一、简介
web 整合Shiro 流程大体也和 INI 配置shiro 差不多,下面使用 Maven、Spring、Spring MVC 整合Shiro。
二、创建Maven Web项目
1.maven 依赖
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.25.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.3.25.RELEASE</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.9.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.4.5</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.46</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
2.数据库建表
CREATE DATABASE `db_test` ;
USE `db_test`;
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` char(30) DEFAULT NULL,
`password` char(255) DEFAULT NULL,
`salt` char(64) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
INSERT INTO `users` VALUES (1,'root','8035146e76db9e63d957be3484e181b8','com.vincent.test'),(2,'admin','8035146e76db9e63d957be3484e181b8','com.vincent.test'),(3,'sang','8035146e76db9e63d957be3484e181b8','com.vincent.test');
其中字段password 是 123 的MD5(迭代10次)加密后的结果
3.web.xml 添加如下配置:
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceResponseEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 配置过滤器代理,其参数targetBeanName 值为 spring 容器中 bean 的id-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>shiroFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:application.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>spring-mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring-mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
4.项目结构如下:
5.application.xml 如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd">
<context:component-scan base-package="dao"></context:component-scan>
<context:component-scan base-package="service"></context:component-scan>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/db_test" />
<property name="username" value="root"/>
<property name="password" value="root"/>
</bean>
<bean id="sqlSessionFactoryBean" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="configLocation" value="classpath:mybatis-conf.xml" />
<property name="dataSource" ref="dataSource"/>
</bean>
<!-- 配置mybatis 包扫描接口 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="mapper" />
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactoryBean" />
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="loginUrl" value="/login" />
<property name="securityManager" ref="securityManager" />
<property name="filterChainDefinitions">
<value>
/test=authc
/login=authc
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="user_realm" />
</bean>
<bean id="user_realm" class="realm.UserRealm">
<property name="credentialsMatcher" ref="credenticalsMatcher" />
</bean>
<!-- 配置凭证匹配器 -->
<bean id="credenticalsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="md5" />
<property name="hashIterations" value="10" />
</bean>
</beans>
6.spring-mvc.xml 如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="controller"></context:component-scan>
<mvc:annotation-driven />
<!-- 使用默认的servlet 相应静态资源 -->
<mvc:default-servlet-handler />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp" />
</bean>
</beans>
7.mybatis-conf.xml 配置如下:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<settings>
<!-- 使用log4j作为日志-->
<setting name="logImpl" value="LOG4J"/>
</settings>
<typeAliases>
<package name="pojo" />
</typeAliases>
</configuration>
8.mybatis 映射文件 UserMapper.xml
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="mapper.UserMapper">
<select id="getAllUser" resultType="User">
select * from users
</select>
<select id="selUserByUsername" resultType="User">
select * from users where username=#{username}
</select>
</mapper>
9.UserMapper.java
package mapper;
import java.util.List;
import pojo.User;
public interface UserMapper {
List<User> getAllUser();
User selUserByUsername(String username);
}
10.UserService.java
package service;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import mapper.UserMapper;
import pojo.User;
@Service
public class UserService {
@Autowired
private UserMapper userMapper;
public List<User> searchAllUsers(){
return userMapper.getAllUser();
}
public User selUserByUsername(String username) {
return userMapper.selUserByUsername(username);
}
}
11.UserRealm.java
package realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import pojo.User;
import service.UserService;
public class UserRealm extends AuthorizingRealm{
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String)token.getPrincipal();
User user = userService.selUserByUsername(username);
AuthenticationInfo info = new SimpleAuthenticationInfo(username,user.getPassword(),ByteSource.Util.bytes(user.getSalt()),UserRealm.class.getSimpleName());
return info;
}
}
12.LoginController.java
package controller;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import pojo.User;
import service.UserService;
@Controller
public class LoginController {
@Autowired
private UserService userService;
@RequestMapping("/test")
@ResponseBody
public Object searchAllUsers() {
return userService.searchAllUsers();
}
@RequestMapping("/login")
public String login(HttpServletRequest request) {
if(request.getMethod().equalsIgnoreCase("post")) {
String cls = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
if(cls != null) {
System.out.println("登录失败:" + cls);
}
else {
System.out.println("登录成功");
}
return null;
}
System.out.println("-----------------获取登录页面");
return "login";
}
}
三、代码说明
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="loginUrl" value="/login" />
<property name="securityManager" ref="securityManager" />
<property name="filterChainDefinitions">
<value>
/test=authc
/login=authc
</value>
</property>
</bean>
Shiro 过滤器工厂ShiroFilterFactoryBean,其filterChainDefinitions 属性配置相关认证授权的过滤器链,Shiro 提供了一些默认的过滤器实现,名称和类对应关系如下:
其中常用的过滤器有authc、anon,authc 表示需要登录认证的过滤器,anon 表示匿名操作过滤器(不要用认证即可访问)。如上配置表示 /test 请求需要被认证才能访问。如果在未认证就访问 /test 则会跳转到登录页面,登录认证后将会自动获取上次需要被认证的请求。
四、验证结果
1.访问 http://localhost:8080/test4/test 结果如下:
2.输入用户名admin/123 提交:
我们查询出了刚刚访问的 /test 请求的数据。
3.输入不在数据库中的账户或密码时页面将又被重定向到登录页面,控制台也输出相关信息如下: