1、spring 配置文件
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"></property>
<property name="loginUrl" value="/login.jsp"></property>
<property name="filterChainDefinitions">
<value>
/validatecode.jsp*=anon
/userAction_login.action =anon
/page_base_staff.action = roles["staff"] //在 /* =authc之前,否则不管用 /page_base_staff.action =perms["staff"]
/* =authc
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="realm"></property>
</bean>
<bean id="realm" class="com.dong.bos.web.realm.BosRealm"></bean>
2、Realm 类
public class BosRealm extends AuthorizingRealm {
@Autowired
private IUserDao iUserDao;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addRole("staff"); //addStringPermission
return simpleAuthorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = token.getUsername();
User user = iUserDao.findByUsername(username);
if (user != null) {
/**
* Object principal, 把数据库查询的对象
* Object credentials,证书:写密码自动验证,查询出来的密码
* String realmName,当前的类名
*/
//返回AuthenticationInfo对象,【这个对象会自动验证密码】
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), this.getClass().getSimpleName());
return simpleAuthenticationInfo;
}
return null;
}
}
1799
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
