ssm整合shiro框架
一、配置pom文件
导入shiro的依赖库
<!--加载shiro的库-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.3.2</version>
</dependency>
二、配置web.xml
配置shiro的过滤器
<!--配置shiro的过滤器
注意:spring会在ioc容器去找filter同名的bean,因此filter的名字不能乱改
-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
三、配置spring-shiro.xml
- 配置DefaultWebSecurityManager
- 注入认证器
- 注入数据域(Realm)
- 配置认证器
- 配置数据域的策略
- 配置数据域
- 配置shiro bean的后置处理器
- 配置shiro 过滤器的bean
- [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-NvMyYlSr-1605527847513)(C:\Users\lenovo\AppData\Roaming\Typora\typora-user-images\image-20201116194546464.png)]
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!--配置SecurityManager的bean对象-->
<bean id="defaultWebSecurityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--注入认证器-->
<property name="authenticator" ref="modularrealmauthenticator"/>
<!--注入数据域-->
<property name="realm" ref="oaSysRealm"/>
</bean>
<!--数据域-->
<bean id="oaSysRealm" class="com.hya.realm.OaSysRealm"></bean>
<!--认证器-->
<bean id="modularrealmauthenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
<!--使用策略-->
<property name="authenticationStrategy">
<bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy"></bean>
</property>
</bean>
<!--4. 配置 LifecycleBeanPostProcessor. 可以自定的来调用配置在 Spring IOC 容器中 shiro bean 的生命周期方法-->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!--5. 启用 IOC 容器中使用 shiro 的注解. 但必须在配置了 LifecycleBeanPostProcessor 之后才可以使用.-->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="defaultWebSecurityManager"/>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="defaultWebSecurityManager"/>
<!--登录页-->
<property name="loginUrl" value="/jsp/user/loginform.jsp"/>
<!--认证成功的页面-->
<property name="successUrl" value="/jsp/user/userlist.jsp"/>
<!--认证失败的页面-->
<property name="unauthorizedUrl" value="/jsp/user/unauthorized.jsp"/>
<property name="filterChainDefinitions">
<value>
/shiro-logout = logout
/jsp/user/loginform.jsp = anon
/user/login = anon
/jquery-3.3.1/** = anon
/js/** = anon
/layui/** = anon
/res/** = anon
<!-- /shiro/login = anon
/shiro/logout = logout
/user.jsp = roles[user]
/admin.jsp = roles[admin] -->
# everything else requires authentication:
/** = authc
</value>
</property>
</bean>
</beans>
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-P7gAaCaR-1605527847519)(C:\Users\lenovo\AppData\Roaming\Typora\typora-user-images\image-20201116195657328.png)]
四、在web.xml文件加载shiro配置文件
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-dao.xml,classpath:spring/spring-service.xml,classpath:spring/spring-shiro.xml</param-value>
</context-param>
五、自定义数据域
新建OaSysRealm
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-wabSvOkJ-1605527847522)(C:\Users\lenovo\AppData\Roaming\Typora\typora-user-images\image-20201116194740981.png)]
package com.hya.realm;
import com.hya.pojo.User;
import com.hya.service.UserRoleDeService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.List;
public class OaSysRealm extends AuthorizingRealm {
@Autowired
private UserRoleDeService userRoleDeService;
/**
* 实现授权功能
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 实现认证功能
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取用户令牌
UsernamePasswordToken usernamePasswordToken=(UsernamePasswordToken) authenticationToken;
//输入用户名
String inputUserName=usernamePasswordToken.getUsername();
//输入密码
String inputPassword=new String(usernamePasswordToken.getPassword());
//创建User对象
User user = new User();
user.setLogin_name(inputUserName);
user.setPwd(inputPassword);
List<User> userList = userRoleDeService.findUserByLoginNameAndPwd(user);
//认证成功
if (userList!=null && userList.size()>0){
User outUser=userList.get(0);
String userId="";
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(String.valueOf(outUser.getId()),outUser.getPwd(),"OaSysRealm");
return simpleAuthenticationInfo;
}else {
throw new AuthenticationException("认证失败");
}
}
}
六、编写登录页面
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Rj2RWto1-1605527847526)(C:\Users\lenovo\AppData\Roaming\Typora\typora-user-images\image-20201116194915060.png)]
<%--
Created by IntelliJ IDEA.
User: lenovo
Date: 2020/11/16
Time: 16:36
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="${pageContext.servletContext.contextPath}/user/login" method="post">
用户名:<input type="text" name="login_name"/><br/>
密码:<input type="text" name="pwd"/><br/>
<input type="submit" value="登录"/>
</form>
</body>
</html>
七、编写控制器
@RequestMapping("/login")
@ResponseBody
public ModelAndView login(User user) {
System.out.println(user.getLogin_name());
System.out.println(user.getPwd());
//获取shiro的主体
Subject subject = SecurityUtils.getSubject();
//传入令牌对象
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(user.getLogin_name(), user.getPwd());
ModelAndView modelAndView = new ModelAndView();
try {
subject.login(usernamePasswordToken);
modelAndView.setViewName("/user/userlist");
} catch (AuthenticationException e) {
System.out.println(e.getMessage());
modelAndView.setViewName("/user/loginform");
}
return modelAndView;
}