ssm框架整合shiro

1、导入shiro相应jar包,也可下载shiro-all.jar; 

2、web.xml添加shiroFilter配置,类似于mvc

 

 1  <!-- shiro 安全过滤器-->
 2     <filter>
 3         <filter-name>shiroFilter</filter-name>
 4         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 5         <async-supported>true</async-supported>
 6         <init-param>
 7             <param-name>targetFilterLifecycle</param-name>
 8             <param-value>true</param-value>
 9         </init-param>
10     </filter>
11 
12     <filter-mapping>
13         <filter-name>shiroFilter</filter-name>
14         <url-pattern>/*</url-pattern>
15         <dispatcher>REQUEST</dispatcher>
16     </filter-mapping>

 

3、添加shiro配置文件,在spring-conf.xml导入

1 <import resource="classpath*:conf/spring-shiro.xml"/>

编写spring-conf.xml

 2 <description>Shiro安全配置</description>
 3     <!-- 扫描service注入realm -->
 4     <context:component-scan base-package="com.myssm.yuan.service" use-default-filters="false">
 5         <context:include-filter type="annotation" expression="org.springframework.stereotype.Service"/>
 6     </context:component-scan>
 7     <!--securityManager是shiro的核心,初始化时协调各个模块运行-->
 8     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
 9        <!--单个realm使用realm,如果有多个realm,使用realms属性代替--> 
10        <property name="realm" ref="userRealm" />
11        <property name="cacheManager" ref="shiroEhcacheManager" />
12     </bean>
13     <!--realm配置,realm是shiro的桥梁,它主要是用来判断subject是否可以登录及权限等-->
14     <bean id="userRealm" class="com.myssm.yuan.shiro.UserRealm" />
15     <!-- <property name="userService" ref="userService"/></bean> 不扫描可采用此方法注入-->
16     <!--shiro过滤器配置,bean的id值须与web中的filter-name的值相同-->
17     <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
18     <property name="securityManager" ref="securityManager" />
19          <!-- 没有权限或者失败后跳转的页面 -->
20      <property name="loginUrl" value="/login.jsp" /> 
21      <property name="successUrl" value="/WEB-INF/page/index.jsp" />
22      <property name="unauthorizedUrl" value="/login/unauthorized" />
23         <property name="filterChainDefinitions">
24             <value>
25                 /login/logout=logout
26                 /login/**=anon
27                 /**=authc,rest
28             </value>
29         </property>
30     </bean>
31     <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->
32     <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
33         <property name="cacheManagerConfigFile" value="classpath:conf/ehcache-shiro.xml"/>
34     </bean>
35     <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
36     <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

 

3.1 在mybatis配置文件里sqlcofig.xml.添加shiro缓存配置文件

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd">
 3     <diskStore path="java.io.tmpdir"/>
 4     <defaultCache maxElementsInMemory="10000" eternal="false" 
 5     timeToIdleSeconds="900" timeToLiveSeconds="1800" 
 6     overflowToDisk="false" 
 7     memoryStoreEvictionPolicy="LFU" />
 8     <cache name="testEhcache" 
 9         maxElementsInMemory="10000" 
10         eternal="false"
11         overflowToDisk="false" 
12         timeToIdleSeconds="900"
13         timeToLiveSeconds="1800"
14         memoryStoreEvictionPolicy="LFU" />
15  
16 </ehcache>

 

4、添加配置文件中配置的自定义realm,继承AuthorizingRealm

 1 /** 
 2      * 授权
 3      * <p>Title: doGetAuthorizationInfo</p> 
 4      * <p>Description: </p> 
 5      * @param principals
 6      * @return 
 7      * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) 
 8     */
 9     
10     @Override
11     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
12         SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();//未进行授权处理
13         return authorizationInfo;
14     }
15 
16     /** 
17      * 认证
18      * <p>Title: doGetAuthenticationInfo</p> 
19      * <p>Description: </p> 
20      * @param token
21      * @return
22      * @throws AuthenticationException 
23      * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) 
24     */
25     
26     @Override
27     protected AuthenticationInfo doGetAuthenticationInfo(
28             AuthenticationToken token) throws AuthenticationException {
29         UsernamePasswordToken usernamePasswordToke = (UsernamePasswordToken)token; 
30         String account = usernamePasswordToke.getUsername();
31         String pwd = String.valueOf(usernamePasswordToke.getPassword());
32         User user = this.userService.getUserByAccount(account);
33         if( user == null ){
34             throw new UnknownAccountException();
35         }
36         if( !user.getPassword().equals(pwd)){
37             throw new IncorrectCredentialsException();
38         }
39 //        if(Boolean.TRUE.equals( user.getLocked())){
40 //              throw new LockedAccountException(); //帐号锁定
41 //        }
42         SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
43                 account,pwd,this.getName()); //此处未进行密码加密处理
44         return authenticationInfo;
45     }

 

5、增加登录jsp及controller进行测试,结果:未登录自动跳到login.jsp,登录成功调到index.jsp

posted on 2017-07-17 13:37  小关ent  阅读(363)  评论(0编辑  收藏  举报

导航