Shiro安全框架第九篇| Spring整合Shiro(二)

最新推荐文章于 2024-04-21 23:14:09 发布

jiuyueblog

最新推荐文章于 2024-04-21 23:14:09 发布

阅读量611

点赞数 1

分类专栏： Shiro安全框架学习 Shiro安全框架学习

本文链接：https://blog.csdn.net/qq_37745470/article/details/84849632

版权

Shiro安全框架学习同时被 2 个专栏收录

9 篇文章 0 订阅

订阅专栏

Shiro安全框架学习

8 篇文章 0 订阅

订阅专栏

spring整合shiro

做技术的永远别丢了技术，除非你已经考虑好换行了。热情和危机感并存，保持对技术的热情，不断学习新技术，对已掌握的技术要了解的更系统。

项目需要引入的依赖包,因为要连接mysql数据库，所以引入了mysql驱动、数据源以及JDBC。

 1   <dependencies>
 2        <dependency>
 3            <groupId>org.springframework</groupId>
 4            <artifactId>spring-context</artifactId>
 5            <version>5.0.8.RELEASE</version>
 6        </dependency>
 7        <dependency>
 8            <groupId>org.springframework</groupId>
 9            <artifactId>spring-webmvc</artifactId>
10            <version>5.0.8.RELEASE</version>
11        </dependency>
12        <dependency>
13            <groupId>org.apache.shiro</groupId>
14            <artifactId>shiro-core</artifactId>
15            <version>1.4.0</version>
16        </dependency>
17        <dependency>
18            <groupId>org.apache.shiro</groupId>
19            <artifactId>shiro-spring</artifactId>
20            <version>1.4.0</version>
21        </dependency>
22        <dependency>
23            <groupId>org.apache.shiro</groupId>
24            <artifactId>shiro-web</artifactId>
25            <version>1.4.0</version>
26        </dependency>
27        <!--mysql数据库驱动-->
28        <dependency>
29            <groupId>mysql</groupId>
30            <artifactId>mysql-connector-java</artifactId>
31        </dependency>
32        <!--数据源-->
33        <dependency>
34            <groupId>com.alibaba</groupId>
35            <artifactId>druid</artifactId>
36            <version>1.1.10</version>
37        </dependency>
38        <!--JDBC-->
39        <dependency>
40            <groupId>org.springframework</groupId>
41            <artifactId>spring-jdbc</artifactId>
42            <version>5.0.8.RELEASE</version>
43        </dependency>
44    </dependencies>

web.xml文件

 1<?xml version="1.0" encoding="UTF-8"?>
 2<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
 3         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
 5         version="4.0">
 6
 7    <!--配置Shiro过滤器-->
 8    <filter>
 9        <filter-name>shiroFilter</filter-name>
10        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
11    </filter>
12    <filter-mapping>
13        <filter-name>shiroFilter</filter-name>
14        <url-pattern>/*</url-pattern>
15    </filter-mapping>
16
17    <!--配置spring文件-->
18    <context-param>
19        <param-name>contextConfigLocation</param-name>
20        <param-value>classpath*:spring/spring.xml</param-value>
21    </context-param>
22
23    <listener>
24        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
25    </listener>
26
27    <listener>
28        <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
29    </listener>
30    <!--配置springmvc-->
31    <servlet>
32        <servlet-name>dispatcherServlet</servlet-name>
33        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
34        <init-param>
35            <param-name>contextConfigLocation</param-name>
36            <param-value>classpath*:spring/springmvc.xml</param-value>
37        </init-param>
38        <load-on-startup>1</load-on-startup>
39    </servlet>
40    <servlet-mapping>
41        <servlet-name>dispatcherServlet</servlet-name>
42        <url-pattern>/</url-pattern>
43    </servlet-mapping>
44    <welcome-file-list>
45        <welcome-file>/login.html</welcome-file>
46    </welcome-file-list>
47</web-app>

springmvc.xml

 1<?xml version="1.0" encoding="UTF-8"?>
 2<beans xmlns="http://www.springframework.org/schema/beans"
 3       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4       xmlns:context="http://www.springframework.org/schema/context"
 5       xmlns:mvc="http://www.springframework.org/schema/mvc"
 6       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
 7        <!--扫描controller-->
 8        <context:component-scan base-package="com.jiuyue.controller"/>
 9        <mvc:annotation-driven/>
10        <!--排除静态文件-->
11        <mvc:resources mapping="/*" location="/"/>
12</beans>

配置数据源，注册JdbcTemplate类Bean
spring-dao.xml

 1<?xml version="1.0" encoding="UTF-8"?>
 2<beans xmlns="http://www.springframework.org/schema/beans"
 3       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 5    <!--配置数据源-->
 6    <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource">
 7        <property name="url" value="jdbc:mysql://localhost:3306/test"/>
 8        <property name="username" value="root"/>
 9        <property name="password" value="1111"/>
10    </bean>
11
12    <!--JDBC模板接口,并引入数据源-->
13    <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
14        <property name="dataSource" ref="dataSource"/>
15    </bean>
16</beans>

spring.xml
需要将spring-dao导入到spring,需要扫描com.jiuyue包下的组件注册成Bean,比如与数据库交接的UserDaoImpl类上要注解@Component,让spring知道这是一个组件，并通过扫描包将其注册成Bean。

 1<?xml version="1.0" encoding="UTF-8"?>
 2<beans xmlns="http://www.springframework.org/schema/beans"
 3       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4       xmlns:context="http://www.springframework.org/schema/context"
 5       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
 6    <!--将spring-dao配置-->
 7    <import resource="spring-dao.xml" />
 8    <!--扫描将组件引入-->
 9    <context:component-scan base-package="com.jiuyue"/>
10    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
11        <property name="securityManager" ref="securityManager"></property>
12        <property name="loginUrl" value="login.html"></property>
13        <property name="unauthorizedUrl" value="403.html"></property>
14        <property name="filterChainDefinitions">
15            <value>
16                /login.html=anon
17                /userLogin=anon
18                /*=authc
19            </value>
20        </property>
21    </bean>
22    <!--创建 securityManager 对象-->
23    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
24        <property name="realm" ref="realm"></property>
25    </bean>
26
27    <bean id="realm" class="com.jiuyue.shiro.realm.CustomRealm">
28        <property name="credentialsMatcher" ref="credentialsMatcher"></property>
29    </bean>
30
31    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
32        <property name="hashAlgorithmName" value="md5"></property>
33        <property name="hashIterations" value="1"></property>
34    </bean>
35</beans>

自定义的realm
与数据库的用户信息进行认证。

 1public class CustomRealm extends AuthorizingRealm {
 2    @Resource
 3    private UserDao userDao;
 4
 5//    Map<String,String> userMap = new HashMap<>();
 6//    {
 7//         String password="12345";
 8//         Md5Hash md5Hash = new Md5Hash(password);
 9//         userMap.put("jiuyue",md5Hash.toString());
10//         super.setName("customReal");
11//    }
12    @Override
13    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
14        return null;
15    }
16
17    @Override
18    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
19        //1、从主体中获取认证信息的用户名
20        String userName = (String) token.getPrincipal();
21        //2、通过用户名获得密码
22        String password = getPasswordByUsername(userName);
23        if (password == null){
24            return null;
25        }else {
26            //查询到用户，则返回AuthenticationInfo对象
27            SimpleAuthenticationInfo simpleAuthenticationInfo =
28                    new SimpleAuthenticationInfo(userName,password,"customReal");
29            return simpleAuthenticationInfo;
30        }
31    }
32
33    /**
34     * 通过username从集合中（数据库中返回password）
35     * @param username
36     * @return
37     */
38    private String getPasswordByUsername(String username) {
39        //return userMap.get(username);
40        User user = userDao.getUserByUserName(username);
41        if (user != null) {
42            return user.getPassword();
43        }
44        return null;
45    }
46}

controller控制器

 1@Controller
 2public class UserController {
 3    @RequestMapping(value = "userLogin",method = RequestMethod.POST,
 4    produces = "application/json;charset=utf-8")
 5    @ResponseBody
 6    public String login(User user){
 7         String password="12345";
 8         Md5Hash md5Hash = new Md5Hash(password);
 9        System.out.println("md5:"+md5Hash.toString());
10        //主体
11        Subject subject = SecurityUtils.getSubject();
12        //主体提交请求
13        UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());
14        try {
15            subject.login(token);
16        }catch (AuthenticationException e){
17            return e.getMessage();
18        }
19        return "登录成功";
20    }
21}

“扫码关注“