shiro(认证功能)使用记录

官网:shiro.apache.org 点击打开链接

pom.xml配置:
    		<!-- 引入shiro框架的依赖 -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-all</artifactId>
			<version>1.2.2</version>
		</dependency>
web.xml配置:
	<!-- 配置整合shiro框架 -->
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
applicationContext.xml配置:
	<!-- 配置shiro框架 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" >
		<!-- 注入安全管理器 -->
		<property name="securityManager" ref="securityManager" />
		<!-- 
			URL配置
				loginUrl:未登录状态跳转的页面
				successUrl:登录状态跳转的页面
				unauthorizedUrl:权限不足时跳转的页面
		 -->
		<property name="loginUrl" value="/login.jsp" />
		<property name="successUrl" value="/index.jsp" />
		<property name="unauthorizedUrl" value="/unauthorized.jsp" />
		<!-- 配置URL拦截 -->
		<property name="filterChainDefinitions">
			<value>
				/css/** = anon
				/js/** = anon
				/images/** = anon
				/login.jsp* = anon
				/UserAction_login* = anon
				/validatecode.jsp = anon
				
				/* = authc
			</value>
		</property>
	</bean>
	<!-- 配置安全管理器 -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="bosRealm"></property>
	</bean>
	<!-- 配置Realm -->
	<bean id="bosRealm" class="com.xushuai.bos.realm.BOSRealm"></bean>

Shiro框架提供的过滤器:


实例代码(UserAction):
	/**
	 * 登录(Shiro认证)
	 * @return
	 */
	public String login(){
		//从session中获取生成的验证码
		String vcode = (String) ActionContext.getContext().getSession().get("key");
		//校验验证码
		if(StringUtils.isNotBlank(checkcode) && vcode.equals(checkcode)){//验证码正确
			Subject subject = SecurityUtils.getSubject();
			AuthenticationToken token = new UsernamePasswordToken(model.getUsername(), MD5Utils.md5(model.getPassword()));
			try {
				subject.login(token);
				User user = (User) subject.getPrincipal();
				ActionContext.getContext().getSession().put("user", user);
			} catch (UnknownAccountException e1) {
				e1.printStackTrace();
				this.addActionError("用户名不存在!");
				return LOGIN;
			} catch (IncorrectCredentialsException e2) {
				e2.printStackTrace();
				this.addActionError("密码错误!");
				return LOGIN;
			}
			return HOME;
		}else{//验证码错误
			this.addActionError("验证码错误");
			return LOGIN;
		}
	}
BOSRealm(自定义Realm对象):
package com.xushuai.bos.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;

import com.xushuai.bos.dao.UserDao;
import com.xushuai.bos.entity.User;

public class BOSRealm extends AuthorizingRealm {
	
	@Autowired
	@Qualifier("userDao")
	private UserDao userDao;
	public void setUserDao(UserDao userDao) {
		this.userDao = userDao;
	}

	@Override
	//认证
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
		UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken)authenticationToken;
		String username = usernamePasswordToken.getUsername();
		//根据用户名查询用户
		User user = userDao.findByUsername(username);
		//校验user是否存在
		if(user == null){//用户名不存在
			return null;
		}
		/*
		 * 密码校验shiro框架会自动完成,我们只需要创建一个AuthenticationInfo对象
		 * 并将其返回
		 */
		AuthenticationInfo info = new SimpleAuthenticationInfo(user, user.getPassword(), this.getName());
		
		return info;
	}

	@Override
	//授权
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
		// TODO Auto-generated method stub
		return null;
	}


}


阅读更多
博主设置当前文章不允许评论。

没有更多推荐了,返回首页