shiro与spring整合直接使用jdbcRealm

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	version="3.0">
	<display-name>Mi Shopkeeper</display-name>
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:spring.xml</param-value>
	</context-param>
	<listener>
		<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<listener>  
        <listener-class>com.im.cashier.validator.SessionListener</listener-class>          
	</listener>  
	
	<filter>
		<filter-name>springUtf8Encoding</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
		<init-param>
			<param-name>forceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>springUtf8Encoding</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
		
	

	<servlet>
		<servlet-name>spring</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>classpath:spring-mvc.xml</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>spring</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>
</web-app>

shrio的配置文件

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:util="http://www.springframework.org/schema/util" xmlns="http://www.springframework.org/schema/beans"
	xsi:schemaLocation="
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

	<context:component-scan base-package="com.im.cashier.service, com.im.cashier.util" />
	<context:property-placeholder location="classpath:config.properties" />

	<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
		<property name="driverClassName" value="${jdbc.driverClass}" />
		<property name="url" value="${jdbc.url}" />
		<property name="username" value="${jdbc.user}" />
		<property name="password" value="${jdbc.password}" />
		<property name="filters" value="stat" />
		<property name="maxActive" value="20" />
		<property name="initialSize" value="1" />
		<property name="maxWait" value="60000" />
		<property name="minIdle" value="1" />
		<property name="timeBetweenEvictionRunsMillis" value="60000" />
		<property name="minEvictableIdleTimeMillis" value="300000" />
		<property name="validationQuery" value="SELECT 1 FROM dual" />
		<property name="testWhileIdle" value="true" />
		<property name="testOnBorrow" value="false" />
		<property name="testOnReturn" value="false" />
	</bean>

	<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
		<property name="dataSource" ref="dataSource" />
	</bean>

	<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
		<property name="dataSource" ref="dataSource" />
		<property name="mapperLocations">
			<array>
				<value>classpath:mapper/*.xml</value>
			</array>
		</property>
		<property name="configLocation" value="classpath:mybatis-config.xml" />
	</bean>

	<bean id="sqlSession" class="org.mybatis.spring.SqlSessionTemplate" scope="prototype">
		<constructor-arg index="0" ref="sqlSessionFactory" />
	</bean>

	<bean class="tk.mybatis.spring.mapper.MapperScannerConfigurer">
		<property name="basePackage" value="com.im.cashier.mapper" />
		<property name="markerInterface" value="com.im.cashier.util.MyMapper"/>
		<property name="properties">
			<value>
				ORDER=BEFORE
				notEmpty=true
			</value>
		</property>
	</bean>

	<aop:aspectj-autoproxy />

	<aop:config>
		<aop:pointcut id="appService" expression="execution(* com.im.cashier.service..*Service*.*(..))" />
		<aop:advisor advice-ref="txAdvice" pointcut-ref="appService" />
	</aop:config>

	<tx:advice id="txAdvice" transaction-manager="transactionManager">
		<tx:attributes>
			<tx:method name="select*" read-only="true" />
			<tx:method name="find*" read-only="true" />
			<tx:method name="get*" read-only="true" />
			<tx:method name="*" />
		</tx:attributes>
	</tx:advice>

	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />
		<property name="loginUrl" value="/user/login" />
		<property name="filters">
			<util:map>
				<entry key="authc" value-ref="ajaxAuthenticationFilter" />
			</util:map>
		</property> 
		<property name="filterChainDefinitions">
			<value>
				/hh/** = authc
				/sys/** = anon
				/login.html = anon
				/acqcb/** = anon
				/cnaps/** = anon
				/user/getCaptcha = anon
				/user/register = anon
				/user/updateUser = anon
				<!-- /mer/register = anon -->
				/register.html = anon
				/mer-register.html = anon
				/user/logout = logout
				 
				/appfile/**=anon
				/upimg/** = anon 
				/** = authc
			</value>
		</property>
	</bean>
	
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="jdbcRealm" />
	</bean>
	
	<bean id="passwordService" class="org.apache.shiro.authc.credential.DefaultPasswordService" />

	<bean id="passwordMatcher" class="org.apache.shiro.authc.credential.PasswordMatcher">
		<property name="passwordService" ref="passwordService" />
	</bean>
	
	<bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
		<property name="name" value="jdbcRealm" />
		<property name="dataSource" ref="dataSource" />
		<property name="authenticationQuery" value="${jdbcReaml.authcQuery}" />
		<property name="credentialsMatcher" ref="passwordMatcher" />
	</bean>
	
	<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">  
    	<property name="maxUploadSize" value="31457280" />  
    	<property name="defaultEncoding" value="utf-8"/>
	</bean>
	<import resource="classpath:spring-quartz.xml"/>
</beans>

配置文件(shiro-authenticator-jdbc-realm.ini)

参考配置文件：

[main]
# 配置JDBC数据库连接
dataSource=com.alibaba.druid.pool.DruidDataSource
dataSource.driverClassName=com.mysql.jdbc.Driver
dataSource.url=jdbc:mysql://localhost:3306/spring_test
dataSource.username=root
dataSource.password=Mvtech123!@
 
# JdbcRealm
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource=$dataSource
 
# 重写SQL查询
#jdbcRealm.authenticationQuery = SELECT password FROM ho_user WHERE name = ?
#jdbcRealm.userRolesQuery = SELECT role FROM ho_user WHERE name = ?
#jdbcRealm.permissionsQuery = SELECT permission FROM ho_user WHERE name = ?
 
# 指定securityManager的realms实现
securityManager.realms=$jdbcRealm

jdbc.driverClass = oracle.jdbc.OracleDriver
jdbc.url = jdbc:oracle:thin:@172.16.100.241:1521:master
jdbc.user = imcashier
jdbc.password = imcashier

# \u901A\u7528Mapper\u914D\u7F6E
mapper.plugin = tk.mybatis.mapper.generator.MapperPlugin
mapper.Mapper = tk.mybatis.mapper.common.Mapper

# shiro jdbcReaml Configuration
jdbcReaml.authcQuery = select password from sys_user where phone = ?
jdbcReaml.userRolesQuery = select r.code from sys_role r left join sys_user_role_rel f on r.id = f.role_id left join sys_user u on f.user_id = u.id where u.phone = ?

AjaxAuthenticationFilter实现

package com.im.cashier.util;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

import javax.annotation.Resource;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.im.cashier.constant.GeneralConst;
import com.im.cashier.constant.UserConst;
import com.im.cashier.mapper.LevelMapper;
import com.im.cashier.mapper.MerBankCardMapper;
import com.im.cashier.mapper.MerMapper;
import com.im.cashier.mapper.UserMapper;
import com.im.cashier.model.Level;
import com.im.cashier.model.Mer;
import com.im.cashier.model.MerBankCard;
import com.im.cashier.model.User;
import com.im.cashier.service.ImgService;
import com.im.cashier.service.TransService;
import com.im.cashier.service.UserService;
import com.im.cashier.validator.SessionListener;

@Component("ajaxAuthenticationFilter")
public class AjaxAuthenticationFilter extends FormAuthenticationFilter {

	private static final Logger log = LoggerFactory.getLogger(AjaxAuthenticationFilter.class);
	
	@Resource
	private UserService userService;
	@Autowired
	private MerBankCardMapper merBankCardMapper;
	@Autowired
	private MerMapper merMapper;
	@Resource
	private TransService transService;
	@Resource
	private ImgService imgService;
	@Resource
	private LevelMapper levelMapper;
	@Resource
	private UserMapper userMapper;
	
	private SessionListener sessionListener = new SessionListener();

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		if (isLoginRequest(request, response)) {
			return executeLogin(request, response);
		} else {
			response.setContentType("application/json;charset=UTF-8");
			// Attempting to access a path which requires authentication.
			ObjectMapper m = new ObjectMapper();
			PrintWriter pw = response.getWriter();
			m.writeValue(pw, new ResponseMsg(UserConst.INVALID_SESSION,"请重新登录"));
			return false;
		}
	}

	@Override
	protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request,
			ServletResponse response) throws Exception {
		
		response.setContentType("application/json;charset=UTF-8");
		
		User user = new User();
		user.setPhone((String) subject.getPrincipal());
		user = userService.get(user);
		user.setPassword("");
//		SecurityUtils.get
		HttpSession httpSession = ((HttpServletRequest) request).getSession();
		httpSession.setAttribute("userid", user.getPhone());
		sessionListener.sessionHandlerByCacheMap(httpSession);
//		subject
		
		MerBankCard merBankCard = new MerBankCard();
		merBankCard.setCardUserId(user.getId());
		merBankCard = merBankCardMapper.selectOne(merBankCard);
		
		Mer mer = new Mer();
		mer.setMerUserId(user.getId());
		mer = merMapper.selectOne(mer);
		
		Map<String, Object> map = new HashMap<String, Object>();
		map.put("user", user);
		// 推广的用户数
		User temp = new User();
		temp.setUserRef((String) subject.getPrincipal());
		map.put("referenced_statistics", userMapper.statisticsByLevel(user.getPhone()));
		
		map.put("merBankCard", merBankCard);
		map.put("mer", mer);
		
		if(mer!=null){
			map.put("open_status", mer.getMerStatus());
			map.put("account", transService.getTransCount(mer.getMerNo()));
			
			// 放入商户的等级
			Level level = levelMapper.getLevelByMerNo(mer.getMerNo());
			map.put("level", level);
		}else{
			map.put("open_status", "NO");
		}
		if(merBankCard!=null){
			map.put("real_flag", merBankCard.getCardStatus());
		}else{
			map.put("real_flag", "NO");
		}
		
		map.put("headInfo", imgService.getImgStatus((HttpServletRequest)request, "headImg",user));
		map.put("jsessionid", subject.getSession(false).getId());
		ObjectMapper m = new ObjectMapper();
		PrintWriter pw = response.getWriter();
		m.writeValue(pw, new ResponseMsg(GeneralConst.SUCCESS, map));
		// 将当前用户的信息保存在session中
		subject.getSession(false).setAttribute(UserConst.CURR_USER, user);
		return false;
	}

	@Override
	protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request,
			ServletResponse response) {
		response.setContentType("application/json;charset=UTF-8");
		// ajax方式返回登录失败的消息
		super.onLoginFailure(token, e, request, response);
		ObjectMapper m = new ObjectMapper();
		String message = e.getClass().getSimpleName();
		String respCode = null;
		if ("IncorrectCredentialsException".equals(message)) {
			respCode = UserConst.INVALID_PHONE_OR_PASSWORD;
		} else if ("UnknownAccountException".equals(message)) {
			respCode = UserConst.INVALID_PHONE_OR_PASSWORD;
		} else {
			respCode = GeneralConst.SYS_ERROR;
		}
		try {
			PrintWriter pw = response.getWriter();
			m.writeValue(pw, new ResponseMsg(respCode,"用户名或密码错误"));
		} catch (IOException e1) {
			log.error("Response exception", e1);
		}
		return false;
	}

}