1、修改web.xml,添加Shiro过滤器
<!-- Shiro过滤器 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
2、修改applicationContext.xml,配置自定义Realm,安全管理器,Shiro过滤器(里面配置默认登录页面和要拦截的URL格式),配置lifecycle的processor,开启Shiro注解
<!-- 自定义Realm -->
<bean id="myRealm" class="cn.tsingyu.spring.example.realm.MyRealm"/>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean>
<!-- Shiro过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager"/>
<!-- 身份认证失败,则跳转到登录页面的配置 -->
<property name="loginUrl" value="/index.html"/>
<!-- 权限认证失败,则跳转到指定页面 -->
<property name="unauthorizedUrl" value="/unauthor.jsp"/>
<!-- Shiro连接约束配置,即过滤链的定义 -->
<property name="filterChainDefinitions">
<value>
/login=anon
/admin*=authc
/student=roles[teacher]
/teacher=perms["user:create"]
</value>
</property>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- 开启Shiro注解 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
3、引入Shiro相关jar包
4、编写自定义Realm,覆写登录验证和授权的方法
package cn.tsingyu.spring.example.realm;
import javax.annotation.Resource;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import cn.tsingyu.spring.example.entity.User;
import cn.tsingyu.spring.example.service.UserService;
public class MyRealm extends AuthorizingRealm{
@Resource
private UserService userService;
/**
* 为当限前登录的用户授予角色和权限
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userName=(String)principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
authorizationInfo.setRoles(userService.getRoles(userName));
authorizationInfo.setStringPermissions(userService.getPermissions(userName));
return authorizationInfo;
}
/**
* 验证当前登录的用户
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String userName=(String)token.getPrincipal();
User user=userService.getByUserName(userName);
if(user!=null){
AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),"xx");
return authcInfo;
}else{
return null;
}
}
}
5、创建用户、角色、资源,组织的数据表及用户角色,角色权限的关系表
DROP TABLE IF EXISTS `resource`;
CREATE TABLE `resource` (
`id` varchar(32) NOT NULL,
`name` varchar(60) DEFAULT NULL,
`pid` varchar(40) DEFAULT NULL,
`desc` varchar(2000) DEFAULT NULL COMMENT '描述',
`url` varchar(3000) DEFAULT NULL,
`type` int(11) DEFAULT NULL COMMENT '0.功能按钮,1.导航菜单',
`state` varchar(2) DEFAULT '是' COMMENT '是否有效',
`sort` int(11) DEFAULT NULL,
`icon` varchar(100) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='资源';
DROP TABLE IF EXISTS `org`;
CREATE TABLE `org` (
`id` varchar(32) NOT NULL COMMENT '编号',
`name` varchar(60) DEFAULT NULL COMMENT '名称',
`comcode` varchar(40) DEFAULT NULL COMMENT '代码',
`pid` varchar(40) DEFAULT NULL COMMENT '上级部门ID',
`sysid` varchar(40) DEFAULT NULL COMMENT '子系统ID',
`type` int(11) DEFAULT NULL COMMENT '0,组织机构 1.部门',
`leaf` int(11) DEFAULT NULL COMMENT '叶子节点(0:树枝节点;1:叶子节点)',
`sortno` int(11) DEFAULT NULL COMMENT '排序号',
`description` varchar(2000) DEFAULT NULL COMMENT '描述',
`state` varchar(2) DEFAULT '是' COMMENT '是否有效(否/是)',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='组织';
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (
`id` varchar(32) NOT NULL COMMENT '角色ID',
`name` varchar(60) DEFAULT NULL COMMENT '角色名称',
`code` varchar(255) DEFAULT NULL COMMENT '权限编码',
`pid` varchar(40) DEFAULT NULL COMMENT '上级角色ID',
`remark` varchar(255) DEFAULT NULL COMMENT '备注',
`state` varchar(2) DEFAULT '是' COMMENT '是否有效(否/是)',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='角色';
DROP TABLE IF EXISTS `role_menu`;
CREATE TABLE `role_menu` (
`id` varchar(32) NOT NULL COMMENT '编号',
`roleId` varchar(40) NOT NULL COMMENT '角色编号',
`menuId` varchar(40) NOT NULL COMMENT '菜单编号',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='角色菜单中间表';
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` varchar(32) NOT NULL COMMENT '编号',
`name` varchar(30) DEFAULT NULL COMMENT '姓名',
`account` varchar(40) DEFAULT NULL COMMENT '账号',
`password` varchar(40) DEFAULT NULL COMMENT '密码',
`sex` varchar(2) DEFAULT '男' COMMENT '性别',
`mobile` varchar(16) DEFAULT NULL COMMENT '手机号码',
`email` varchar(60) DEFAULT NULL COMMENT '邮箱',
`weixinId` varchar(200) DEFAULT NULL COMMENT '微信Id',
`userType` int(11) NOT NULL,
`state` varchar(10) DEFAULT '是' COMMENT '是否有效,是/否',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户';
DROP TABLE IF EXISTS `user_org`;
CREATE TABLE `user_org` (
`id` varchar(32) NOT NULL COMMENT '编号',
`userId` varchar(40) NOT NULL COMMENT '用户编号',
`orgId` varchar(40) NOT NULL COMMENT '组织编号',
`manager` varchar(2) DEFAULT '否' COMMENT '是否主管,是/否',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户组织中间表';
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
`id` varchar(32) NOT NULL COMMENT '编号',
`userId` varchar(40) NOT NULL COMMENT '用户编号',
`roleId` varchar(40) NOT NULL COMMENT '角色编号',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='用户角色中间表';
CREATE TABLE `menu` (
`id` varchar(32) NOT NULL,
`name` varchar(255) DEFAULT NULL,
`url` varchar(255) DEFAULT NULL,
`pid` varchar(32) DEFAULT NULL,
`seq` int(2) DEFAULT NULL,
`icon` varchar(60) DEFAULT NULL,
`type` varchar(10) DEFAULT NULL,
`state` int(1) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
完整代码:
http://git.oschina.net/smilease/spring-example/tree/v0.2.2
参考:
http://www.iteye.com/blogs/subjects/shiro shiro教程
http://git.oschina.net/chunanyong/springrain springrain