(三)Shiro整合SSM实践
2018-01-24 12:02
417 查看
maven工程的pom文件引入相关的依赖就不赘述了。下面开始过程:
shiro本质还是过滤器所以,
首先在web.xml中进行如下配置:
然后spring-shiro.xml的配置大致如下:
注意:如果用shiro的注解,需要在spring-mvc.xml中配置下面:
自定义的Realm类:
service、dao代码暂时省去。
controller代码如下:
JSP页面如果使用标签,需要引入:
这样,就完成了和ssm的整合,项目中就可以使用编程式、注解、JSP标签进行shiro的使用了。
shiro本质还是过滤器所以,
首先在web.xml中进行如下配置:
<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
然后spring-shiro.xml的配置大致如下:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd"> <!-- 自定义的Realm实现 --> <bean id="bugeasyRealm" class="bugeasy.shiro.BugeasyRealm"></bean> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="bugeasyRealm" /> <property name="sessionManager" ref="sessionManager" /> <property name="cacheManager" ref="cacheManager"/> </bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"/> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/pages/login.jsp"></property> <property name="successUrl" value="/pages/main.jsp"/> <property name="unauthorizedUrl" value="/pages/unauthorized.jsp"/> <property name="filterChainDefinitions"> <!-- anon 访客访问; authc 认证通过即可; user 记住的或者认证通过的; --> <value> /user/login = anon /js/** = anon /images/** = anon /index.jsp = anon /pages/register.jsp = anon /pages/login.jsp = anon /logout = logout /pages/test/testFileUpload.jsp = anon /file/upload = anon /** = authc </value> </property> </bean> <!-- 基于Form表单的身份验证过滤器,不配置将也会注册此过虑器,表单中的用户账号、密码及loginurl将采用默认值,建议配置 --> <!-- <bean id="formAuthenticationFilter" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"> 表单中账号的input名称 <property name="usernameParam" value="usercode" /> 表单中密码的input名称 <property name="passwordParam" value="password" /> <property name="rememberMeParam" value="rememberMe"/> loginurl:用户登陆地址,此地址是可以http访问的url地址 <property name="loginUrl" value="/user/login" /> </bean> --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true"/> </bean> <!-- 会话ID生成器 --> <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/> <!-- 会话DAO --> <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"> <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/> <property name="sessionIdGenerator" ref="sessionIdGenerator"/> </bean> <!-- 会话验证调度器 --> <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler"> <property name="sessionValidationInterval" value="1800000"/> <property name="sessionManager" ref="sessionManager"/> </bean> <!-- 会话Cookie模板 --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <!-- <constructor-arg value="sid"/> --> <property name="httpOnly" value="true"/> <property name="maxAge" value="180000"/> <constructor-arg name="name" value="shiro.sesssion"/> <property name="path" value="/"/> </bean> <!-- 会话管理器 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="globalSessionTimeout" value="1800000"/> <property name="deleteInvalidSessions" value="true"/> <property name="sessionValidationSchedulerEnabled" value="true"/> <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/> <property name="sessionDAO" ref="sessionDAO"/> <property name="sessionIdCookieEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> </bean> </beans>
注意:如果用shiro的注解,需要在spring-mvc.xml中配置下面:
<!-- 开启shiro注解的支持。 --> <aop:config proxy-target-class="true"></aop:config> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean>
自定义的Realm类:
public class BugeasyRealm extends AuthorizingRealm { @Autowired private UserService userService; @Autowired private RoleService roleService; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("--------------------------开始授权认证---------------------------------"); //授权 String username = (String)principals.getPrimaryPrincipal(); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); Set<String> roles = userService.getUserRoleByName(username); authorizationInfo.setRoles(roles); Set<String> permissions = roleService.getRolePermissionsByRoleIds(username); authorizationInfo.setStringPermissions(permissions); return authorizationInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { //身份认证 String name = (String) token.getPrincipal(); String password = new String( (char[])token.getCredentials()); UserBean userBean = new UserBean(); userBean.setName(name); userBean.setPassword(password); UserBean hasBean = userService.getUserByNameAndPwd(userBean); if(hasBean == null){ throw new UnknownAccountException();//没找到帐号 } AuthenticationInfo info = new SimpleAuthenticationInfo(name,password,"bugeasyRealm"); return info; } }
service、dao代码暂时省去。
controller代码如下:
@PostMapping(path="/login") public ModelAndView loginByShiro(HttpServletRequest request, HttpServletResponse response,@ModelAttribute("user") UserBean user){ ModelAndView mv = new ModelAndView(); if(user != null){ Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(user.getName(), user.getPassword()); try{ subject.login(token); mv.addObject("user", user); mv.addObject("userName", user.getName()); mv.setViewName("/main"); }catch(Exception e){ e.printStackTrace(); mv.addObject("errmsg", "登录的用户名/密码错误,请重新登录"); mv.setViewName("/login"); } return mv; } return mv; }
JSP页面如果使用标签,需要引入:
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
这样,就完成了和ssm的整合,项目中就可以使用编程式、注解、JSP标签进行shiro的使用了。
相关文章推荐
- (十一)shiro与ssm整合
- SSM springmvc mybatis 整合 bootstrap maven shiro druid ehcache SSM
- SSM整合shiro进行权限控制以及shiro的一些特殊功能实现
- Shiro实现(一): SSM整合笔记实现登录,授权功能
- ssm项目整合shiro
- JavaWeb项目:Shiro实现简单的权限控制(整合SSM)
- springmvc SSM java redis shiro ehcache 整合
- shiro与SSM项目整合
- ssm+shiro+swaggerUI 整合
- ssm和shiro整合,shiro的自定义的realm不能自动注入的问题
- shiro学习笔记(一):shiro介绍以及整合SSM框架
- ssm整合shiro
- 在 SSM 框架整合 Shiro 的相关案例
- java中SSM整合shiro dubbo service层相互调用
- SSM+shiro整合
- Maven+SSM+Shiro整合配置
- 7、ssm整合shiro
- idea ssm整合shiro shiro的基本用法
- Shiro整合SSM框架详细步骤
- Apache Shiro之实际运用(整合到Spring中)将Shiro整到SSM中(基于maven)