任何框架要用首先要到pom依赖 。。。
在shiro.xml配置文件配置shiro相关信息
因为securityManager需要realm
package com.ssq.realm;
import com.ssq.pojo.User;
import com.ssq.service.RoleService;
import com.ssq.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.Set;
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService us;
@Autowired
private RoleService rs;
/**
* 授权
* @param principals
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
User user= (User) principals.getPrimaryPrincipal();
//根据用户名去获取账户的角色和权限
Set<String> roles= rs.findRoles(user.getLoginName());
Set<String> permissions= rs.findPermissions(user.getLoginName());
SimpleAuthorizationInfo sai = new SimpleAuthorizationInfo();
//把查出的权限给SimpleAuthorizationInfo 进行判断
sai.addRoles(roles);
sai.addStringPermissions(permissions);
return sai;
}
/**
* 认证
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username =(String) token.getPrincipal();
User user= us.findByLoginName(username);
//判断用户不存在
if (user==null) {
throw new UnknownAccountException();
}
return new SimpleAuthenticationInfo(
user,//用户信息 用户对象
user.getPassword(),//密码
ByteSource.Util.bytes(user.getLoginName()),//salt
getName()//realm的名称
);
}
}
我在java类里写了关于realm
这个类里的realm通过service去找dao dao去找mapper 根据用户名查出该用户的角色和权限
@RequestMapping("/login")
public String login(String loginName, String password, Model model, HttpSession session){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken(loginName,password);
try {
subject.login(token);
User user = (User) subject.getPrincipal();
//http提供的session
//session.setAttribute("user",user);
//使用shiro提供的session
Sys