在ssm已有基础上集成shiro

pom.xml:

<shiro.version>1.2.5</shiro.version> 
<!-- SECURITY begin :进行用户认证以及授予权限的时候,通过各种各样的拦截器来控制权限的访问,从而实现安全 -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>${shiro.version}</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-ehcache</artifactId>
            <version>${shiro.version}</version>
        </dependency>

applicationContext-shiro.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login"/><!--登录页面-->
        <property name="successUrl" value="/main"/><!--登录成功页面,如果自己设置了返回页面,则不跳转-->
        <property name="unauthorizedUrl" value="/error"/><!-- 没有权限跳转的地址 -->
        <property name="filterChainDefinitions">
            <value>
                /static/**=anon <!--表示都可以访问-->
                /error=authc
                /login=anon
                /**=authc <!--authc表示需要认证才能访问的页面-->
            </value>
        </property>
    </bean>

    <!-- 配置启用Shiro的注解功能 -->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
          depends-on="lifecycleBeanPostProcessor">
        <property name="proxyTargetClass" value="true"/>
    </bean>
    <!-- 自定义Realm -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="myRealm"/>
    </bean>
    <!-- 注入到自定义Realm -->
    <bean id="myRealm" class="com.emr.shiro.myRealm"/>
    <!--Shiro生命周期处理器-->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
</beans>
myRealm.java:
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.HashSet;
import java.util.Set;

public class myRealm extends AuthorizingRealm {
    /**
     * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //获取登录者权限菜单集合
        /*String menuStr = "test1";
        String menuStr1 = "toLogin";
        String menuStr2 = "login";*/
        Set<String> menus = new HashSet<String>();
        /*menus.add(menuStr);
        menus.add(menuStr1);
        menus.add(menuStr2);*/
        // 用户权限列表
        Set<String> permsSet = new HashSet<String>();
        if(null != menus && !menus.isEmpty()){
            for(String menu : menus){
                if(StringUtils.isNoneBlank(menu)){
                    permsSet.add(menu);
                }
            }
        }
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.setStringPermissions(permsSet);
        return info;
    }

    /**
     * 认证回调函数,登录时调用.
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        //通过表单接收的用户名
        String username = token.getUsername();
        String userpwd = String.valueOf(token.getPassword());
        if (StringUtils.isNotBlank(username)) {
            return new SimpleAuthenticationInfo(username, userpwd, getName());
        }
        return null;
    }
}

web.xml:

     <!--shiro-->
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            classpath:config/applicationContext.xml
            classpath:config/applicationContext-shiro.xml
        </param-value>
    </context-param>

LoginController.java:

    @RequestMapping(value="login",method = RequestMethod.POST)
    public String login(String userName,String password){
        if(StringUtils.isNoneBlank(userName)) {
            UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
            Subject subject = SecurityUtils.getSubject();
            subject.login(userToken);
        }
        return "page/main";
    }

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值