shiro-springmvc-mybatis登录认证 权限控制

最近闲的没事研究了一下shiro,整合springmvc-mybatis-maven做了一个简单的登录认证权限控制:

1:shiro jar

<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-core</artifactId>
			<version>1.2.3</version>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>1.2.3</version>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-cas</artifactId>
			<version>1.2.3</version>
			<exclusions>
				<exclusion>
					<groupId>commons-logging</groupId>
					<artifactId>commons-logging</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-web</artifactId>
			<version>1.2.3</version>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-ehcache</artifactId>
			<version>1.2.3</version>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-quartz</artifactId>
			<version>1.2.3</version>
		</dependency>
	

2:shiro 配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa-1.0.xsd">

	<description>Shiro Configuration</description>

	<!-- Shiro's main business-tier object for web-enabled applications -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="shiroDbRealm" />
		<property name="cacheManager" ref="cacheManager" />
	</bean>

	<!-- 項目自定义的Realm认证登录 授权 -->
	<bean id="shiroDbRealm" class="com.cat.shiro.ShiroRealm">
		<property name="cacheManager" ref="cacheManager" />
	</bean>

	<!-- Shiro Filter -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />
		<property name="successUrl" value="/govern/pages/member/index" />
		<property name="loginUrl" value="/govern/pages/login" />
		<property name="unauthorizedUrl" value="/govern/pages/err" />
		<!-- <property name="filters">
			<map>
				<entry key="authc" value-ref="shiro"></entry>
			</map>
		</property> -->
		<property name="filterChainDefinitions">
			<value>
				<!-- 静态资源允许访问 -->
				<!-- anon 允许访问 -->
				/login/logincs.do = anon
				/login/submitcs.do = anon
				<!-- authc需要授权 -->
				/** = authc
			</value>
		</property>
	</bean>
	<!-- <bean id="shiro" class="com.cat.shiro.ShiroFilter">

	</bean> -->
	<!-- 用户授权信息Cache -->
	<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />

	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

	<!-- AOP式方法级权限检查 -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
		depends-on="lifecycleBeanPostProcessor">
		<property name="proxyTargetClass" value="true" />
	</bean>
	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
		<property name="securityManager" ref="securityManager" />
	</bean>
</beans>


3:web.xml 对应配置

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:conf/shiro.xml
</param-value>
</context-param>
<filter>  
        <filter-name>shiroFilter</filter-name>  
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
        <init-param>  
            <param-name>targetFilterLifecycle</param-name>  
            <param-value>true</param-value>  
        </init-param>  
    </filter>  
    <filter-mapping>  
        <filter-name>shiroFilter</filter-name>  
        <url-pattern>/*</url-pattern>  
    </filter-mapping>  


4:springmvc.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
            http://www.springframework.org/schema/mvc 
            http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd 
            http://www.springframework.org/schema/context 
            http://www.springframework.org/schema/context/spring-context-3.0.xsd 
            http://www.springframework.org/schema/aop 
            http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
            http://www.springframework.org/schema/tx 
            http://www.springframework.org/schema/tx/spring-tx-3.0.xsd ">

	<!-- 加载包中的controller 注解扫描包 -->
	<context:component-scan base-package="com.hnust.controller">
		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
	</context:component-scan>
	
	<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
	<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" />

	<!--配置拦截器, 多个拦截器,顺序执行 -->
	<!-- 匹配的是url路径 -->
	<!-- <mvc:mapping path="/user/**" /> <mvc:mapping path="/test/**" /> -->
	<!-- 当设置多个拦截器时,先按顺序调用preHandle方法,然后逆序调用每个拦截器的postHandle和afterCompletion方法 -->
	<!-- 测试shiro权限控制 暂时去掉自带的权限控制 <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/*/*" /> <bean 
		class="com.hnust.interceptor.LoginInterceptor"></bean> </mvc:interceptor> </mvc:interceptors> -->
	<!-- 静态资源的访问 -->
	<!-- 视图分解器 -->
	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix" value="/govern/" />
		<property name="suffix" value=".jsp" />
	</bean>
	<!-- 国际化的消息资源文件(本系统中主要用于显示/错误消息定制) -->
	<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
		<property name="basenames">
			<list>
				<!-- 在web环境中一定要定位到classpath 否则默认到当前web应用下找 -->
				<value>classpath:/messages</value>
			</list>
		</property>
		<property name="useCodeAsDefaultMessage" value="false" />
		<property name="defaultEncoding" value="UTF-8" />
		<property name="cacheSeconds" value="60" />
	</bean>


	<!-- 避免IE在ajax请求时,返回json出现下载 -->
	<bean id="jacksonMessageConverter" class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
		<property name="supportedMediaTypes">
			<list>
				<value>text/html;charset=UTF-8</value>
			</list>
		</property>
	</bean>

	<!-- 上传文件的解析器 -->
	<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
		<property name="defaultEncoding" value="utf-8" />
		<property name="maxUploadSize" value="10485760000" />
		<property name="maxInMemorySize" value="40960" />
	</bean>

	<!-- 支持Shiro对Controller的方法级AOP安全控制 begin -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
		depends-on="lifecycleBeanPostProcessor">
		<property name="proxyTargetClass" value="true" />
	</bean>

	<!-- 无权限 控制后台不报错 -->
	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
		<property name="exceptionMappings">
			<props>
				<prop key="org.apache.shiro.authz.UnauthorizedException">405</prop>
				<prop key="java.lang.Throwable">405</prop>
			</props>
		</property>
	</bean> 

</beans>  


5:spring.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
            http://www.springframework.org/schema/mvc 
            http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd 
            http://www.springframework.org/schema/context 
            http://www.springframework.org/schema/context/spring-context-3.0.xsd 
            http://www.springframework.org/schema/aop 
            http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
            http://www.springframework.org/schema/tx 
            http://www.springframework.org/schema/tx/spring-tx-3.0.xsd ">


	<!-- 引入jdbc配置文件 -->
	<context:property-placeholder location="classpath:conf/jdbc.properties" />
	<context:annotation-config />

	<!-- 使用Annotation自动注册Bean,解决事物失效问题:在主容器中不扫描@Controller注解,在SpringMvc中只扫描@Controller注解。 -->
	<!-- 扫描service、dao组件 --> <!-- base-package 如果多个,用“,”分隔 -->
	<context:component-scan base-package="com.hnust">
		<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller" />
	</context:component-scan>

	<!-- 分解配置 jdbc.properites -->
	<!-- 数据源c3p0 -->
	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
		<property name="driverClassName" value="${driverClassName}" />
		<property name="url" value="${url}" />
		<property name="username" value="${username}" />
		<property name="password" value="${password}" />
		<!-- <property name="maxPoolSize" value="${c3p0.pool.size.max}" /> <property name="minPoolSize" value="${c3p0.pool.size.min}" 
			/> <property name="initialPoolSize" value="${c3p0.pool.size.ini}" /> <property name="acquireIncrement" 
			value="${c3p0.pool.size.increment}" /> -->
	</bean>
	<!-- sessionFactory 将spring和mybatis整合 -->
	<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
		<property name="dataSource" ref="dataSource" />
		<property name="configLocation" value="classpath:conf/mybatis-config.xml" />
		<property name="mapperLocations" value="classpath:mapper/*.xml" />    <!-- 加载mapper文件 -->
	</bean>

	<!-- 注入工具类 -->
	<bean id="baseDao" class="com.hnust.base.BaseDao">
		<property name="sqlSessionFactory">
			<ref bean="sqlSessionFactory" />
		</property>
	</bean>
	<!-- 事务 -->
	<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
		<property name="dataSource" ref="dataSource" />
	</bean>
	<tx:advice id="txAdvice" transaction-manager="txManager">
		<tx:attributes>
			<tx:method name="insert*" propagation="REQUIRED" />
			<tx:method name="update*" propagation="REQUIRED" />
			<tx:method name="delete*" propagation="REQUIRED" />
			<tx:method name="find" read-only="true" />
			<tx:method name="get" read-only="true" />
			<tx:method name="*" propagation="REQUIRED" />
		</tx:attributes>
	</tx:advice>
	<aop:config>
		<aop:pointcut expression="execution(* com.hnust.service.impl.*.*(..))" id="pointCut" />
		<aop:advisor advice-ref="txAdvice" pointcut-ref="pointCut" />
	</aop:config>
	
</beans>

6:上面说的是配置文件下面贴一下 java代码:

当前贴出来的类对应 上面2 配置文件

pojo类就不贴了 我这里没连数据  只是模拟的用户登录 和手动添加的权限

/**
 * 
 */
package com.cat.shiro;

import java.util.ArrayList;
import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.cat.spring.entity.Role;
import com.cat.spring.entity.User;

/**
 */
public class ShiroRealm extends AuthorizingRealm {
	/*
	 * 授权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
		// 根据用户配置用户与权限
		if (principals == null) {
			throw new AuthorizationException(
					"PrincipalCollection method argument cannot be null.");
		}
		String name = (String) getAvailablePrincipal(principals);
		List<String> roles = new ArrayList<String>();
		// 简单默认一个用户与角色,实际项目应User user = userService.getByAccount(name);
		// 根据用户名查询出用户 判断用户信息的有效性 然获取用户的角色权限 授权
		User user = new User("shiro", "123456");
		if (user.getName().equals(name)) {
			// 模拟三个角色
			for (int x = 0; x < 3; x++) {
				roles.add("user" + x);
			}
		} else {
			throw new AuthorizationException();
		}
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		// 增加角色
		// 取出所有角色授权
		info.addRoles(roles);
		// 取出所有权限授权
		// info.addStringPermissions(permissions);
		// 模拟拥有的权限
		info.addStringPermission("cp:updatecs,updatecs1");
		return info;
	}

	/*
	 * 认证登录
	 */
	@SuppressWarnings("unused")
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		// 简单默认一个用户,实际项目应User user =
		// userService.getByAccount(token.getUsername());
		User user = new User("shiro", "123456");
		if (user == null) {
			throw new AuthorizationException();
		}
		SimpleAuthenticationInfo info = null;
		if (user.getName().equals(token.getUsername())) {
			info = new SimpleAuthenticationInfo(user.getName(),
					user.getPassword(), getName());
		}
		return info;
	}
}


7:logincontroller

package com.hnust.controller;
@Controller
@RequestMapping(value = "/login")
public class LoginController {


	/*****************测试shiro************************************/
	
	@RequestMapping(value = "/logincs", method = RequestMethod.GET)
	public String logincs() {
		return "/pages/login";
	}

	@RequestMapping(value = "/submitcs", method = RequestMethod.POST)
	public String submitcs(String username, String password) {
		User user = new User("shiro", "123456");
		try {
			// 如果登陆成功
			if (user.getName().equals(username)
					&& user.getPassword().equals(password)) {
				UsernamePasswordToken token = new UsernamePasswordToken(
						user.getName(), user.getPassword().toString());
				Subject subject = SecurityUtils.getSubject();
				subject.login(token);
				return "/pages/member/index";
			} else {
				return "/pages/login";
			}
		} catch (Exception e) {
			e.printStackTrace();
			return "/pages/login";
		}

	}
	

}


8:测试权限类 对应上面6 类里面设置的权限访问URL

package com.hnust.controller;

@Controller
@RequestMapping(value = "/cp")
public class CompanyController extends BaseController{

	
	/**
	 * updatecs
	 */
	@RequiresPermissions("cp:updatecs")
	@RequestMapping(value="/updatecs",method=RequestMethod.GET)
	public String updatecs(){
		System.err.println("成功1");
		return "index";
	}
	/**
	 * updatecs
	 */
	@RequiresPermissions("cp:updatecs1")
	@RequestMapping(value="/updatecs1",method=RequestMethod.GET)
	public String updatecs1(){
		System.err.println("成功2");
		return "index";
	}
	
	/**
	 * updatecs   这个我没用给当前用户添加权限  是会提示无权限的
	 */
	@RequiresPermissions("cp:updatecs2")
	@RequestMapping(value="/updatecs2",method=RequestMethod.GET)
	public String updatecs2(){
//		System.err.println("失败");
		return "index";
	}

}


9:下面贴出 效果图

登录不做权限验证:


登录成功:

下面开始进行权限认证:

这是我当前角色有的权限 所以去到了我指定的页面

下面进行 没有权限的URL访问:

好了这就完事了: 新手发帖大神勿喷

评论 6
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值