ssm集成shiro

shiro --------------------maven

<!--    shiro maven-->

    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-core</artifactId>
      <version>1.2.3</version>
    </dependency>
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-ehcache</artifactId>
      <version>1.2.3</version>
    </dependency>
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-web</artifactId>
      <version>1.2.3</version>
    </dependency>
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-spring</artifactId>
      <version>1.2.3</version>
    </dependency>

    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-simple</artifactId>
      <version>1.7.25</version>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-log4j12</artifactId>
      <version>1.7.21</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>log4j</groupId>
      <artifactId>log4j</artifactId>
      <version>1.2.17</version>
    </dependency>

装好maven

import cn.hutool.http.HttpRequest;
import com.water.entity.SyEmp;
import com.water.entity.SyEmpmenupower;
import com.water.service.SyEmpService;
import com.water.service.SyEmpmenupowerService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

public class myRealm extends AuthorizingRealm {

    @Autowired
    private SyEmpService syEmpService;

    @Autowired
    private SyEmpmenupowerService syEmpmenupowerService;


    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
       UsernamePasswordToken usernamePasswordToken= (UsernamePasswordToken)  authenticationToken;
       System.out.println("doGetAuthenticationInfo");
        String empno = usernamePasswordToken.getUsername();
         SyEmp syEmp1=new SyEmp();
        syEmp1.setEmpno(empno);
        SyEmp syEmp = syEmpService.querySy(syEmp1);
        String realName = this.getName();
        SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(syEmp.getEmpno(),syEmp.getPwd(),realName);
        return info;
    }


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String princaipal = (String) principalCollection.getPrimaryPrincipal();
        Set<String> roles=new HashSet<>();
        System.out.println("===============================================================================================================");

        System.out.println(princaipal);
        System.out.println("===============================================================================================================");
        SyEmp syEmp1=new SyEmp();
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        HttpSession session = request.getSession();
      SyEmp syEmp= (SyEmp) session.getAttribute("user");
     String id= syEmp.getId().toString();
 List<SyEmpmenupower> syEmpmenupowerList=   syEmpmenupowerService.findQuanList(id);
                //        //给一个初始权限
        for (SyEmpmenupower syEmpmenupower : syEmpmenupowerList) {
            System.out.println(syEmpmenupower.getMenuid());
            Integer menuid=syEmpmenupower.getMenuid();
            roles.add(menuid.toString());
        }

        roles.add("user");
//        admin admin = adminService.queryOneAdmin(princaipal);
//        int authoid = admin.getAuthority().getAuthoid();
//        //给权限
//        if(authoid>=2){
            roles.add("admin");
//        }
        System.out.println(roles+"所有的权限");
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(roles);

        return info;
    }


}

doGetAuthenticationInfo的方法作为认证

当登录时调用shiro的登录方法（上面标注的红框都是shiro的代码）
shiro就会去去上面的doGetAuthenticationInfo的方法作为认证
到了doGetAuthenticationInfo方法去数据库查询用户名和密码，看数据库中是否有这个用户，如果查到就把他们放到info中，（主要是返回的如果返回的是对象，就继续Controller中的代码,跳转界面成功登录
如果返回的是空，上面的currentSubject.login(token)就会报错
try{}catch{}就会执行catch{}中的代码在里面就跳转到登录界面继续登录

配置spring-shiro.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
		http://www.springframework.org/schema/context
		http://www.springframework.org/schema/context/spring-context-3.2.xsd
		http://www.springframework.org/schema/aop
		http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
		http://www.springframework.org/schema/tx
		http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
		http://www.springframework.org/schema/mvc
		http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
">

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="Realm"/>
    </bean>

    <bean id="Realm" class="com.water.Realm.myRealm">

    </bean>


    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor">
    </bean>


    <!-- 开启shiro注解模式  -->
    <bean
            class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
            depends-on="lifecycleBeanPostProcessor" >
        <property name="proxyTargetClass" value="true" />
    </bean>

    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>
    <!--/开启shiro注解模式-->



    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
      <!--登录界面-->
        <property name="loginUrl" value="/"/>
            <!--登录成功界面-->
        <property name="successUrl" value="/workspace"/>
        <!--无权限界面-->
        <property name="unauthorizedUrl" value="/noquan.html"/>
        <!--安全管理器-->
        <property name="securityManager" ref="securityManager"/>
          <!--过滤内容-->
        <property name="filterChainDefinitions">
            <value>
            <!--anno  |||||||无权限也可访问    -->
                / = anon     
                  <!--logout  |||||||登出    --> 
                /syEmp/loginout =logout
                <!--/css/** = anon-->
                <!--/js/** = anon-->
                <!--/images/** = anon-->
                /syEmp/login = anon
                /syArea/** =roles[admin]
                /syEmp/** =roles[60]
                /syArea/**=roles[601]
                /syMetertype/**=roles[602]
     <!--roles  |||||||  roles[权限名]    --> 
          <!--roles  |||||||  roles[权限名]    如果是多个权限roles["权限名1,权限名2"]--> 
                <!--/delAdmin/* =roles[admin]-->
                <!--/changeDept =roles[admin]-->
                <!--/addDept =roles[admin]-->
                <!--/delDept/* =roles[admin]-->
                <!--/AddEmp =roles[admin]-->
                <!--/changeEmp =roles[admin]-->
                <!--/delEmp/* =roles[admin]-->
                <!--/toLogList/* =roles[admin]-->
                <!--/changeRemark =roles[admin]-->
                <!--/toPublishList =roles[admin]-->
                <!--/publish =roles[admin]-->

                <!--/** =anon-->
            </value>

        </property>

    </bean>










</beans>

web.xml

<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>


<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

如果报错shiro.bean没这个类
就是你没加载
spring-shir.xml
在你的application.xml文件中或者（spring.xml文件中，叫法各异，就是在你的spring配置文件中加上,如果你把spring-mvc.xml,spring-mybaits.xml,从application.xml中剥离出来了那就在spring-mvc.xml中导入，还保错的话，就在spring-mybatis.xml中导入。多尝试，尝试。
可能有一个优先级，加载顺序。）

当你要访问某个权限界面
他会进入doGetAuthorizationInfo中授权

如果没有权限就进行没有权限的操作，给他跳一个没有权限的界面

当然，你也可以把他没有权限的页面不显示出来，就是你的权限是多少就显示相应的页面给你。
这个就用到了ssm+shiro+ftl
如果是jsp页面导入shiro标签库即可
但是是ftl页面就需要进行一些配置
详情请见ftl+shiro
添加完之后

就可以愉快的使用shiro标签了
上面这个标签的意思就是
有这个admin权限就显示Hello admin!

jsp页面引用shiro标签

参考这位大佬的文章https://blog.csdn.net/weixin_42183336/article/details/81584467

至此，简单的shiro框架就搭建好了，smm+shiro集成shiro。
推荐三个大佬的shiroDemo , ssm集成shrio的demo
https://gitee.com/youzhengjie/ssm.shiro/repository/archive/master.zip?ref=master&sha=25eab2f146b10dd3fa4ced44a48965e6ab5d6de4&format=zip&captcha_type=yunpian&token=06c4e4793bf34ff298903062d59ecc39&authenticate=938ea5cd5e3d4e329aab7f866b6a7fb6

https://codeload.github.com/lastwhispers/permission/zip/master

https://cdn.yinshua86.com/demo/SpringMVC-Mybatis-Shiro-redis-0.2-master.zip?attname=