1、创建spring工程
配置:
(1)web.xml中配置shiro
<!--shiro 的配置--> <filter> <filter-name>shiro</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiro</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
(2)applicationContext.xml中的配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd "> <context:component-scan base-package="com.test"/> <mvc:annotation-driven/> <!--字符串和页面绑定--> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/"/> <property name="suffix" value=".jsp"/> </bean> <bean id="ds" class="com.alibaba.druid.pool.DruidDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"/> <property name="url" value="jdbc:mysql://localhost:3306/shiro2"/> <property name="username" value="root"/> <property name="password" value="123456"/> </bean> <!--域--> <bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm"> <property name="dataSource" ref="ds"/> <property name="permissionsLookupEnabled" value="true"/> <property name="authenticationQuery" value="select pwd from users where account=?"/> <property name="userRolesQuery" value="select role_name from user_role left join role using(rid) left join users using(uid) where account=?"/> <property name="permissionsQuery" value="select perm_name from role_perm left join role using(rid) left join perms using(pid) where role_name=?"/> </bean> <!--缓存器--> <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"></bean> <!--安全管理器--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="jdbcRealm"/> <property name="cacheManager" ref="cacheManager"/> </bean> <!--shiro过滤器--> <bean id="shiro" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <!--访问需要登陆的,先去登录--> <property name="loginUrl" value="/toLogin.do"/> <!--登录成功之后--> <!-- <property name="successUrl" value="/success.jsp"/>--> <!--无权访问的--> <property name="unauthorizedUrl" value="/toNoqx.do"/> <property name="filterChainDefinitions"> <value> /admin/**=authc,roles[经理] /**=anon </value> </property> </bean> <bean class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"/> </beans>
2、在index.xml中设置不同的跳转路径
<body> <a href="admin/main.jsp">后台管理</a><br/> <a href="admin/user.jsp">用户管理</a><br/> <a href="role.jsp">角色管理</a><br/> <a href="login.jsp">去登录</a> </body>
3、在web文件夹下新建admin文件,并在此文件夹下新建main.jsp/user.jsp
4、
(1)创建main.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <html> <head> <title>Title</title> <link rel="stylesheet" href="../css/icon.css"> <link rel="stylesheet" href="../css/easyui.css"> <script type="text/javascript" src="../js/jquery.js"></script> <script type="text/javascript" src="../js/easyui.js"></script> <script> function init() { $("#first").datagrid({ title: "用户管理", columns: [[ {field: "account", title: "账号", width: 100} ]], toolbar: [ <shiro:hasPermission name="user:create"> {text: "添加", iconCls: "icon-add"}, </shiro:hasPermission> <shiro:hasPermission name="user:remove"> {text: "删除", iconCls: "icon-remove"} </shiro:hasPermission> ] }); } $(init); </script> </head> <body> <div id="first"></div> </body> </html>
(2)创建user.jsp
<body> 用户管理 </body>
(3)创建role.jsp
<body> 角色管理 </body>
(4)创建noqx.jsp
<body> 无权访问 </body>
4、运行项目,根据index.xml中的跳转,情况如下
(1)当用户登录,并且是经理时,根据经理这个角色拥有的权限,点击后台管理 ,对应该账号可以进入admin文件下的main.jsp:
(2)当用户登录,但是该用户的角色,没有进入后台管理的权限:
当登录成功后,点击后台管理,页面显示为:无权访问
(3)同理,
当用户登录,但是该用户的角色没有进入用户管理的权限:
当登录成功后,点击用户管理,页面显示为:无权访问
但是,当用户拥有进入用户管理的权限时,登录成功后,点击用户管理,页面显示为:用户管理
(4)由于角色管理没有设置在admin文件夹下,故都可以访问
5、项目目录如下:
UserController类中
@Controller public class UserController { @RequestMapping("login.do") public String login(String account,String pwd){ try { Subject user = SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken(account,pwd); user.login(token); return "success"; } catch (Exception e) { return "failure"; } } @RequiresRoles("经理") @RequestMapping("toRole.do") @ResponseBody public String toRole(){ return "toRole"; } @RequestMapping("toLogin.do") public String toLogin() { System.out.println("到达了"); return "login"; } @RequestMapping("toNoqx.do") public String toNoqx() { return "noqx"; } }
496
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
