在 shiro-spring结合的框架实验中: @Autowired注入的sysUserDao总是为null
Reaml 中的代码:
public class ShiroRealm extends AuthorizingRealm {
@Autowired
private SysUserDao sysUserDao;
/**
* 登录认证
*
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String tokenUsername = token.getUsername();
String tokenPassword = new String(token.getPassword());
//问题所在
//这里的 sysUserDao为null
SysUser user = sysUserDao.queryByName(tokenUsername);
if(user == null){
throw new AuthenticationException("用户不存在");
}
if(!tokenPassword.equals(user.getPassword())){
throw new AuthenticationException("用户名或密码错误");
}
AuthenticationInfo info = new SimpleAuthenticationInfo(user,token.getCredentials(),getName());
return info;
}
/**
* 授权资源检查
*
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SysUser user = (SysUser) principalCollection.getPrimaryPrincipal();
Set<String> role = sysUserDao.queryRoleByName(user.getUsername());
Set<String> permission = sysUserDao.queryPermitByName(user.getUsername());
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(role);
info.addStringPermissions(permission);
return info;
}
}
安全管理器中的代码:
public class ShiroUtils {
static {
DefaultSecurityManager manager = new DefaultSecurityManager();
Realm realm = new ShiroRealm();
manager.setRealm(realm);
CacheManager cacheManager = new MemoryConstrainedCacheManager();
manager.setCacheManager(cacheManager);
SecurityUtils.setSecurityManager(manager);
}
public static Subject login(String username, String password){
Subject subject = SecurityUtils.getSubject();
password = MD5Utils.mdSalt(password);
AuthenticationToken token = new UsernamePasswordToken(username,password);
subject.login(token);
return subject;
}
}
出现@Autowire注入对象为null的原因是:
这里使用的是spring与shiro的整合框架,但是安全管理器还是使用的 new来实例化对象,二者发生冲突.
修改后:
将安全管理器使用 xml配置文件交给spring管理即可
public class ShiroUtils {
//
// static {
// DefaultSecurityManager manager = new DefaultSecurityManager();
// Realm realm = new ShiroRealm();
// manager.setRealm(realm);
//
// CacheManager cacheManager = new MemoryConstrainedCacheManager();
// manager.setCacheManager(cacheManager);
//
// SecurityUtils.setSecurityManager(manager);
// }
public static Subject login(String username, String password){
Subject subject = SecurityUtils.getSubject();
password = MD5Utils.mdSalt(password);
AuthenticationToken token = new UsernamePasswordToken(username,password);
subject.login(token);
return subject;
}
}