springmvc,shiro整合
继之前搭好的框架基础上整合shiro配置。
地址:http://www.cnblogs.com/mangyang/p/5168291.html
一、pom.xml
maven添加shiro的包支持
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>spring_v1</groupId> <artifactId>spring_v1</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <springmvc.version>4.0.2.RELEASE</springmvc.version> <log4j.version>1.6.6</log4j.version> <mysql-connector-java.version>5.1.34</mysql-connector-java.version> <shiro.version>1.2.3</shiro.version> </properties> <dependencies> <!-- spring-mvc --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${springmvc.version}</version> </dependency> <dependency> <groupId>org.springframework.webflow</groupId> <artifactId>spring-webflow</artifactId> <version>2.3.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>3.0.5.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${springmvc.version}</version> </dependency> <!-- freemarker --> <dependency> <groupId>org.freemarker</groupId> <artifactId>freemarker</artifactId> <version>2.3.20</version> </dependency> <!-- 阿里jdbc --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>0.2.21</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.1.24</version> </dependency> <!-- mybatis --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>3.2.2</version> </dependency> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>1.2.2</version> </dependency> <dependency> <groupId>org.mybatis.caches</groupId> <artifactId>mybatis-ehcache</artifactId> <version>1.0.2</version> </dependency> <!-- mysql --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql-connector-java.version}</version> </dependency> <!-- 解决@ResponseBody返回JSON数据,页面抛出406错误的解决方案。 --> <dependency> <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-core-asl</artifactId> <version>1.9.13</version> </dependency> <dependency> <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-mapper-asl</artifactId> <version>1.9.13</version> </dependency> <!--ehcache 相关包 --> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache-core</artifactId> <version>2.6.9</version> </dependency> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache-web</artifactId> <version>2.0.4</version> </dependency> <!-- shiro --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>${shiro.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-quartz</artifactId> <version>${shiro.version}</version> </dependency> <!-- commons --> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> <version>3.1</version> </dependency> <!-- servlet --> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <!-- json --> <dependency> <groupId>net.sf.json-lib</groupId> <artifactId>json-lib</artifactId> <version>2.4</version> <classifier>jdk15</classifier> </dependency> </dependencies> </project>
二、web.xml
添加shiro拦截配置
<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>spring_v1</display-name> <!-- 集成Web环境的通用配置 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath*:/spring-application.xml, classpath*:/spring-shiro.xml </param-value> </context-param> <!-- spring上下文 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- springMVC 配置 --> <servlet> <servlet-name>spring-mvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:/spring-mvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring-mvc</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- Shiro配置 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 编码格式UTF-8 --> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>utf-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
三、spring-shiro.xml
<?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <!-- 配置权限管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- ref对应我们写的realm Shiro --> <property name="realm" ref="myRealm"/> </bean> <!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 调用我们配置的权限管理器 --> <property name="securityManager" ref="securityManager" /> <!-- 配置我们的登录请求地址 --> <property name="loginUrl" value="/login"/> <!-- 配置我们在登录页登录成功后的跳转地址,如果你访问的是非/login地址,则跳到您访问的地址 --> <property name="successUrl" value="/show"/> <!-- 权限配置 --> <property name="filterChainDefinitions"> <value> /**= authc </value> </property> </bean> <bean id="myRealm" class="com.shiro.MyRealm"> <property name="authorizationCacheName" value="authorization" /> <property name="authenticationTokenClass" value="com.shiro.AdminToken" /> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> </beans>
AdminToken.java
package com.shiro; import org.apache.shiro.authc.UsernamePasswordToken; public class AdminToken extends UsernamePasswordToken { public AdminToken(String username, final String password, final boolean rememberMe, final String host) { super(username, password, rememberMe, host); } }
MyRealm.java
package com.shiro; import java.util.Collection; import java.util.HashSet; import java.util.List; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import com.entity.UserRoleAuth; import com.service.UserRoleAuthService; public class MyRealm extends AuthorizingRealm{ @Autowired private UserRoleAuthService userRoleAuthService; /* * 获取授权信息 * 2016.03.11 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String userName=(String)principals.iterator().next(); List<UserRoleAuth> list = userRoleAuthService.findByName(userName); //赋予角色 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for (UserRoleAuth sra : list) { //保存不重复角色 if(info.getRoles()==null ||(!info.getRoles().contains(sra.getRoleName()))) { info.addRole(sra.getRoleName()); } //保存不重复权限 Collection<String> auths = new HashSet<String>(); if(!auths.contains(sra.getAuthCode())) { auths.add(sra.getAuthCode()); } info.addStringPermissions(auths); } return info; } /* * 获取认证信息 * 2016.03.11 */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { //获取用户登陆令牌 AdminToken myToken = (AdminToken) token; //获取登陆账号 String username = myToken.getUsername(); //获取登陆密码 String password = new String(myToken.getPassword()); return new SimpleAuthenticationInfo(username, password, getName()); } @Override public boolean supports(AuthenticationToken token) { return super.supports(token); } }
sql地址:http://pan.baidu.com/s/1dEZMvYh 配合sql生成工具 实体类等。
LoginAction.java 的方法(传入账号密码)
@RequestMapping(value = "", method = RequestMethod.POST) public String login(HttpServletRequest request, HttpServletResponse response, String userName, String userPsw) throws Exception { Subject user = SecurityUtils.getSubject(); AdminToken token = new AdminToken(userName, userPsw, true, request.getRemoteAddr()); token.setRememberMe(true); user.login(token); return "show"; }
show.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <shiro:hasPermission name="code01">code01权限用户显示此内容</shiro:hasPermission> <shiro:hasPermission name="code02">code02权限用户显示此内容</shiro:hasPermission> <shiro:hasPermission name="code03">code03权限用户显示此内容</shiro:hasPermission> <shiro:hasRole name="superAdmin">superAdmin角色登录显示此内容</shiro:hasRole> <shiro:hasRole name="admin">admin角色登录显示此内容</shiro:hasRole> this is show </body> </html>
完成!