1.页面Jsp部分
先引入shiro所需要的tag包
<%@ taglib uri="http://shiro.apache.org/tags" prefix="shiro" %>
页面详细部分:
<!-- 身份信息-->
Welcome:<shiro:principal></shiro:principal>
<h1>List Page</h1>
<!-- 是否拥有什么样的身份或角色-->
<shiro:hasRole name ="admin">
<a href="admin.jsp">Admin Page</a><br>
</shiro:hasRole>
<!-- 添加角色userInfo -->
<shiro:hasRole name="userInfo">
<!-- 这个身份拥有什么样的权限-->
<shiro:hasPermission name="userInfo:look">
<a href="user.jsp">User Page</a><br>
</shiro:hasPermission>
</shiro:hasRole>
<a href="shiro/test">Test Shiro Annotation</a>
2.控制层
@Autowired
private LoginService loginService;
@RequestMapping("/test")
public String test(){
loginService.test();
return "redirect:/list.jsp";
}
@RequestMapping("/login")
public String login(@RequestParam("username") String uname,@RequestParam("password") String pword){
Subject currentUser = SecurityUtils.getSubject();
if(!currentUser.isAuthenticated()){
UsernamePasswordToken token = new UsernamePasswordToken(uname,pword);
currentUser.login(token);
}
return "redirect:/list.jsp";
}
3.自定义的realm方法
public class MyRealm3 extends AuthorizingRealm{
/**
* 认证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// TODO Auto-generated method stub
//1.把authenticationToken强转为usernamepasswordtoken
UsernamePasswordToken upToken = (UsernamePasswordToken)token;
//2.通过usernamepasswordToken获取uesrname
String username = upToken.getUsername();
//3.开始比对数据库
UserInfo userInfo = new UserInfo(1L,"admin",22,"上海","admin","admin");
//4.判断是否需要抛出异常
if(username.equals(userInfo.getUserName())){
}else{
throw new UnknownAccountException("用户名不存在");
}
ByteSource salt = ByteSource.Util.bytes(username);
String password = new SimpleHash("md5", userInfo.getUserPassword(), salt, 1024).toString();
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,salt,getName());
return info;
}
/**
* 授权
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection collection) {
/**
* PrincipalCollection :是从认证阶段返回的simplauthenticationInfo对象
* 如果在认证阶段,返回的是username,那么在授权阶段可以得到username
* 如果在认证阶段,返回的是userinfo对象,那么授权阶段可以获取该userinfo对象
*/
//1.通过principalcollection获取username对象
String username = (String)collection.getPrimaryPrincipal();
//2.通过username查询数据库,查看该user的role角色
Set<String> roles = new HashSet<>();
//3.通过username获取该角色下的权限
Set<String> permissions = new HashSet<>();
roles.add("userInfo");
if("admin".equals(username)){
roles.add("admin");
permissions.add("userInfo:delete");
}
permissions.add("userInfo:look");
//4.创建authorizationInfo对象
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//5.把角色信息添加到simpleauthorizationinfo对象中
info.addRoles(roles);
//6.把权限信息添加到simpleauthorizationinfo对象中
info.addStringPermissions(permissions);
//7.返回simplauthorizationinfo对象
return info;
}
4.自定义的service方法
注意:注解@RequiresRoles("userInfo")是直接对该方法赋予了userInfo的身份信息
public class LoginService {
//通过在执行的Java方法上放置相应的注解完成
@RequiresRoles("userInfo")
public void test(){
System.out.println("=======LoginService.test(我是test方法)======");
}
}