web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Mi Shopkeeper</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>com.im.cashier.validator.SessionListener</listener-class>
</listener>
<filter>
<filter-name>springUtf8Encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springUtf8Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
shrio的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util" xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="com.im.cashier.service, com.im.cashier.util" />
<context:property-placeholder location="classpath:config.properties" />
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="driverClassName" value="${jdbc.driverClass}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.user}" />
<property name="password" value="${jdbc.password}" />
<property name="filters" value="stat" />
<property name="maxActive" value="20" />
<property name="initialSize" value="1" />
<property name="maxWait" value="60000" />
<property name="minIdle" value="1" />
<property name="timeBetweenEvictionRunsMillis" value="60000" />
<property name="minEvictableIdleTimeMillis" value="300000" />
<property name="validationQuery" value="SELECT 1 FROM dual" />
<property name="testWhileIdle" value="true" />
<property name="testOnBorrow" value="false" />
<property name="testOnReturn" value="false" />
</bean>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="mapperLocations">
<array>
<value>classpath:mapper/*.xml</value>
</array>
</property>
<property name="configLocation" value="classpath:mybatis-config.xml" />
</bean>
<bean id="sqlSession" class="org.mybatis.spring.SqlSessionTemplate" scope="prototype">
<constructor-arg index="0" ref="sqlSessionFactory" />
</bean>
<bean class="tk.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.im.cashier.mapper" />
<property name="markerInterface" value="com.im.cashier.util.MyMapper"/>
<property name="properties">
<value>
ORDER=BEFORE
notEmpty=true
</value>
</property>
</bean>
<aop:aspectj-autoproxy />
<aop:config>
<aop:pointcut id="appService" expression="execution(* com.im.cashier.service..*Service*.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="appService" />
</aop:config>
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="select*" read-only="true" />
<tx:method name="find*" read-only="true" />
<tx:method name="get*" read-only="true" />
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/user/login" />
<property name="filters">
<util:map>
<entry key="authc" value-ref="ajaxAuthenticationFilter" />
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/hh/** = authc
/sys/** = anon
/login.html = anon
/acqcb/** = anon
/cnaps/** = anon
/user/getCaptcha = anon
/user/register = anon
/user/updateUser = anon
<!-- /mer/register = anon -->
/register.html = anon
/mer-register.html = anon
/user/logout = logout
/appfile/**=anon
/upimg/** = anon
/** = authc
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="jdbcRealm" />
</bean>
<bean id="passwordService" class="org.apache.shiro.authc.credential.DefaultPasswordService" />
<bean id="passwordMatcher" class="org.apache.shiro.authc.credential.PasswordMatcher">
<property name="passwordService" ref="passwordService" />
</bean>
<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<property name="name" value="jdbcRealm" />
<property name="dataSource" ref="dataSource" />
<property name="authenticationQuery" value="${jdbcReaml.authcQuery}" />
<property name="credentialsMatcher" ref="passwordMatcher" />
</bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="31457280" />
<property name="defaultEncoding" value="utf-8"/>
</bean>
<import resource="classpath:spring-quartz.xml"/>
</beans>
配置文件(shiro-authenticator-jdbc-realm.ini)
参考配置文件:
[main]
# 配置JDBC数据库连接
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/spring_test
dataSource.username=root
dataSource.password=Mvtech123!@
# JdbcRealm
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource=$dataSource
# 重写SQL查询
#jdbcRealm.authenticationQuery = SELECT password FROM ho_user WHERE name = ?
#jdbcRealm.userRolesQuery = SELECT role FROM ho_user WHERE name = ?
#jdbcRealm.permissionsQuery = SELECT permission FROM ho_user WHERE name = ?
# 指定securityManager的realms实现
securityManager.realms=$jdbcRealm
jdbc.driverClass = oracle.jdbc.OracleDriver
jdbc.url = jdbc:oracle:thin:@172.16.100.241:1521:master
jdbc.user = imcashier
jdbc.password = imcashier
# \u901A\u7528Mapper\u914D\u7F6E
mapper.plugin = tk.mybatis.mapper.generator.MapperPlugin
mapper.Mapper = tk.mybatis.mapper.common.Mapper
# shiro jdbcReaml Configuration
jdbcReaml.authcQuery = select password from sys_user where phone = ?
jdbcReaml.userRolesQuery = select r.code from sys_role r left join sys_user_role_rel f on r.id = f.role_id left join sys_user u on f.user_id = u.id where u.phone = ?
AjaxAuthenticationFilter实现
package com.im.cashier.util;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.im.cashier.constant.GeneralConst;
import com.im.cashier.constant.UserConst;
import com.im.cashier.mapper.LevelMapper;
import com.im.cashier.mapper.MerBankCardMapper;
import com.im.cashier.mapper.MerMapper;
import com.im.cashier.mapper.UserMapper;
import com.im.cashier.model.Level;
import com.im.cashier.model.Mer;
import com.im.cashier.model.MerBankCard;
import com.im.cashier.model.User;
import com.im.cashier.service.ImgService;
import com.im.cashier.service.TransService;
import com.im.cashier.service.UserService;
import com.im.cashier.validator.SessionListener;
@Component("ajaxAuthenticationFilter")
public class AjaxAuthenticationFilter extends FormAuthenticationFilter {
private static final Logger log = LoggerFactory.getLogger(AjaxAuthenticationFilter.class);
@Resource
private UserService userService;
@Autowired
private MerBankCardMapper merBankCardMapper;
@Autowired
private MerMapper merMapper;
@Resource
private TransService transService;
@Resource
private ImgService imgService;
@Resource
private LevelMapper levelMapper;
@Resource
private UserMapper userMapper;
private SessionListener sessionListener = new SessionListener();
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (isLoginRequest(request, response)) {
return executeLogin(request, response);
} else {
response.setContentType("application/json;charset=UTF-8");
// Attempting to access a path which requires authentication.
ObjectMapper m = new ObjectMapper();
PrintWriter pw = response.getWriter();
m.writeValue(pw, new ResponseMsg(UserConst.INVALID_SESSION,"请重新登录"));
return false;
}
}
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request,
ServletResponse response) throws Exception {
response.setContentType("application/json;charset=UTF-8");
User user = new User();
user.setPhone((String) subject.getPrincipal());
user = userService.get(user);
user.setPassword("");
// SecurityUtils.get
HttpSession httpSession = ((HttpServletRequest) request).getSession();
httpSession.setAttribute("userid", user.getPhone());
sessionListener.sessionHandlerByCacheMap(httpSession);
// subject
MerBankCard merBankCard = new MerBankCard();
merBankCard.setCardUserId(user.getId());
merBankCard = merBankCardMapper.selectOne(merBankCard);
Mer mer = new Mer();
mer.setMerUserId(user.getId());
mer = merMapper.selectOne(mer);
Map<String, Object> map = new HashMap<String, Object>();
map.put("user", user);
// 推广的用户数
User temp = new User();
temp.setUserRef((String) subject.getPrincipal());
map.put("referenced_statistics", userMapper.statisticsByLevel(user.getPhone()));
map.put("merBankCard", merBankCard);
map.put("mer", mer);
if(mer!=null){
map.put("open_status", mer.getMerStatus());
map.put("account", transService.getTransCount(mer.getMerNo()));
// 放入商户的等级
Level level = levelMapper.getLevelByMerNo(mer.getMerNo());
map.put("level", level);
}else{
map.put("open_status", "NO");
}
if(merBankCard!=null){
map.put("real_flag", merBankCard.getCardStatus());
}else{
map.put("real_flag", "NO");
}
map.put("headInfo", imgService.getImgStatus((HttpServletRequest)request, "headImg",user));
map.put("jsessionid", subject.getSession(false).getId());
ObjectMapper m = new ObjectMapper();
PrintWriter pw = response.getWriter();
m.writeValue(pw, new ResponseMsg(GeneralConst.SUCCESS, map));
// 将当前用户的信息保存在session中
subject.getSession(false).setAttribute(UserConst.CURR_USER, user);
return false;
}
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request,
ServletResponse response) {
response.setContentType("application/json;charset=UTF-8");
// ajax方式返回登录失败的消息
super.onLoginFailure(token, e, request, response);
ObjectMapper m = new ObjectMapper();
String message = e.getClass().getSimpleName();
String respCode = null;
if ("IncorrectCredentialsException".equals(message)) {
respCode = UserConst.INVALID_PHONE_OR_PASSWORD;
} else if ("UnknownAccountException".equals(message)) {
respCode = UserConst.INVALID_PHONE_OR_PASSWORD;
} else {
respCode = GeneralConst.SYS_ERROR;
}
try {
PrintWriter pw = response.getWriter();
m.writeValue(pw, new ResponseMsg(respCode,"用户名或密码错误"));
} catch (IOException e1) {
log.error("Response exception", e1);
}
return false;
}
}