。。。某汉三回来啦。。。
一.shiro 集成spring
1.导包 基础三个包
<!--shiro的包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> <!--shiro集成spring的包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <!--shiro-web包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.4.0</version> </dependency>
2.xml配置
spring容器的配置
<!--配置spring容器的配置文件的位置--> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring.xml</param-value> </context-param> <!--spring容器随项目的启动而启动--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!--spring容器实例化的对象的作用范围--> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener>
spring-mvc的配置
<load-on-startup>1</load-on-startup>
<!--springmvc 配置--> <servlet> <servlet-name>dispatherSerlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring-mvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatherSerlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping>
shiro过滤器的配置
<!--shiro过滤器 将filter与spring容器中的bean关联起来--> <filter> <filter-name>shiro</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>shiro</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
spring-mvc.xml
扫描注解
两个驱动器
视图解析器
释放静态资源
spring.xml
shiroFilterFactoryBean 依賴securitymanager
defaultWebsecurityManager 依賴realm
自定義的realm 依賴salt
salt對象(credentialsMatcher)
代碼如下
<!--shiroFilter对象 对应着web.xml中shiroFilter shiro的入口--> <bean name="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="login.html"/> <property name="unauthorizedUrl" value="403.html"/> <!--过滤链--> <property name="filterChainDefinitions"> <value> /login.html = anon <!--//任何人都可以访问这个路径--> /subLogin = anon <!--//任何人都可以访问这个路径--> /* = authc <!--//认证后才可以访问所有路径--> </value> </property> </bean> <!--创建securitymanager对象--> <bean name="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="customRealm"/> </bean> <!--realm 对象--> <bean name="customRealm" class="com.zhuoshi.shiro.realm.CustomRealm"> <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> <!--盐--> <bean name="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5"/> <property name="hashIterations" value="1"/> </bean> </beans>
3.controller 中應用
1.通過securityUtils得到subject對象
2.封裝token
3.subject.login (token) 進行認證
代碼如下
Subject subject = SecurityUtils.getSubject(); //设置主体 UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword()); try { //主体提交请求认证 subject.login(token); } catch (AuthenticationException ae) { //登陆不成功返回异常信息 return ae.toString(); } return "登陆成功";
自定義的realm下次 連接數據庫后上傳過來。
2018-6-6 17:07