1,在pom.xml文件里面加
<!--shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.2.3</version>
</dependency>
2,在applicationContext.xml里面配置
<!--注入shiro的配置文件 -->
<!-- <import resource="application-shiro.xml" /> -->
<!-- 配置shiro权限控制 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 配置安全管理器 -->
<property name="securityManager" ref="securityManager"></property>
<!-- 配置权限相关页面
private String loginUrl; //登录页面
private String successUrl;//登录成功后页面
private String unauthorizedUrl;//没有权限的页面 -->
<property name="loginUrl" value="/login.html"></property>
<property name="successUrl" value="/index.html"></property>
<property name="unauthorizedUrl" value="/unauthorized.html"></property>
<!-- 权限规则相关配置
authc:只要认证才可以访问功能
anon:匿名过滤器 (不需要权限访问功能)
注意:有顺序问题 -->
<property name="filterChainDefinitions">
<value>
/css/** = anon
/images/** = anon
/js/** = anon
/validatecode.jsp* = anon
/userAction_login.action = anon
<!-- /**=authc -->
/**=anon
</value>
</property>
</bean>
<!--注入自定義的Ream -->
<bean id="Realm" class="com.xxxx.util.Realm"></bean>
<!-- 注册安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="Realm"></property>
</bean>
3,自定义Reaml
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import com.xxxx.dao.UserLoginDao;
import com.xxxx.pojo.Userlogin;
public class Realm extends AuthorizingRealm {
@Autowired
private UserLoginDao userloginDao;
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// TODO Auto-generated method stub
return null;
}
//认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取当前用户的token
UsernamePasswordToken userpasswordToken = (UsernamePasswordToken) token;
//通過用戶名到數據庫查詢這個用戶是否存在
//通過shiro框架本身自帶的認證方法進行密碼校驗, user:當前從數據庫查詢用戶對象 憑證密碼
// getName:當前自定義realm對象
//根據用戶名到數據庫只查詢用戶對象 通過 SimpleAuthenticationInfo對象進行封裝shiro框架進行認證
//前臺輸入密碼 數據庫查詢密碼
String username = userpasswordToken.getUsername();
//將字符轉化成字符串
if(StringUtils.isBlank(username)) {
throw new AccountException(
"Null usernames are not allowed by this realm.");
}try {
Userlogin user=null;
if(username.length()==11){
String sogo="";
user=userloginDao.findByUsername(username,sogo);
}else{
String username1=username.substring(0, 11);
String sogo=username.substring(11, 12);
user=userloginDao.findByUsername(username1,sogo);
}
//判斷密碼是否相等
checkUser(user, username);
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user,userpasswordToken.getPassword(),this.getName());
return info;
}catch (Exception e) {
throw translateException(e);
}
}
private void checkUser(Userlogin user, String username) {
if (null == user) {
throw new UnknownAccountException("No account found for user ["
+ username + "]");
}
}
private AuthenticationException translateException(Exception e) {
if (AuthenticationException.class.isAssignableFrom(e.getClass())) {
return (AuthenticationException) e;
}
return new AuthenticationException(e);
}
}
3,编写登录注册类
/**
* 登錄
* @param userlogins
* @param request
* @return
*/
@RequestMapping(value="/login",method= RequestMethod.POST, produces = "application/json;charset=UTF-8")
@ResponseBody
public String userlogin(@RequestBody Userlogin userlogins ,HttpServletRequest request) {
/*String phone = request.getParameter("phone");
String password = request.getParameter("password");*/
String phone = userlogins.getPhone();
String sogo = userlogins.getSogo();
phone=phone+sogo;
String password = userlogins.getPassword();
session.setAttribute("phone", phone);
Subject subject = SecurityUtils.getSubject();//獲取當前的用戶對象
UsernamePasswordToken token = new UsernamePasswordToken(phone,password);
try {
//获取用户对象
/*ServletActionContext.getRequest().getSession().setAttribute("loginUser", userlogin);*/
//reaml的認證方法
subject.login(token);
Userlogin userlogin =(Userlogin)subject.getPrincipal();
String passwordsql = userlogin.getPassword();
//System.out.println("userlogin...."+userlogin.getPassword());
if(password.equals(passwordsql)) {
userLoginService.updateloginway(userlogins);
}else {
//System.out.println("用戶名和密碼...."+phone+password);
return "{\"code\":400,\"msg\":\"用戶密碼錯誤\"}";
}
}catch(Exception e) {
/*e.printStackTrace();*/
//System.out.println("{\"code\":500,\"msg\":\"用戶不存在\"}");
return "{\"code\":500,\"msg\":\"用戶不存在\"}";
}
}
/**
* 驗證碼
*
* @param userlogin
* @return
*/
@RequestMapping(value="/login/sendSms",method=RequestMethod.POST, produces = "application/json;charset=UTF-8")
@ResponseBody
public String sendSms(@RequestBody Userlogin userlogin,HttpServletRequest request) {
String url="http://api.XXXXX.com:8080/api/sms/send";
String ramdomutil=randomUtil.ramdomutil();
String mobiles=userlogin.getPhone();
String content="【XXXX】您的验证码为"+ramdomutil+"(2分钟有效)情保管您的验证码,防止被他人盗用!";//內容
String account="gzzywl@gzzywl";
String extno="01";
String password="4SyM5me2";
String batchno="";
//將驗證碼和手機號碼保存在session中
/* HttpSession session = request.getSession();
session.setAttribute("CODE", ramdomutil.toString());
session.setAttribute("PHONE", mobiles.toString());
String code = (String) session.getAttribute(CODE);
System.out.println("保存的数据...."+code);*/
redis.setAuto(userlogin.getPhone(), ramdomutil);
/*CODE=ramdomutil;*/
ApiSender.send(url, account, password, mobiles, content, extno,batchno);
return "{\"code\":200,\"msg\":\"短信发送成功\"}";
}
String messageno = s.getMessageno();//统计数
String messageamt = s.getMessageamt();//金额
if(messageno==null) {
messageno="0";
}
if(messageamt==null) {
messageamt="0";
}
//int messageint = Integer.parseInt(messageno);
double a=1;//次数
double amt=0.5;//访问次数金额
BigDecimal messagemal = UUIDUtil.add(messageno, a);
String mesage = messagemal.toString();
s.setMessageno(mesage);//访问一次次数加一
BigDecimal amtmal = UUIDUtil.add(messageamt, amt);
String messageamts = amtmal.toString();
s.setMessageamt(messageamts);
s.setTime(df.format(new Date()));
//2,存在就跟新
userLoginService.updatestatistics(s);
return "{\"code\":200,\"msg\":\"短信发送成功\"}";
}
/**
* 註冊
* @param userlogin
* @param request
* @return
*/
@RequestMapping(value="/register",method=RequestMethod.POST,produces = "application/json;charset=UTF-8")
@ResponseBody
public String register(@RequestBody Userlogin userlogin,HttpServletRequest request) {
//判斷是否傳來phone
if(null==userlogin.getPhone()) {
return "{\"code\":300,\"msg\":\"电话号码不能为空\"}";
}
if(checkUser(userlogin.getPhone())) {
return "{\"code\":400,\"msg\":\"请输入正确的用户名和密码\"}";
}
//查詢電話號碼是否存在
Result phone= userLoginService.findByphone(userlogin);
//查询认证中的电话号码是否存在
//Result certificationPhone=userLoginService.findByCertification(userlogin);
//System.out.println("phone..."+phone.getMessage());
if(phone.getMessage().equals("用戶以存在")) {
//System.out.println("用戶已存在");
return "{\"code\":400,\"msg\":\"用户已存在\"}";
}
//判斷驗證碼是否一致;
/*HttpSession session = request.getSession();*/
/*String code = (String) session.getAttribute(CODE);*/
String code = redis.get(userlogin.getPhone());
/*System.out.println("短信发送的验证码...."+CODE);*/
String copy1 = userlogin.getCopy1();
if(!copy1.equals(code)) {
return "{\"code\":500,\"msg\":\"請輸入正確的驗證碼\"}";
}
redis.delete(CODE);
SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
userlogin.setCopy2(df.format(new Date()));
userLoginService.save(userlogin);
//用户注册时,认证信息默认为未完成
return "{\"code\":200,\"msg\":\"保存成功\"}";
}
/**
* 忘記密碼
* @param userlogin
* @param request
* @return
*/
@RequestMapping(value="/login/forgetPassword",method=RequestMethod.POST,produces = "application/json;charset=UTF-8")
@ResponseBody
public String forgetPassword(@RequestBody Userlogin userlogin,HttpServletRequest request) {
String code = redis.get(userlogin.getPhone());
String copy1 = userlogin.getCopy1();
if(!copy1.equals(code)) {
return "{\"code\":400,\"msg\":\"請輸入真確的驗證碼\"}";
}
//查詢用戶是否存在
Result phone= userLoginService.findByphone(userlogin);
Userlogin user= userLoginService.findUserlogin(userlogin.getPhone(),userlogin.getSogo());
Integer id = user.getId();
userlogin.setId(id);
if(phone.getMessage().equals("用戶不存在")) {
return "{\"code\":400,\"msg\":\"用戶不存在請註冊\"}";
}
userLoginService.updatapassword(userlogin);
System.out.println("用戶已存在");
return "{\"code\":200,\"msg\":\"修改密碼成功\"}";
}
/**
* 退出登录
* @param response
* @param request
*/
@RequestMapping(value="/outlogin",method=RequestMethod.POST)
public void outLogin(HttpServletResponse response,HttpServletRequest request) {
Subject subject = SecurityUtils.getSubject();
try {
subject.logout();
writeSuccessToClient(response);
}catch (Exception e) {
writeFailToClient(response);
}
}
/**
* 成功的状态
* @param response
*/
public static void writeSuccessToClient(HttpServletResponse response) {
try {
byte[] data="200".getBytes();
response.setStatus(200);
response.setContentType("application/json;charset=utf-8");
response.setCharacterEncoding("utf-8");
response.getOutputStream().write(data);;
} catch (IOException e) {
e.printStackTrace();
}
}
/**
* 失败状态
* @param response
*/
public static void writeFailToClient(HttpServletResponse response) {
try {
byte[] data="400".getBytes();
response.setStatus(400);
response.setContentType("application/json;charset=utf-8");
response.setCharacterEncoding("utf-8");
response.getOutputStream().write(data);;
} catch (IOException e) {
e.printStackTrace();
}
}
/**
* 包含regEx的字符返回ture
* 設置密碼只能輸入 數字 ,字母 ,下劃線
* @param parameter
* @return
*/
public static boolean checkUser(String parameter) {
String regEx = "[`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]";
Pattern p = Pattern.compile(regEx);
Matcher m = p.matcher(parameter);
return m.find();
}