg","凭证不正确");

        }else{
            req.setAttribute("msg","未知异常");

        }

        return   "/error.jsp";

    }