springmvc,shiro整合

继之前搭好的框架基础上整合shiro配置。

地址:http://www.cnblogs.com/mangyang/p/5168291.html

 

一、pom.xml

maven添加shiro的包支持

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>spring_v1</groupId>
  <artifactId>spring_v1</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>war</packaging>
  
  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <springmvc.version>4.0.2.RELEASE</springmvc.version>
    <log4j.version>1.6.6</log4j.version>
    <mysql-connector-java.version>5.1.34</mysql-connector-java.version>
    <shiro.version>1.2.3</shiro.version> 
  </properties>
  
  <dependencies>
      <!-- spring-mvc -->
     <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context</artifactId>
        <version>${springmvc.version}</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.webflow</groupId>
        <artifactId>spring-webflow</artifactId>
        <version>2.3.2.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-jdbc</artifactId>
        <version>3.0.5.RELEASE</version>
    </dependency> 
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context-support</artifactId>
        <version>${springmvc.version}</version>
    </dependency>
    <!-- freemarker -->
    <dependency>
          <groupId>org.freemarker</groupId>
          <artifactId>freemarker</artifactId>
          <version>2.3.20</version>
    </dependency>
    <!-- 阿里jdbc -->
    <dependency>
        <groupId>com.alibaba</groupId>
        <artifactId>druid</artifactId>
        <version>0.2.21</version>
    </dependency>
    <dependency>
        <groupId>com.alibaba</groupId>
        <artifactId>fastjson</artifactId>
        <version>1.1.24</version>
    </dependency> 
    <!-- mybatis -->
    <dependency>
        <groupId>org.mybatis</groupId>
        <artifactId>mybatis</artifactId>
        <version>3.2.2</version>
    </dependency>
    <dependency>
        <groupId>org.mybatis</groupId>
        <artifactId>mybatis-spring</artifactId>
        <version>1.2.2</version>
    </dependency>
    <dependency>
        <groupId>org.mybatis.caches</groupId>
        <artifactId>mybatis-ehcache</artifactId>
        <version>1.0.2</version>
    </dependency>
    <!-- mysql -->
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <version>${mysql-connector-java.version}</version>
    </dependency>
    <!-- 解决@ResponseBody返回JSON数据,页面抛出406错误的解决方案。 -->
    <dependency>
        <groupId>org.codehaus.jackson</groupId>
        <artifactId>jackson-core-asl</artifactId>
        <version>1.9.13</version>
    </dependency>
    <dependency>
        <groupId>org.codehaus.jackson</groupId>
        <artifactId>jackson-mapper-asl</artifactId>
        <version>1.9.13</version>
    </dependency>
    <!--ehcache 相关包 -->
       <dependency>
      <groupId>net.sf.ehcache</groupId>
      <artifactId>ehcache-core</artifactId>
      <version>2.6.9</version>
    </dependency>
    <dependency>
        <groupId>net.sf.ehcache</groupId>
        <artifactId>ehcache-web</artifactId>
        <version>2.0.4</version>
    </dependency>
    <!-- shiro -->  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-spring</artifactId>  
        <version>${shiro.version}</version>  
    </dependency>  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-ehcache</artifactId>  
        <version>${shiro.version}</version>  
    </dependency>  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-core</artifactId>  
        <version>${shiro.version}</version>  
    </dependency>  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-web</artifactId>  
        <version>${shiro.version}</version>  
    </dependency>  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-quartz</artifactId>  
        <version>${shiro.version}</version>  
    </dependency>  
   <!-- commons -->
   <dependency>
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>
       <version>3.1</version>
   </dependency>
   <!-- servlet -->
   <dependency> 
       <groupId>javax.servlet</groupId> 
       <artifactId>servlet-api</artifactId> 
       <version>2.5</version> 
   <scope>provided</scope> 
    </dependency>
    <!-- json -->
    <dependency>
        <groupId>net.sf.json-lib</groupId>
        <artifactId>json-lib</artifactId>
        <version>2.4</version>
        <classifier>jdk15</classifier>
    </dependency>
  </dependencies>
</project>

二、web.xml

添加shiro拦截配置

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
    http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <display-name>spring_v1</display-name>

    <!-- 集成Web环境的通用配置 -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            classpath*:/spring-application.xml,
            classpath*:/spring-shiro.xml
        </param-value>
    </context-param>

    <!-- spring上下文 -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- springMVC 配置 -->
    <servlet>
        <servlet-name>spring-mvc</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath*:/spring-mvc.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring-mvc</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    
    <!-- Shiro配置 -->    
    <filter>    
      <filter-name>shiroFilter</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    
    </filter>
    <filter-mapping>
      <filter-name>shiroFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- 编码格式UTF-8 -->
    <filter>
        <filter-name>CharacterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>utf-8</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CharacterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    
</web-app>

三、spring-shiro.xml

<?xml version="1.0" encoding="UTF-8" ?>  
<beans xmlns="http://www.springframework.org/schema/beans"  
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
       xmlns:aop="http://www.springframework.org/schema/aop"  
       xmlns:tx="http://www.springframework.org/schema/tx"  
       xmlns:context="http://www.springframework.org/schema/context"  
       xsi:schemaLocation="  
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd  
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd  
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd  
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">  
    <!-- 配置权限管理器 -->  
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">    
        <!-- ref对应我们写的realm  Shiro -->  
        <property name="realm" ref="myRealm"/>      
    </bean>  
    
    <!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->  
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
         <!-- 调用我们配置的权限管理器 -->  
        <property name="securityManager" ref="securityManager" />
        <!-- 配置我们的登录请求地址 -->   
        <property name="loginUrl" value="/login"/>    
        <!-- 配置我们在登录页登录成功后的跳转地址,如果你访问的是非/login地址,则跳到您访问的地址 -->  
        <property name="successUrl" value="/show"/>  
        <!-- 权限配置 --> 
        <property name="filterChainDefinitions">
            <value>
                /**= authc
            </value>
        </property>
    </bean>
    
    <bean id="myRealm" class="com.shiro.MyRealm">
        <property name="authorizationCacheName" value="authorization" />
        <property name="authenticationTokenClass" value="com.shiro.AdminToken" />
    </bean>
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> 

</beans>

 AdminToken.java

package com.shiro;

import org.apache.shiro.authc.UsernamePasswordToken;

public class AdminToken extends UsernamePasswordToken {
	public AdminToken(String username, final String password,
			final boolean rememberMe, final String host) {
		super(username, password, rememberMe, host);
	}
}

MyRealm.java

package com.shiro;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import com.entity.UserRoleAuth;
import com.service.UserRoleAuthService;

public class MyRealm extends AuthorizingRealm{
	
	@Autowired
	private UserRoleAuthService userRoleAuthService;
	
	/* 
	 * 获取授权信息
	 * 2016.03.11
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		String userName=(String)principals.iterator().next();
		
		List<UserRoleAuth> list = userRoleAuthService.findByName(userName);
		
		//赋予角色
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		
		for (UserRoleAuth sra : list) {
			//保存不重复角色
			if(info.getRoles()==null ||(!info.getRoles().contains(sra.getRoleName())))
			{
				info.addRole(sra.getRoleName());
			}
			//保存不重复权限
			Collection<String> auths = new HashSet<String>();
			
			if(!auths.contains(sra.getAuthCode()))
			{
				auths.add(sra.getAuthCode());
			}
			info.addStringPermissions(auths);
		}
	
		return info;
	}

	/* 
	 * 获取认证信息
	 * 2016.03.11
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken token) throws AuthenticationException {
		//获取用户登陆令牌
		AdminToken myToken = (AdminToken) token; 
		//获取登陆账号
		String username = myToken.getUsername();
		//获取登陆密码
		String password = new String(myToken.getPassword());
		
		return new SimpleAuthenticationInfo(username, password, getName());
	}
	@Override
	public boolean supports(AuthenticationToken token) {
		return super.supports(token);
	}

}

sql地址:http://pan.baidu.com/s/1dEZMvYh  配合sql生成工具 实体类等。

LoginAction.java 的方法(传入账号密码)

@RequestMapping(value = "", method = RequestMethod.POST)
	public String login(HttpServletRequest request, HttpServletResponse response,
			String userName, String userPsw) throws Exception {
		
		Subject user = SecurityUtils.getSubject();

		AdminToken token = new AdminToken(userName, userPsw, true, request.getRemoteAddr());
		token.setRememberMe(true);
		user.login(token);
		
		return "show";
	}

show.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>   
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
 <shiro:hasPermission name="code01">code01权限用户显示此内容</shiro:hasPermission>  
  <shiro:hasPermission name="code02">code02权限用户显示此内容</shiro:hasPermission>  
    <shiro:hasPermission name="code03">code03权限用户显示此内容</shiro:hasPermission>  
 <shiro:hasRole name="superAdmin">superAdmin角色登录显示此内容</shiro:hasRole>  
  <shiro:hasRole name="admin">admin角色登录显示此内容</shiro:hasRole>
  this is show
</body>
</html>

完成!

posted @ 2016-04-21 11:12  茫洋  阅读(448)  评论(0编辑  收藏  举报