Shiro学习笔记六(自定义Reaml-使用数据库设置 user roles permissions)
1.工程目录
pom文件还和以前设置的一样就是添加了一个数据库驱动,
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<!-- 添加servlet支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.1</version>
</dependency>
<!-- 添加jstl支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- 添加日志支持 -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!-- 添加shiro支持 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.12</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.37</version>
</dependency>
</dependencies>
shiro.ini中的配置
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp myRealm=com.zuoyan.shiro.realm.MyRealm securityManager.realms=$myRealm [urls] /login=anon /admin*=authc /student=roles[teacher] /teacher=perms["user:create"]
简单的解释说明一下Realm,这个我解释不清楚,就引用了别人博客上面的
对于什么是Realm,我使用过之后,个人总结一下:shiro要进行身份验证,就要从realm中获取相应的身份信息来进行验证,简单来说,我们可以自行定义realm,在realm中,从数据库获取身份信息,然后和 用户输入的身份信息进行匹配。这一切都由我们自己来定义。
下面就贴出我们自定义realm 的代码
1 package com.zuoyan.shiro.realm; 2 3 import java.sql.Connection; 4 5 import org.apache.shiro.authc.AuthenticationException; 6 import org.apache.shiro.authc.AuthenticationInfo; 7 import org.apache.shiro.authc.AuthenticationToken; 8 import org.apache.shiro.authc.SimpleAuthenticationInfo; 9 import org.apache.shiro.authz.AuthorizationInfo; 10 import org.apache.shiro.authz.SimpleAuthorizationInfo; 11 import org.apache.shiro.realm.AuthorizingRealm; 12 import org.apache.shiro.subject.PrincipalCollection; 13 14 import com.zuoyan.shiro.dao.UserDao; 15 import com.zuoyan.shiro.entity.User; 16 import com.zuoyan.shiro.utils.DbUtil; 17 18 public class MyRealm extends AuthorizingRealm{ 19 20 private UserDao userDao=new UserDao(); 21 private DbUtil dbUtil=new DbUtil(); 22 23 /* 24 * 用于授权 25 */ 26 @Override 27 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { 28 String userName=(String)principals.getPrimaryPrincipal(); 29 SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo(); 30 Connection con=null; 31 try{ 32 con=dbUtil.getCon(); 33 authorizationInfo.setRoles(userDao.getRoles(con,userName)); 34 authorizationInfo.setStringPermissions(userDao.getPermissions(con,userName)); 35 }catch(Exception e){ 36 e.printStackTrace(); 37 }finally{ 38 try { 39 dbUtil.closeCon(con); 40 } catch (Exception e) { 41 // TODO Auto-generated catch block 42 e.printStackTrace(); 43 } 44 } 45 return authorizationInfo; 46 } 47 48 /* 49 * 用于认证 50 */ 51 52 @Override 53 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { 54 String userName=(String)token.getPrincipal(); 55 Connection con=null; 56 try{ 57 con=dbUtil.getCon(); 58 User user=userDao.getByUserName(con, userName); 59 if(user!=null){ 60 AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx"); 61 return authcInfo; 62 }else{ 63 return null; 64 } 65 }catch(Exception e){ 66 e.printStackTrace(); 67 }finally{ 68 try { 69 dbUtil.closeCon(con); 70 } catch (Exception e) { 71 // TODO Auto-generated catch block 72 e.printStackTrace(); 73 } 74 } 75 return null; 76 } 77 78 }
AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx");
对于这句话,我一开始的理解就是 先查出来标准的账号密码在自定义中的Realm中进行比对,但是正确的是这里设置的是标准的账号密码
比对应该是在下一步
UserDao的就是在数据库中进行查找
1 package com.zuoyan.shiro.dao; 2 3 import java.sql.Connection; 4 import java.sql.PreparedStatement; 5 import java.sql.ResultSet; 6 import java.util.HashSet; 7 import java.util.Set; 8 9 import com.zuoyan.shiro.entity.User; 10 11 12 13 public class UserDao { 14 15 public User getByUserName(Connection con,String userName)throws Exception{ 16 User resultUser=null; 17 String sql="select * from t_user where userName=?"; 18 PreparedStatement pstmt=con.prepareStatement(sql); 19 pstmt.setString(1, userName); 20 ResultSet rs=pstmt.executeQuery(); 21 if(rs.next()){ 22 resultUser=new User(); 23 resultUser.setId(rs.getInt("id")); 24 resultUser.setUserName(rs.getString("userName")); 25 resultUser.setPassword(rs.getString("password")); 26 } 27 return resultUser; 28 } 29 30 public Set<String> getRoles(Connection con, String userName) throws Exception{ 31 Set<String> roles=new HashSet<String>(); 32 String sql="select * from t_user u,t_roles r where u.roleId=r.id and u.userName=?"; 33 PreparedStatement pstmt=con.prepareStatement(sql); 34 pstmt.setString(1, userName); 35 ResultSet rs=pstmt.executeQuery(); 36 while(rs.next()){ 37 roles.add(rs.getString("roleName")); 38 } 39 return roles; 40 } 41 42 public Set<String> getPermissions(Connection con, String userName)throws Exception { 43 Set<String> permissions=new HashSet<String>(); 44 String sql="select * from t_user u,t_roles r,t_permission p where u.roleId=r.id and p.roleId=r.id and u.userName=?"; 45 PreparedStatement pstmt=con.prepareStatement(sql); 46 pstmt.setString(1, userName); 47 ResultSet rs=pstmt.executeQuery(); 48 while(rs.next()){ 49 permissions.add(rs.getString("permissionName")); 50 } 51 return permissions; 52 } 53 }