Shiro的基本使用

本篇主要介绍shiro的简单基本使用,我使用的是maven管理项目

1.在pom.xml中添加依赖

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.4.0</version>
</dependency>

2.在web.xml中配置

  <filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
      <param-name>targetFilterLifecycle</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

3.创建自定义的Realm

public class ShiroRealm extends AuthorizingRealm {

	/*
	 * 登录信息和用户验证信息验证(non-Javadoc)
	 * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		 String username = (String)token.getPrincipal();  				//得到用户名 
	     String password = new String((char[])token.getCredentials()); 	//得到密码
	     if(null != username && null != password){
	    	 return new SimpleAuthenticationInfo(username, password, getName());
	     }else{
	    	 return null;
	     }
	}
	
	/*
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用,负责在应用程序中决定用户的访问控制的方法(non-Javadoc)
	 * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
		System.out.println("========2");
		return null;
	}

}

4.创建ApplicationContext-shiro.xml并在web.xml中配置

ApplicationContext-shiro.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
						http://www.springframework.org/schema/beans/spring-beans.xsd">
	

		<!-- 項目自定义的Realm -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="ShiroRealm" />
	</bean>
	    <bean id="ShiroRealm" class="com.wdkj.gerakan.interceptor.shiro.ShiroRealm" ></bean>

		<!-- Shiro Filter -->
		<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
			<property name="securityManager" ref="securityManager" />
			
			<property name="loginUrl" value="/" />
			
			<property name="successUrl" value="/main/index" />
			
			<property name="unauthorizedUrl" value="/login_toLogin" />
			
			<property name="filterChainDefinitions">
				<value>
				/testlogin/shiro                 = anon
	           	        /**			         = authc 
				</value>
			</property>
		</bean>
   
</beans>

在web.xml中配置

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
      classpath:spring/ApplicationContext-main.xml,
      classpath:spring/ApplicationContext-dataSource.xml,
      classpath:spring/ApplicationContext-shiro.xml,
      <!--classpath:spring/ApplicationContext-quartz.xml,-->
      <!-- 	classpath:spring/ehcache.xml, -->
      classpath:spring/ApplicationContext-redis.xml
    </param-value>
  </context-param>

5.LoginController.java

@Controller
public class LoginController extends BaseController {



    /**
     * 访问登录页
     *
     * @return
     * @throws Exception
     */

    @RequestMapping(value = "testlogin/shiro", produces = "application/json;charset=UTF-8")
    @ResponseBody
    public String testShiro() {
        PageData pd = new PageData();
        pd = this.getPageData();
        if ("wss".equals(pd.get("username")) &&"123".equals( pd.get("password"))) {
            UsernamePasswordToken token = new UsernamePasswordToken(pd.get("username").toString(), pd.get("password").toString());
            Subject subject = SecurityUtils.getSubject();
            subject.login(token);
            return JSONUtil.toJsonString(new JsonResult(1, "登录成功", null));
        } else {
            return JSONUtil.toJsonString(new JsonResult(-1, "登录失败", null));
        }
    }

    @RequestMapping(value = "testshiro/shirologin", produces = "application/json;charset=UTF-8")
    @ResponseBody
    public String loginShiro() {
        PageData pd = new PageData();
        pd = this.getPageData();
        if ("wss".equals(pd.get("user"))) {
            return JSONUtil.toJsonString(new JsonResult(1, "登录成功", null));
        } else {
            return JSONUtil.toJsonString(new JsonResult(-1, "登录失败", null));
        }
    }

    @RequestMapping(value = "testshirologout/shirologout", produces = "application/json;charset=UTF-8")
    @ResponseBody
    public String loginoutShiro() {
        SecurityUtils.getSubject().logout();
        return JSONUtil.toJsonString(new JsonResult(1, "登录成功", null));
    }  }

效果:

在没有调用testlogin/shiro正确登录的时候


调用testshiro/shirologin会被拦截,跳转到登录界面


正确调用登录


没有拦截


现在调用testshirologout/shirologout退出接口


再调用testshiro/shirologin会被拦截,跳转到登录界面,基本使用就完成了 ,下一篇会介绍手机端的登录Token验证












阅读更多

没有更多推荐了,返回首页