一、最终效果图(比较简陋,但基本功能已有)
二、项目搭建
- pom.xml
-
<properties> <spring-version>4.3.10.RELEASE</spring-version> <aspectjweaver.version>1.8.13</aspectjweaver.version> <shiro-spring.version>1.4.0</shiro-spring.version> <mybatis.version>3.4.6</mybatis.version> <mybatis-spring.version>1.3.2</mybatis-spring.version> <druid.version>1.0.14</druid.version> <mysql.version>5.1.10</mysql.version> <jsp-api.version>2.2</jsp-api.version> <servlet-api.version>2.5</servlet-api.version> <jstl.version>1.2</jstl.version> </properties> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring-version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>${spring-version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${spring-version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring-version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring-version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>${spring-version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring-version}</version> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>${aspectjweaver.version}</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>${shiro-spring.version}</version> </dependency> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>${mybatis.version}</version> </dependency> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>${mybatis-spring.version}</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>${druid.version}</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql.version}</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>${jsp-api.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>${servlet-api.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>${jstl.version}</version> </dependency> </dependencies>
-
springmvc.xml spring-dao.xml spring-service.xml 略 ssm搭建请看这片博客https://blog.csdn.net/qq_38553950/article/details/83304469
-
添加spring-shiro.xml配置文件
-
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/user/login"/> <!-- <property name="successUrl" value="/page/main"></property> --> <!-- <property name="unauthorizedUrl" value="/page/unauthorized"></property> --> <property name="filterChainDefinitions"> <value> /logout = logout /images/**=anon /js/**=anon /css/**=anon /** = authc </value> </property> </bean> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="userRealm"/> </bean> <!-- Realm实现 --> <bean id="userRealm" class="com.ssm.shiro.realm.UserRealm"> <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> <!-- 凭证匹配器 --> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <!-- <constructor-arg ref="cacheManager"/> --> <property name="hashAlgorithmName" value="md5"/> <property name="hashIterations" value="2"/> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <!-- Shiro生命周期处理器--> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
在springmvc.xml中添加启用shiro注解(需要在第一个加载的xml中配置,其他xml中不生效)
-
<!-- 开启shiro框架注解支持 --> <bean id="defaultAdvisorAutoProxyCreator" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <!-- 必须使用cglib方式为Action对象创建代理对象 --> <property name="proxyTargetClass" value="true"/> </bean> <!-- 配置shiro框架提供的切面类,用于创建代理对象 --> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"></property> </bean> <!-- 自定义异常处理--> <bean class="com.ssm.shiro.exception.MyExceptionResolver"></bean>
三、代码部分
- PageController
@Controller
public class PageController {
@RequestMapping("/")
public String main() {
return "main";
}
@RequestMapping("/page/{returnPage}")
public String page(@PathVariable(value="returnPage")String returnPage) {
return returnPage;
}
}
- UserController
@Controller
@RequestMapping("/user")
public class UserController {
@RequestMapping("/login")
public String login(HttpServletRequest request,Map<String, Object> map) {
String exceptionClassName = (String) request.getAttribute("shiroLoginFailure");
String errorMsg = null;
if(UnknownAccountException.class.getName().equals(exceptionClassName)) {
System.out.println("账号不存在");
errorMsg = "账号或密码错误";
}else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
System.out.println("密码错误");
errorMsg = "账号或密码错误";
}else if (exceptionClassName == null) {
System.out.println("页面跳转");
}
map.put("errorMsg", errorMsg);
return "login";
}
@RequestMapping("/insert")
@RequiresPermissions("user:insert")
public String insert() {
return "insert";
}
@RequestMapping("/select")
@RequiresPermissions("user:select")
public String select() {
return "select";
}
@RequestMapping("/update")
@RequiresPermissions("user:update")
public String update() {
return "update";
}
@RequestMapping("/delete")
@RequiresPermissions("user:delete")
public String delete() {
return "delete";
}
- realm
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Autowired
private RoleService roleService;
@Autowired
private RolePermissionKeyService rolePermissionKeyService;
@Autowired
private PermissionService permissionService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Session session = SecurityUtils.getSubject().getSession();
User user = (User) session.getAttribute("user");
Role role = null;
List<Permission> permissionList = null;
try {
role = roleService.findByUid(user.getRid());
List<RolePermissionKey> rolePermissionKeyList = rolePermissionKeyService.findByRid(user.getRid());
if(rolePermissionKeyList != null) {
List<Integer> pidList = new ArrayList<Integer>();
for (RolePermissionKey rolePermissionKey : rolePermissionKeyList) {
pidList.add(rolePermissionKey.getPid());
}
permissionList = permissionService.findByPidList(pidList);
}
} catch (Exception e) {
e.printStackTrace();
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
if(role != null) {
info.addRole(role.getRolename());
}
if(permissionList != null) {
for(Permission permission : permissionList) {
info.addStringPermission(permission.getPermissionname());
}
}
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
User user = null;
try {
user = userService.findUserByUserName(username);
} catch (Exception e) {
e.printStackTrace();
}
if(user != null) {
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(
user,
user.getPassword(),
ByteSource.Util.bytes(user.getUsername()),
getName());
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
session.setAttribute("user", user);
return info;
}
return null;
}
}
- 异常捕捉
public class MyExceptionResolver implements HandlerExceptionResolver{
public ModelAndView resolveException(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex) {
System.out.print("捕捉到异常为:"+ex.getClass().getName());
//捕捉shiro权限异常
if(ex instanceof UnauthorizedException){
System.out.println("已配置异常");
ModelAndView mv = new ModelAndView("unauthorized");
return mv;
}
System.out.println("未配置异常");
ex.printStackTrace();
ModelAndView mv = new ModelAndView("error");
mv.addObject("exception", ex.toString().replaceAll("\n", "<br/>"));
return mv;
}
}
- pojo
- dao.service层略
JSP主页面
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>首页</title>
</head>
<body>
<div>
<h2>顶部标题</h2>
<p style="text-align:right">
<shiro:principal property="username" />|
<a href="${pageContext.request.contextPath }/logout">退出</a>
</p>
</div>
<div style="width:19%;float: left;position: relative;" id="leftDiv">
<ul>用户功能
<li><a href="javascript:void(0);" url="${pageContext.request.contextPath }/user/select">查询</a></li>
<li><a href="javascript:void(0);" url="${pageContext.request.contextPath }/user/insert">添加</a></li>
<li><a href="javascript:void(0);" url="${pageContext.request.contextPath }/user/update">修改</a></li>
<li><a href="javascript:void(0);" url="${pageContext.request.contextPath }/user/delete">删除</a></li>
</ul>
</div>
<div style="width: 80%;float: left; position: relative;" id="rightDiv">
<h2>首页</h2>
</div>
<script type="text/javascript" src="${pageContext.request.contextPath }/js/jquery.min.js"></script>
<script type="text/javascript">
$(function(){
$("a").click(function(){
$("#rightDiv").load($(this).attr("url"));
})
});
</script>
</body>
</html>
源码地址:
CSDN:https://download.csdn.net/download/qq_38553950/10903772
GitHub:https://github.com/houfanGitHub/ssm-shiro
后期优化:
1.关于重复登录(登录之后不退出再次登录)不跳转问题。https://blog.csdn.net/qq_27273089/article/details/63684557
2.关于重复查询权限问题(缓存)。https://blog.csdn.net/amaxiaochen/article/details/76723951
3.关于动态更新权限问题。https://blog.csdn.net/jizhunboss/article/details/53606808
GitHub地址后期优化部分已全部更新!!!
CSDN地址:https://download.csdn.net/download/qq_38553950/10915373