Shiro简介
Shiro是一个用户权限控制框架。shiro是基于Filter封装的一个框架。
Shiro中核心类:
- SecurityManager :厨师,是真正的业务操作者
- Subject:服务员,负责提供API接口给用户使用。
- SecurityUtils:餐厅,用来将厨师和服务员整合到一起,提供完整的服务。
- Realm:材料,数据(数据库的数据),一般跟SecurityManager 配置使用
(用法:1、整合spring来用、2、servlet使用、3、Java代码)
Shiro整合Spring配置
导包
<!--shiro框架的核心jar包-->
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
web.xml中的配置
<!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
...
<!-- Make sure any request you want accessible to Shiro is filtered. /* catches all -->
<!-- requests. Usually this filter mapping is defined first (before all others) to -->
<!-- ensure that Shiro works in subsequent filters in the filter chain: -->
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Spring.xml中的配置
<!-- Define the realm you want to use to connect to your back-end security datasource: -->
<bean id="myRealm" class="...">
...
</bean>
<bean id="securityManager" class="org.apache.shiro.mgt.DefaultSecurityManager">
<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
<property name="realm" ref="myRealm"/>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- For simplest integration, so that all SecurityUtils.* methods work in all cases, -->
<!-- make the securityManager bean a static singleton. DO NOT do this in web -->
<!-- applications - see the 'Web Applications' section below instead. -->
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
Shiro网页标签
导入shiro标签库
<%@ taglib prefix=“shiro” uri=“http://shiro.apache.org/tags” %>
使用举例
<shiro:hasRole name="administrator">
<a href="admin.jsp">Administer the system</a>
</shiro:hasRole>
Shiro默认表设计
CREATE TABLE `roles_permissions` (
`_id` int(11) NOT NULL AUTO_INCREMENT,
`permission` varchar(40) DEFAULT NULL,
`role_name` varchar(100) DEFAULT NULL,
PRIMARY KEY (`_id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;
CREATE TABLE `user_roles` (
`_id` int(11) NOT NULL AUTO_INCREMENT,
`role_name` varchar(100) DEFAULT NULL,
`username` varchar(40) DEFAULT NULL,
PRIMARY KEY (`_id`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
CREATE TABLE `users` (
`_id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(40) DEFAULT NULL,
`password` varchar(100) DEFAULT NULL,
`password_salt` varchar(100) DEFAULT NULL,
PRIMARY KEY (`_id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;