spring mvc + shiro 登陆验证
2016-09-08 14:51
218 查看
1.在spring mvc配置文件中添加shiro的配置
2.写一个MyRealm类并继承AuthorizingRealm
3.登陆方法
<bean id="myRealm" class="com.suninfo.util.MyRealm"/> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm"></property> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"></property> <property name="successUrl" value="/index.do"></property> <property name="loginUrl" value="/login.do"></property> <property name="unauthorizedUrl" value="/login.do"></property> <property name="filterChainDefinitions"> <value> /login/login.do = anon /login/load.do = anon /images/** = anon /css/** = anon /js/** = anon /lang/** = anon /system/** = anon /**=authc </value> </property> </bean>
2.写一个MyRealm类并继承AuthorizingRealm
package com.suninfo.util;
import org.apache.commons.lang.builder.ReflectionToStringBuilder;
import org.apache.commons.lang.builder.ToStringStyle;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
public class MyRealm extends AuthorizingRealm {
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals){
// //获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()
// String currentUsername = (String)super.getAvailablePrincipal(principals);
// SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
// //实际中可能会像上面注释的那样从数据库取得
// if(null!=currentUsername && "jadyer".equals(currentUsername)){
// //添加一个角色,不是配置意义上的添加,而是证明该用户拥有admin角色
// simpleAuthorInfo.addRole("admin");
// //添加权限
// simpleAuthorInfo.addStringPermission("admin:manage");
// System.out.println("已为用户[jadyer]赋予了[admin]角色和[admin:manage]权限");
// return simpleAuthorInfo;
// }else if(null!=currentUsername && "玄玉".equals(currentUsername)){
// System.out.println("当前用户[玄玉]无授权");
// return simpleAuthorInfo;
// }
// //若该方法什么都不做直接返回null的话,就会导致任何用户访问/admin/listUser.jsp时都会自动跳转到unauthorizedUrl指定的地址
// //详见applicationContext.xml中的<bean id="shiroFilter">的配置
return null;
}
/**
* 验证当前登录的Subject
* @see 经测试:本例中该方法的调用时机为LoginController.login()方法中执行Subject.login()时
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken)authcToken;
System.out.println("验证当前Subject时获取到token为" + ReflectionToStringBuilder.toString(token, ToStringStyle.MULTI_LINE_STYLE));
if (token.getUsername() != null) {
AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(token.getUsername(), token.getPassword(), this.getName());
this.setSession("currentUser", token.getUsername()); //设置session值
return authcInfo;
}
return null;
}
/**
* 将一些数据放到ShiroSession中,以便于其它地方使用
* @see
*/
private void setSession(Object key, Object value){
Subject currentUser = SecurityUtils.getSubject();
if(null != currentUser){
Session session = currentUser.getSession();
System.out.println("Session默认超时时间为[" + session.getTimeout() + "]毫秒");
if(null != session){
session.setAttribute(key, value);
}
}
}
}3.登陆方法
@RequestMapping(value = "login")
@ResponseBody
public Object login() {
String username = (String)this.getParameter("username");
String password = (String)this.getParameter("password");
User user = new User(username, password);
user = userService.getUserByPwd(user);
if (null == user) {
// login failed
return this.error2Json(ErrorCode.LOGIN_USREPWD_NOMATCH, "no match!!!");
}
this.setSessionAttr(Const.SESSION_LOGGED, true);
this.setSessionAttr(Const.SESSION_USER, user);
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(true);
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(token);
/* try {
Subject subject = this.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
subject.login(token);
} catch (AuthenticationException e) {
return this.error2Json(ErrorCode.LOGIN_TOKEN_EXCEPTION, "token exception!!!");
} */
Map map = new HashMap();
map.put("success", true);
return map;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(二)基于SpringMVC+Shiro的用户登录权限验证
- Spring MVC + Shiro 实现权限验证
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(四)基于Shiro验证用户权限,且给用户授权
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)给Shiro登录验证加上验证码
- Spring boot +spring mvc+shiro 登录验证demo
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)给Shiro登录验证加上验证码
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(二)基于SpringMVC+Shiro的用户登录权限验证
- SpringMVC HandlerInterceptorAdapter登陆验证拦截器
- Spring MVC + Shiro 实现权限验证
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)给Shiro登录验证加上验证码
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(二)基于SpringMVC+Shiro的用户登录权限验证
- shiro +springmvc+freemarker session问题处理 shiro无法记录登陆前页面问题
- 第二章 身份验证——跟我学习springmvc shiro mybatis
- 第二章 身份验证——跟我学习springmvc shiro mybatis
- 关于spring mvc + shiro 的登陆认证
- SpringMVC Mybatis Shiro RestTemplate的实现客户端无状态验证及访问控制【转】
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(四)基于Shiro验证用户权限,且给用户授权
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(四)基于Shiro验证用户权限,且给用户授权
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)给Shiro登录验证加上验证码
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)给Shiro登录验证加上验证码