apache shiro學習筆記--03(與spring整合)

1.web.xml部分的配置

在web.xml文件中添加shiro過濾器
  <!-- shiro過濾器定義 -->
    <filter>  
        <filter-name>shiroFilter</filter-name>  
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
        <init-param>   
            <param-name>targetFilterLifecycle</param-name>  
            <param-value>true</param-value>  
        </init-param>  
    </filter>  
    <filter-mapping>
         <filter-name>shiroFilter</filter-name>  
         <url-pattern>/*</url-pattern>  
    </filter-mapping>

2.spring配置文件的部分的配置

在spring的配置文件中添加

<!-- 自定義Realm -->
    <bean id="myRealm" class="com.xie.myRealm.MyRealm"/>  

    <!-- 安全管理器 -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">  
      <property name="realm" ref="myRealm"/>  
    </bean>  

    <!-- Shiro過濾器 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
        <!-- Shiro的核心安全接口,這個屬性是必須的 -->  
        <property name="securityManager" ref="securityManager"/>
        <!-- 身份認證失敗,則跳轉到登錄頁面的配置 -->  
        <property name="loginUrl" value="/index.jsp"/>
        <!-- 權限認證失敗,則跳轉到指定頁面 -->  
        <property name="unauthorizedUrl" value="/unAuth.jsp"/>  
        <!-- Shiro連接約束配置,即過濾鏈的定義 -->  
        <property name="filterChainDefinitions">  
            <value>  
                 /login=anon
                /admin*=authc
                /student=roles[teacher]
                /teacher=perms["user:create"]
            </value>  
        </property>
    </bean>  

    <!-- 保證實現了Shiro內部lifecycle函數的bean執行 -->  
    <bean id="lifecycleBeanPostProcessor class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>  

    <!-- 開啓Shiro註解 -->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>  
        <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">  
      <property name="securityManager" ref="securityManager"/>  
    </bean>  

3.myrelam的代碼

public class MyRealm extends AuthorizingRealm{

    @Resource
    private UserService userService;

    /**
     * 驗證當前登錄的用戶
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String userName=(String)token.getPrincipal();
        /*Subject 認證主體包含兩個信息:
        Principals:身份,可以是用戶名,郵件,手機號碼等等,用來標識一個登錄主體身份;
        Credentials:憑證,常見有密碼,數字證書等等;*/
        User user = userService.getByUserName(userName);
        if (user != null) {
            AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(user.getName(), user.getPassword(), "");
            return authcInfo;
        } else {
            return null;
        }
    }

    /**
     * 爲當限前登錄的用戶授予角色和權
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String userName=(String)principals.getPrimaryPrincipal();
        SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
        //授予角色(該用戶有哪些角色,從數據庫中獲取)
        authorizationInfo.setRoles(userService.getRoles(userName));
        //授予權限(該用戶有哪些權限,從數據庫中獲取)
        authorizationInfo.setStringPermissions(userService.getPermissions(userName));
        return authorizationInfo;
    }

}

4.controller的代碼

/**
     * 用戶登錄
     * @param user
     * @param request
     * @return
     */
    @RequestMapping("/login")
    public String login(User user,HttpServletRequest request){
        Subject subject=SecurityUtils.getSubject();
        UsernamePasswordToken token=new UsernamePasswordToken(user.getName(), user.getPassword());
        try{
            subject.login(token);//開始認證,調用realm中的方法
            Session session=subject.getSession();
            session.setAttribute("info", "session數據:sessionId"+session.getId()+" sessionHost:"+session.getHost());
            return "redirect:/success.jsp";
        }catch(Exception e){
            e.printStackTrace();
            request.setAttribute("user", user);
            request.setAttribute("errorMsg", "用戶名或者密碼錯誤");
            return "index";
        }
    }

5.jsp頁面代碼

<body>
${info }
<br>
歡迎你!
<shiro:hasRole name="admin">
    歡迎有admin角色的用戶!
    <br>
</shiro:hasRole>

<shiro:hasRole name="teacher">
    歡迎有teacher角色的用戶!
    <br>
</shiro:hasRole>

<shiro:hasPermission name="student:create">
    歡迎有student:create權限的用戶!
    <br>
</shiro:hasPermission>

<shiro:hasPermission name="student:update">
    歡迎有student:update權限的用戶!
    <br>
</shiro:hasPermission>
</body>

6.數據庫設計

t_role(角色表):id,name;
t_user(用戶表):id,name,roleId;
t_perimission(權限表):id,name,roleId

7.源碼地址

http://download.csdn.net/download/wu_0916/10011174

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章