SSM+Shiro整合
SSM+Shiro的整合重点关注Shiro,前面以整合好SSM
首先在已有的SSM依赖中需要导入Shiro的依赖
<!--shiro相关依赖包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
<scope>compile</scope>
</dependency>
然后在web.xml中添加过滤器
<!--配置shiro的过滤器-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
其次编写Controller接口
@Controller
public class UserController {
@RequestMapping(value = "/login" ,method = RequestMethod.POST)
public String login(String username,String password){
/*获取当前对象*/
Subject subject = SecurityUtils.getSubject();
/*获取token令牌*/
System.out.println("111111111111");
UsernamePasswordToken tkoen=new UsernamePasswordToken(username,password);
System.out.println("22222222222");
try {
System.out.println("33333333333333");
subject.login(tkoen);/*这步开始进行认证*/
System.out.println("5555555555");
} catch (AuthenticationException e) {
return "error";
}
if (subject.isAuthenticated()) {
System.out.println("66666666666");
//当前用户经过了认证
return "redirect:/home.jsp";
} else {
tkoen.clear();
return "redirect:/login.jsp";
}
}
其中通过SecurityUtils.getSubject();方法获取当前对象,然后在创建一个token令牌使用UsernamePasswordToken(username,password);在把这个令牌 传递给subject.login(tkoen)方法,通过这个方法传入到自定义的Realm类。
/*先认证在授权*/
public class MyRealm extends AuthorizingRealm {
@Autowired
private UserService service;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token= (UsernamePasswordToken) authenticationToken;
String username=token.getUsername();
/*进行认证*/
User user= service.selectOne(username);
if(user==null){
return null;
}
SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),getName());
System.out.println("7777777777777");
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("88887");
String username = (String) super.getAvailablePrincipal(principalCollection);
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
System.out.println("8888888888");
/*查询用户的角色*/
List<String> roles= service.selectRole(username);
info.addRoles(roles);
/*查询用户权限*/
List<String> permissions=service.selectPermission(username);
info.addStringPermissions(permissions);
return info;
}
在自定义的Realm类中首先要继承AuthorizingRealm 授权类,因为AuthorizingRealm 类中继承了认证类。然后冲写授权和认证方法。
关于Shiro的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!--自定义Realm类-->
<bean id="myRealm" class="com.qf.ssm.Realm.MyRealm"/>
<!--配置安全管理器-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean>
<!--配置shiro工厂-->
<bean class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" id="shiroFilter">
<property name="securityManager" ref="securityManager"/>
<property name="unauthorizedUrl" value="/403"/>
<!--shiro过滤器-->
<property name="filterChainDefinitions">
<value>
/visitor/** = anon
/home** = authc
/user/** = authc,perms[permission:user]
/admin/** = authc,perms[permission:admin]
</value>
</property>
</bean>
</beans>
运行结果如图所示,你会发现关于它的执行流程如下图
111111111111
22222222222
33333333333333
111111111111
22222222222
33333333333333
7777777777777
5555555555
66666666666
88887
8888888888
关于Shiro中的自带过滤器
Filter Name Class
anon org.apache.shiro.web.filter.authc.AnonymousFilter
authc org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
logout org.apache.shiro.web.filter.authc.LogoutFilter
noSessionCreation org.apache.shiro.web.filter.session.NoSessionCreationFilter
perms org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port org.apache.shiro.web.filter.authz.PortFilter
rest org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl org.apache.shiro.web.filter.authz.SslFilter
user org.apache.shiro.web.filter.authc.UserFilter