ApplicationContext.xml文件配置
<!-- 項目自定义的Realm -->
<bean id="MShiroRealm" class="com.windoer.tz.shiro.ShiroRealm"></bean>
<bean id="UserOpenIdRealm" class="com.windoer.tz.shiro.ShiroUserOpenIdRealm"></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- <property name="realm" ref="MShiroRealm" />-->
<property name="sessionManager" ref="ShiroSessionManager"/>
<!-- 多realm的配置 -->
<property name="authenticator" ref="myModularRealmAuthenticator"></property>
<property name="realms">
<list>
<ref bean="MShiroRealm"/>
<ref bean="UserOpenIdRealm"/>
</list>
</property>
</bean>
<!-- 配置多个realm的时候如何认证 -->
<bean id="myModularRealmAuthenticator" class="com.windoer.tz.shiro.MyModularRealmAuthenticator">
<property name="authenticationStrategy">
<!-- 认证策略 -->
<!-- <bean class="org.apache.shiro.authc.pam.AllSuccessfulStrategy"></bean> -->
<!-- <bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy"></bean>-->
<bean class="com.windoer.tz.shiro.MyAtLeastOneSuccessfulStrategy"></bean>
</property>
</bean>
<bean id="ShiroSessionManager" class="com.windoer.tz.shiro.ShiroSessionManager">
<!-- session的失效时长,单位毫秒 -->
<!-- <property name="globalSessionTimeout" value="180000"/>-->
<!-- 删除失效的session -->
<property name="deleteInvalidSessions" value="true"/>
<!-- 启用Cookie -->
<property name="sessionIdCookieEnabled" value="true"/>
<!-- 配置Cookie -->
<property name="sessionIdCookie" ref="sessionIdCookie"/>
<!-- 设置调度时间间隔,单位毫秒,默认就是1小时 -->
<property name="sessionValidationInterval" value="3000000"/>
<!-- 是否开启会话验证器,默认是开启的 -->
<property name="sessionValidationSchedulerEnabled" value="true"/>
</bean>
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<!-- 设置Cookie名字, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
<property name="name" value="freeway.session.id"/>
<!-- 设置Cookie的域名,默认空,即当前访问的域名 -->
<!-- <property name="domain" value="taobao.com"/>-->
<!-- 设置Cookie的路径,默认空,即存储在域名根下 -->
<property name="path" value=""/>
<!-- 设置Cookie的过期时间,秒为单位,默认-1表示关闭浏览器时过期Cookie -->
<!-- <property name="maxAge" value="1800"/>-->
<!-- 如果设置为true,则客户端不会暴露给客户端脚本代码,使用HttpOnly cookie有助于减少某些类型的跨站点脚本攻击;此特性需要实现了Servlet 2.5 MR6及以上版本的规范的Servlet容器支持 -->
<property name="httpOnly" value="false"/>
</bean>
<!-- Shiro Filter -->
<!-- <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">-->
<bean id="shiroFilter" class="com.windoer.tz.shiro.MyShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager" />
<!-- 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,默认会自动寻找Web工程根目录下的"/login.jsp"页面 -->
<property name="loginUrl" value="/login" />
<!-- 登录成功后要跳转的连接 -->
<property name="successUrl" value="/index" />
<!-- 用户访问未对其授权的资源时,所显示的连接 -->
<!-- 若想更明显的测试此属性可以修改它的值,如unauthor.jsp,然后用[玄玉]登录后访问/admin/listUser.jsp就看见浏览器会显示unauthor.jsp -->
<property name="unauthorizedUrl" value="/login" />
<property name="filterChainDefinitions">
<value>
/= anon
/assets/login/** = anon
/to_login/** = anon
/applet_login/** = anon
/** = authc
</value>
</property>
</bean>
MyAtLeastOneSuccessfulStrategy
public class MyAtLeastOneSuccessfulStrategy extends AtLeastOneSuccessfulStrategy {
@Override
public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo singleRealmInfo, AuthenticationInfo aggregateInfo, Throwable t) throws AuthenticationException {
if(t instanceof AuthenticationException){
throw (AuthenticationException)t;
}
return super.afterAttempt(realm, token, singleRealmInfo, aggregateInfo, t);
}
public static void main(String[] args) {
Provider[] providers = Security.getProviders();
System.out.println(providers);
}
}
MyModularRealmAuthenticator
public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
private static final Logger log = LoggerFactory.getLogger(MyModularRealmAuthenticator.class);
@Override
protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
// TODO Auto-generated method stub
// 判断getRealms()是否返回为空
assertRealmsConfigured();
// 强制转换回自定义的CustomizedToken
if(authenticationToken instanceof UserOpenIDToken){
UserOpenIDToken userOpenIDToken = (UserOpenIDToken) authenticationToken;
// 所有Realm
Collection<Realm> realms = getRealms();
// 判断是单Realm还是多Realm
if (realms.size() == 1)
return doSingleRealmAuthentication(realms.iterator().next(), userOpenIDToken);
else
return doMultiRealmAuthentication(realms, userOpenIDToken);
}else{
UsernamePasswordToken userOpenIDToken = (UsernamePasswordToken) authenticationToken;
// 所有Realm
Collection<Realm> realms = getRealms();
// 判断是单Realm还是多Realm
if (realms.size() == 1)
return doSingleRealmAuthentication(realms.iterator().next(), userOpenIDToken);
else
return doMultiRealmAuthentication(realms, userOpenIDToken);
}
}
/**
* 重写该方法保证异常正确抛出,需要多个Realm支持不同Token,否则会出现异常覆盖
*/
@Override
protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
AuthenticationStrategy strategy = getAuthenticationStrategy();
AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
if (log.isTraceEnabled()) {
log.trace("Iterating through {} realms for PAM authentication", realms.size());
}
for (Realm realm : realms) {
aggregate = strategy.beforeAttempt(realm, token, aggregate);
if (realm.supports(token)) {
log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
AuthenticationInfo info = null;
Throwable t = null;
try {
info = realm.getAuthenticationInfo(token);
} catch (Throwable throwable) {
t = throwable;
// throwable.printStackTrace();
if (log.isDebugEnabled()) {
String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";
log.debug(msg, t);
}
}
aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
} else {
log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token);
}
}
aggregate = strategy.afterAllAttempts(token, aggregate);
return aggregate;
}
}
自定义 ShiroUserOpenIdRealm
public class ShiroUserOpenIdRealm extends AuthorizingRealm {
@Resource
UserService userService;
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UserOpenIDToken token = null;
// 如果是PhoneToken,则强转,获取phone;否则不处理。
if(authenticationToken instanceof UserOpenIDToken){
token = (UserOpenIDToken) authenticationToken;
}else{
return null;
}
String openId = (String) token.getPrincipal();
PageData pd=new PageData();
pd.put("OPEN_ID",openId);
PageData user = userService.getUserByOpenID(pd);
if (user == null) {
return null;
}
System.out.println(this.getName());
return new SimpleAuthenticationInfo(user, "ok", this.getName());
}
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
public boolean supports(AuthenticationToken var1){
return var1 instanceof UserOpenIDToken;
}
}
自定义UserOpenIDToken
public class UserOpenIDToken extends UsernamePasswordToken implements Serializable {
/**
*
*/
private static final long serialVersionUID = 4812793519945855483L;
private String openId;
/**
* 重写getPrincipal方法
*/
public Object getPrincipal() {
// TODO Auto-generated method stub
// 如果获取到用户名,则返回用户名,否则返回openid
if (openId == null) {
return getUsername();
} else {
return getOpenId();
}
}
/**
* 重写getCredentials方法
*/
public Object getCredentials() {
// TODO Auto-generated method stub
// 如果获取到密码,则返回密码,否则返回null
if (openId == null) {
return getPassword();
} else {
return "ok";
}
}
public UserOpenIDToken() {
// TODO Auto-generated constructor stub
}
public UserOpenIDToken(final String openId) {
// TODO Auto-generated constructor stub
this.openId = openId;
}
public UserOpenIDToken(final String userName, final String password) {
// TODO Auto-generated constructor stub
super(userName, password);
}
public String getOpenId() {
return openId;
}
public void setOpenId(String openId) {
this.openId = openId;
}
public static long getSerialversionuid() {
return serialVersionUID;
}
@Override
public String toString() {
return "OpenIdToken [openId=" + openId + "]";
}
}
使用openid登录
private PageData loginByOpenid(String openId,Session session) {
PageData logPd=new PageData();
String errInfo = null;
// shiro加入身份验证
Subject subject = SecurityUtils.getSubject();
UserOpenIDToken token = new UserOpenIDToken(openId);
try {
subject.login(token);
String uToken=subject.getSession().getId().toString();
logPd.put("token",uToken);
} catch (AuthenticationException e) {
e.printStackTrace();
errInfo = "身份验证失败!";
}
logPd.put("errInfo",errInfo);
return logPd;
}