spring+shiro
2015-10-31 21:01
399 查看
一、在web.xml配制shiroFilter
[html] view
plaincopy
<span style="white-space:pre"> </span><filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
二、在spring的application.xml中添加配制,缓存配制暂未使用
[html] view
plaincopy
<span style="white-space:pre"> </span><!--securityManager是shiro的核心,初始化时协调各个模块运行-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--单个realm使用realm,如果有多个realm,使用realms属性代替-->
<property name="realm" ref="shiroRealm" />
<!-- <property name="cacheManager" ref="shiroEhcacheManager" /> -->
</bean>
<!--realm配置,realm是shiro的桥梁,它主要是用来判断subject是否可以登录及权限等-->
<bean id="shiroRealm" class="com.shiro.realm.ShiroRealm">
<property name="userService" ref="userService" />
</bean>
<bean id="userService" class="com.shiro.service.UserService" />
<!--shiro过滤器配置,bean的id值须与web中的filter-name的值相同-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<!-- 没有权限或者失败后跳转的页面 -->
<property name="loginUrl" value="/index.jsp" />
<property name="successUrl" value="/loginSuccess.jsp" />
<property name="unauthorizedUrl" value="" />
<property name="filterChainDefinitions">
<value>
/logout.do = logout
/user/** = authc
/admin/** = authc,roles[admin]
</value>
</property>
</bean>
<!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->
<!--
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="/WEB-INF/ehcache-shiro.xml" />
</bean>
-->
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
三、ShiroRealm文件基本代码
ShiroRealm extends AuthorizingRealm
[java] view
plaincopy
/**
* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
*/
@SuppressWarnings("unused")
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection p) {
logger.info("授权认证:" + p.getRealmNames());
ShiroUser shiroUser = (ShiroUser)p.getPrimaryPrincipal();
User user = userService.getUserByName(shiroUser.loginName);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (Role role : user.getRoles()) {
//基于用户名的角色信息
info.addRole(role.getName());
//基于角色的权限信息
info.setStringPermissions(role.getPermissions());
}
return info;
}
[java] view
plaincopy
[java] view
plaincopy
/**
* 认证回调函数,登录时调用.
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
logger.info("authc pass:");
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
logger.info("authc name:" + token.getUsername());
User user = userService.getUserByName(token.getUsername());
if (user != null) {
logger.info("authc name:" + token.getUsername() + " user:"
+ user.getName() + " pwd:" + user.getPwd()
+ "getname:" + getName());
return new SimpleAuthenticationInfo(new ShiroUser(user.getName(), user.getName()),
user.getPwd(), getName());
}
return null;
}
四、User与Role实体(用户关联角色,角色关联权限的关系,个人习惯,可自行配制其他方式)
[java] view
plaincopy
User
private String name;
private String pwd;
private List<Role> roles;
Role
private String name;
private Set<String> permissions;
五、页面shiro常用标签的使用
[html] view
plaincopy
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<shiro:guest>//未登录</shiro:guest>
<shiro:user>//当前有用户登录
<shiro:principal />//当前登录用户名
</shiro:user>
<shiro:hasRole name="admin">//角色为admin</shiro:hasRole>
<shiro:hasPermission name="insert">//具有insert权限</shiro:hasPermission>
[html] view
plaincopy
<pre code_snippet_id="105013" snippet_file_name="blog_20131209_9_6571876"></pre>
<pre></pre>
<pre></pre>
<div style="padding-top:20px">
<p style="font-size:12px;">版权声明</p>
</div>
原文链接:http://blog.csdn.net/lyh_974056553/article/details/17229667
[html] view
plaincopy
<span style="white-space:pre"> </span><filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
二、在spring的application.xml中添加配制,缓存配制暂未使用
[html] view
plaincopy
<span style="white-space:pre"> </span><!--securityManager是shiro的核心,初始化时协调各个模块运行-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--单个realm使用realm,如果有多个realm,使用realms属性代替-->
<property name="realm" ref="shiroRealm" />
<!-- <property name="cacheManager" ref="shiroEhcacheManager" /> -->
</bean>
<!--realm配置,realm是shiro的桥梁,它主要是用来判断subject是否可以登录及权限等-->
<bean id="shiroRealm" class="com.shiro.realm.ShiroRealm">
<property name="userService" ref="userService" />
</bean>
<bean id="userService" class="com.shiro.service.UserService" />
<!--shiro过滤器配置,bean的id值须与web中的filter-name的值相同-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<!-- 没有权限或者失败后跳转的页面 -->
<property name="loginUrl" value="/index.jsp" />
<property name="successUrl" value="/loginSuccess.jsp" />
<property name="unauthorizedUrl" value="" />
<property name="filterChainDefinitions">
<value>
/logout.do = logout
/user/** = authc
/admin/** = authc,roles[admin]
</value>
</property>
</bean>
<!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->
<!--
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="/WEB-INF/ehcache-shiro.xml" />
</bean>
-->
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
三、ShiroRealm文件基本代码
ShiroRealm extends AuthorizingRealm
[java] view
plaincopy
/**
* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
*/
@SuppressWarnings("unused")
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection p) {
logger.info("授权认证:" + p.getRealmNames());
ShiroUser shiroUser = (ShiroUser)p.getPrimaryPrincipal();
User user = userService.getUserByName(shiroUser.loginName);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (Role role : user.getRoles()) {
//基于用户名的角色信息
info.addRole(role.getName());
//基于角色的权限信息
info.setStringPermissions(role.getPermissions());
}
return info;
}
[java] view
plaincopy
[java] view
plaincopy
/**
* 认证回调函数,登录时调用.
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
logger.info("authc pass:");
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
logger.info("authc name:" + token.getUsername());
User user = userService.getUserByName(token.getUsername());
if (user != null) {
logger.info("authc name:" + token.getUsername() + " user:"
+ user.getName() + " pwd:" + user.getPwd()
+ "getname:" + getName());
return new SimpleAuthenticationInfo(new ShiroUser(user.getName(), user.getName()),
user.getPwd(), getName());
}
return null;
}
四、User与Role实体(用户关联角色,角色关联权限的关系,个人习惯,可自行配制其他方式)
[java] view
plaincopy
User
private String name;
private String pwd;
private List<Role> roles;
Role
private String name;
private Set<String> permissions;
五、页面shiro常用标签的使用
[html] view
plaincopy
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<shiro:guest>//未登录</shiro:guest>
<shiro:user>//当前有用户登录
<shiro:principal />//当前登录用户名
</shiro:user>
<shiro:hasRole name="admin">//角色为admin</shiro:hasRole>
<shiro:hasPermission name="insert">//具有insert权限</shiro:hasPermission>
[html] view
plaincopy
<pre code_snippet_id="105013" snippet_file_name="blog_20131209_9_6571876"></pre>
<pre></pre>
<pre></pre>
<div style="padding-top:20px">
<p style="font-size:12px;">版权声明</p>
</div>
原文链接:http://blog.csdn.net/lyh_974056553/article/details/17229667
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Java实现长连接
- 在GitHub下载spring源码
- Java多线程学习(吐血超详细总结)
- java.util.ResourceBundle使用详解(java国际化)
- Java并发编程:深入剖析ThreadLocal
- Struts2中的文件上传和文件下载
- eclipse importing maven projects 9% 不动
- spring4+hibernate4+maven环境搭建
- JAVA Servlet实现验证码
- Spring execution 表达式
- 堆排序heapSort java实现
- Eclipse报错:java.lang.ClassNotFoundException: ContextLoaderListener(Maven工程)
- 基于spring的数据库读写分离
- SpringMVC简单地入门程序
- spring事务常见问题、异常分析和解决方法
- 基于java的Socket简单知识做的多人聊天室
- ThreadLocal讲解
- Java内部类的使用小结
- xml只定义的textview如何在java中获得
- java的锁机制