SSM+Shiro整合

SSM+Shiro整合

SSM+Shiro的整合重点关注Shiro，前面以整合好SSM
首先在已有的SSM依赖中需要导入Shiro的依赖

  <!--shiro相关依赖包-->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.3.2</version>
            <scope>compile</scope>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-all</artifactId>
            <version>1.3.2</version>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.3.2</version>
            <scope>compile</scope>
        </dependency>

然后在web.xml中添加过滤器

<!--配置shiro的过滤器-->
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

其次编写Controller接口

@Controller
public class UserController {

@RequestMapping(value = "/login" ,method = RequestMethod.POST)
    public String login(String username,String password){
    /*获取当前对象*/
    Subject subject = SecurityUtils.getSubject();
    /*获取token令牌*/
    System.out.println("111111111111");
    UsernamePasswordToken tkoen=new UsernamePasswordToken(username,password);
    System.out.println("22222222222");
    try {
        System.out.println("33333333333333");
        subject.login(tkoen);/*这步开始进行认证*/
        System.out.println("5555555555");
    } catch (AuthenticationException e) {
        return "error";
    }

    if (subject.isAuthenticated()) {
        System.out.println("66666666666");
        //当前用户经过了认证
        return "redirect:/home.jsp";

    } else {
        tkoen.clear();
        return "redirect:/login.jsp";
    }
}

其中通过SecurityUtils.getSubject();方法获取当前对象，然后在创建一个token令牌使用UsernamePasswordToken(username,password);在把这个令牌 传递给subject.login(tkoen)方法，通过这个方法传入到自定义的Realm类。

/*先认证在授权*/
public class MyRealm extends AuthorizingRealm {
@Autowired
private UserService service;

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token= (UsernamePasswordToken) authenticationToken;
        String username=token.getUsername();
        /*进行认证*/
      User user=  service.selectOne(username);
      if(user==null){
          return null;
      }
       SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),getName());
        System.out.println("7777777777777");
      return info;
    }
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("88887");
        String username = (String) super.getAvailablePrincipal(principalCollection);
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        System.out.println("8888888888");
      /*查询用户的角色*/
        List<String> roles= service.selectRole(username);
          info.addRoles(roles);
          /*查询用户权限*/
        List<String> permissions=service.selectPermission(username);
        info.addStringPermissions(permissions);
        return info;
    }

在自定义的Realm类中首先要继承AuthorizingRealm 授权类，因为AuthorizingRealm 类中继承了认证类。然后冲写授权和认证方法。

关于Shiro的配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!--自定义Realm类-->
   <bean id="myRealm" class="com.qf.ssm.Realm.MyRealm"/>
    <!--配置安全管理器-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="myRealm"/>
    </bean>
    <!--配置shiro工厂-->
    <bean class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" id="shiroFilter">
        <property name="securityManager" ref="securityManager"/>
        <property name="unauthorizedUrl" value="/403"/>
         <!--shiro过滤器-->
        <property name="filterChainDefinitions">
            <value>
                /visitor/** = anon
                /home** = authc

                /user/** = authc,perms[permission:user]
                /admin/** = authc,perms[permission:admin]
            </value>
        </property>
    </bean>
</beans>

运行结果如图所示，你会发现关于它的执行流程如下图

111111111111
22222222222
33333333333333
111111111111
22222222222
33333333333333
7777777777777
5555555555
66666666666
88887
8888888888

关于Shiro中的自带过滤器

Filter Name                    Class
anon                  org.apache.shiro.web.filter.authc.AnonymousFilter
authc                   org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic         org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
logout                  org.apache.shiro.web.filter.authc.LogoutFilter
noSessionCreation  org.apache.shiro.web.filter.session.NoSessionCreationFilter
perms                  org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port                            org.apache.shiro.web.filter.authz.PortFilter
rest                          org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles                          org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl                          org.apache.shiro.web.filter.authz.SslFilter
user                          org.apache.shiro.web.filter.authc.UserFilter