shiro --------------------maven
<!-- shiro maven-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.7.25</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.21</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
装好maven
import cn.hutool.http.HttpRequest;
import com.water.entity.SyEmp;
import com.water.entity.SyEmpmenupower;
import com.water.service.SyEmpService;
import com.water.service.SyEmpmenupowerService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
public class myRealm extends AuthorizingRealm {
@Autowired
private SyEmpService syEmpService;
@Autowired
private SyEmpmenupowerService syEmpmenupowerService;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken usernamePasswordToken= (UsernamePasswordToken) authenticationToken;
System.out.println("doGetAuthenticationInfo");
String empno = usernamePasswordToken.getUsername();
SyEmp syEmp1=new SyEmp();
syEmp1.setEmpno(empno);
SyEmp syEmp = syEmpService.querySy(syEmp1);
String realName = this.getName();
SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(syEmp.getEmpno(),syEmp.getPwd(),realName);
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String princaipal = (String) principalCollection.getPrimaryPrincipal();
Set<String> roles=new HashSet<>();
System.out.println("===============================================================================================================");
System.out.println(princaipal);
System.out.println("===============================================================================================================");
SyEmp syEmp1=new SyEmp();
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
HttpSession session = request.getSession();
SyEmp syEmp= (SyEmp) session.getAttribute("user");
String id= syEmp.getId().toString();
List<SyEmpmenupower> syEmpmenupowerList= syEmpmenupowerService.findQuanList(id);
// //给一个初始权限
for (SyEmpmenupower syEmpmenupower : syEmpmenupowerList) {
System.out.println(syEmpmenupower.getMenuid());
Integer menuid=syEmpmenupower.getMenuid();
roles.add(menuid.toString());
}
roles.add("user");
// admin admin = adminService.queryOneAdmin(princaipal);
// int authoid = admin.getAuthority().getAuthoid();
// //给权限
// if(authoid>=2){
roles.add("admin");
// }
System.out.println(roles+"所有的权限");
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(roles);
return info;
}
}
doGetAuthenticationInfo的方法作为认证
当登录时调用shiro的登录方法(上面标注的红框都是shiro的代码)
shiro就会去去上面的doGetAuthenticationInfo的方法作为认证
到了doGetAuthenticationInfo方法去数据库查询用户名和密码,看数据库中是否有这个用户,如果查到就把他们放到info中,(主要是返回的如果返回的是对象,就继续Controller中的代码,跳转界面成功登录
如果返回的是空,上面的currentSubject.login(token)就会报错
try{}catch{}就会执行catch{}中的代码在里面就跳转到登录界面继续登录
配置spring-shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
">
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="Realm"/>
</bean>
<bean id="Realm" class="com.water.Realm.myRealm">
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor">
</bean>
<!-- 开启shiro注解模式 -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" >
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<!--/开启shiro注解模式-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!--登录界面-->
<property name="loginUrl" value="/"/>
<!--登录成功界面-->
<property name="successUrl" value="/workspace"/>
<!--无权限界面-->
<property name="unauthorizedUrl" value="/noquan.html"/>
<!--安全管理器-->
<property name="securityManager" ref="securityManager"/>
<!--过滤内容-->
<property name="filterChainDefinitions">
<value>
<!--anno |||||||无权限也可访问 -->
/ = anon
<!--logout |||||||登出 -->
/syEmp/loginout =logout
<!--/css/** = anon-->
<!--/js/** = anon-->
<!--/images/** = anon-->
/syEmp/login = anon
/syArea/** =roles[admin]
/syEmp/** =roles[60]
/syArea/**=roles[601]
/syMetertype/**=roles[602]
<!--roles ||||||| roles[权限名] -->
<!--roles ||||||| roles[权限名] 如果是多个权限roles["权限名1,权限名2"]-->
<!--/delAdmin/* =roles[admin]-->
<!--/changeDept =roles[admin]-->
<!--/addDept =roles[admin]-->
<!--/delDept/* =roles[admin]-->
<!--/AddEmp =roles[admin]-->
<!--/changeEmp =roles[admin]-->
<!--/delEmp/* =roles[admin]-->
<!--/toLogList/* =roles[admin]-->
<!--/changeRemark =roles[admin]-->
<!--/toPublishList =roles[admin]-->
<!--/publish =roles[admin]-->
<!--/** =anon-->
</value>
</property>
</bean>
</beans>
web.xml
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
如果报错shiro.bean没这个类
就是你没加载
spring-shir.xml
在你的application.xml文件中或者(spring.xml文件中,叫法各异,就是在你的spring配置文件中加上,如果你把spring-mvc.xml,spring-mybaits.xml,从application.xml中剥离出来了那就在spring-mvc.xml中导入,还保错的话,就在spring-mybatis.xml中导入。多尝试,尝试。
可能有一个优先级,加载顺序。)
当你要访问某个权限界面
他会进入doGetAuthorizationInfo中授权
如果没有权限就进行没有权限的操作,给他跳一个没有权限的界面
当然,你也可以把他没有权限的页面不显示出来,就是你的权限是多少就显示相应的页面给你。
这个就用到了ssm+shiro+ftl
如果是jsp页面导入shiro标签库即可
但是是ftl页面就需要进行一些配置
详情请见ftl+shiro
添加完之后
就可以愉快的使用shiro标签了
上面这个标签的意思就是
有这个admin权限就显示Hello admin!
jsp页面引用shiro标签
参考这位大佬的文章https://blog.csdn.net/weixin_42183336/article/details/81584467
至此,简单的shiro框架就搭建好了,smm+shiro集成shiro。
推荐三个大佬的shiroDemo , ssm集成shrio的demo
https://gitee.com/youzhengjie/ssm.shiro/repository/archive/master.zip?ref=master&sha=25eab2f146b10dd3fa4ced44a48965e6ab5d6de4&format=zip&captcha_type=yunpian&token=06c4e4793bf34ff298903062d59ecc39&authenticate=938ea5cd5e3d4e329aab7f866b6a7fb6
https://codeload.github.com/lastwhispers/permission/zip/master
https://cdn.yinshua86.com/demo/SpringMVC-Mybatis-Shiro-redis-0.2-master.zip?attname=