依赖:spring-context,spring-MVC,shiro-core,shiro-spring,shiro-web

实话实说:web.xml,spring,springmvc配置文件好难

大致效果

代码结构(使用web骨架构建)

pom.xml

<dependencies>

        <dependency>

            <groupId>junit</groupId>

            <artifactId>junit</artifactId>

            <version>4.11</version>

            <scope>test</scope>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-context</artifactId>

            <version>4.2.4.RELEASE</version>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-webmvc</artifactId>

            <version>4.2.4.RELEASE</version>

        </dependency>

        <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-core</artifactId>

            <version>1.4.0</version>

        </dependency>

        <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-spring</artifactId>

            <version>1.4.0</version>

        </dependency>

        <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-web</artifactId>

            <version>1.4.0</version>

        </dependency>

    </dependencies>

实体类User

public class User {

    private int id;

    private String username;

    private String password;

    public User() {

    }

    public User(String username, String password) {

        this.username = username;

        this.password = password;

    }

    public User(int id, String username, String password) {

        this.id = id;

        this.username = username;

        this.password = password;

    }

    @Override

    public String toString() {

        return "User{" +

                "id=" + id +

                ", username='" + username + '\'' +

                ", password='" + password + '\'' +

                '}';

    }

    public int getId() {

        return id;

    }

    public void setId(int id) {

        this.id = id;

    }

    public String getUsername() {

        return username;

    }

    public void setUsername(String username) {

        this.username = username;

    }

    public String getPassword() {

        return password;

    }

    public void setPassword(String password) {

        this.password = password;

    }

}

自定义Realm 域  类(加盐)

public class CustomRealm extends AuthorizingRealm {    
  @Override  //授权

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        String username = (String) principals.getPrimaryPrincipal();

        //通过用户名username,获取角色

        Set<String> roles=getRolesByUsername(username);

        //通过用户名username,获取角色de权限

        Set<String> permissions=getPermissionsByUsrname(username);

        //返回AuthorizationInfo对象,先创建

        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();

        //设置授权  ---角色

        info.setRoles(roles);

        //设置授权  ---权限

        info.setStringPermissions(permissions);

        return info;

    }

    private Set<String> getPermissionsByUsrname(String username) {

        //也是从数据库去,这里写死

        Set<String> permissions=new HashSet<>();

        permissions.add("user:select");

        permissions.add("user:update");

        permissions.add("user:delete");

        permissions.add("user:insert");

        return permissions;

    }

    private Set<String> getRolesByUsername(String username) {

        //也是从数据库去,这里写死

        Set<String> roles=new HashSet<>();

        roles.add("admin");

        roles.add("user");

        return roles;

    }

    @Override  //认证

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        String username = (String) token.getPrincipal();

        System.out.println("用户名:"+username);

        String pwd=getPwdByUsername(username);

        System.out.println("密  码:"+pwd);

        if (pwd==null){

            return null;

        }

        SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,pwd,"customRealmSecret");
     info.setCredentialsSalt(ByteSource.Util.bytes("salt"));

        return info;

    }

    private String getPwdByUsername(String username) {

        Map<String,String> map=new HashMap<>();

        //加密的密码admin再加盐   --->c657540d5b315892f950ff30e1394480

        map.put("admin","c657540d5b315892f950ff30e1394480");

        super.setName("customRealmSecret");

        return map.get(username);

    }

}

控制器controller

@Controller

public class UserController {

    @ResponseBody

    @RequestMapping(value = "/subLogin",method = RequestMethod.POST,produces="application/json;charset=utf-8")

    public String subLogin(User user){

        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());

        try {

            subject.login(token);

        } catch (AuthenticationException e) {

            return e.getMessage();

        }

        return "登录成功";

    }

}

login.htnl

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <title>shiro登录页面</title>

</head>

<body>

    <form action="subLogin" method="post">

        <input type="text" name="username"/><br/>

        <input type="password" name="password"/><br/>

        <input type="submit" value="登录"/>

    </form>

</body>

</html>

重头戏:配置文件

web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xmlns="http://java.sun.com/xml/ns/javaee"

         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

         id="WebApp_ID" version="3.0">

  <context-param>

    <param-name>contextConfigLocation</param-name>

    <param-value>classpath*:spring/spring.xml</param-value>

  </context-param>

  <listener>

    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

  </listener>

  <listener>

    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>

  </listener>

  <filter>

    <filter-name>shiroFilter</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

  </filter>

  <filter-mapping>

    <filter-name>shiroFilter</filter-name>

    <url-pattern>/*</url-pattern>

  </filter-mapping>

  <!-- The front controller of this Spring Web application, responsible for handling all application requests -->

  <servlet>

    <servlet-name>springDispatcherServlet</servlet-name>

    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

    <init-param>

      <param-name>contextConfigLocation</param-name>

      <param-value>classpath*:spring/springmvc.xml</param-value>

    </init-param>

    <load-on-startup>1</load-on-startup>

  </servlet>

  <!-- Map all requests to the DispatcherServlet for handling -->

  <servlet-mapping>

    <servlet-name>springDispatcherServlet</servlet-name>

    <url-pattern>/</url-pattern>

  </servlet-mapping>

</web-app>

spring.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:mvc="http://www.springframework.org/schema/mvc"

       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

       http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

        <property name="securityManager" ref="securityManager"/>

        <property name="loginUrl" value="login.html"/>

        <property name="unauthorizedUrl" value="403.html"/>

        <!--过滤器页面-->

        <property name="filterChainDefinitions">

            <value>

                /subLogin=anon          <!--提交登录的url也不需要认证-->

                /login.html=anon         <!--不需要认证,也可以访问-->

                /*=authc                <!--需要认证,才可以访问-->

            </value>

        </property>

    </bean>

    <!--创建securityManager对象-->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="realm" ref="realm"/>

    </bean>

    <bean class="com.imooc.shiro.realm.CustomRealm" id="realm">

        <property name="credentialsMatcher" ref="credentialsMatcher"/>

    </bean>

    <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"

          id="credentialsMatcher">

        <property name="hashAlgorithmName" value="md5"/>

        <property name="hashIterations" value="1"/>

    </bean>

</beans>

springmvc.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:context="http://www.springframework.org/schema/context"

       xmlns:mvc="http://www.springframework.org/schema/mvc"

       xsi:schemaLocation="

        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

<context:component-scan base-package="com.imooc.controller"/>

    <mvc:annotation-driven/>

    <!--排除静态文件-->

    <mvc:resources mapping="/*" location="/"/>

</beans>

个人总结下啦:

  难在配置,特别有个坑在spring的bean里面,要的是web的

  <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
  而我配少了个web
  <bean id="securityManager" class="org.apache.shiro.mgt.DefaultWebSecurityManager">
哎,这就搞了我一晚头大,买了个表,顶
还有就是,理解好,shiro的
shiroFilter,
DefaultWebSecurityManager,
CustomRealm(自定义的域),
HashedCredentialsMatcher(加密),
也就七七八八了

shiro学习(四、shiro集成spring+springmvc)的更多相关文章

  1. Apache Shiro学习-2-Apache Shiro Web Support

     Apache Shiro Web Support  1. 配置 将 Shiro 整合到 Web 应用中的最简单方式是在 web.xml 的 Servlet ContextListener 和 Fil ...

  2. Drools 7.4.1.Final参考手册(十四)集成Spring

    集成Spring Drools 6.0重要变更 Drools Spring集成经历了与Drools 6.0的变化完全一致的改造. 以下是一些主要的变化: T*推荐的Drools Spring的前缀已经 ...

  3. javaweb各种框架组合案例(四):maven+spring+springMVC+spring data jpa(hibernate)【失败案例】

    一.失败案例 1. 控制台报错信息 严重: Exception sending context initialized event to listener instance of class org. ...

  4. shiro与Web项目整合-Spring+SpringMVC+Mybatis+Shiro(八)

    Jar包

  5. shiro基础学习(四)—shiro与项目整合

    一.认证 1.配置web.xml   2.配置applicationContext.xml      在applicationContext.xml中配置一个bean,ID和上面的过滤器的名称一致. ...

  6. Shiro学习

    Shiro学习资源 Shiro官网,http://shiro.apache.org/index.html 学习网站链接,http://blog.java1234.com/blog/articles/4 ...

  7. Quartz学习——SSMM(Spring+SpringMVC+Mybatis+Mysql)和Quartz集成详解(四)

    当任何时候觉你得难受了,其实你的大脑是在进化,当任何时候你觉得轻松,其实都在使用以前的坏习惯. 通过前面的学习,你可能大致了解了Quartz,本篇博文为你打开学习SSMM+Quartz的旅程!欢迎上车 ...

  8. (转) Quartz学习——SSMM(Spring+SpringMVC+Mybatis+Mysql)和Quartz集成详解(四)

    http://blog.csdn.net/u010648555/article/details/60767633 当任何时候觉你得难受了,其实你的大脑是在进化,当任何时候你觉得轻松,其实都在使用以前的 ...

  9. Shiro学习(12)与Spring集成

    Shiro的组件都是JavaBean/POJO式的组件,所以非常容易使用spring进行组件管理,可以非常方便的从ini配置迁移到Spring进行管理,且支持JavaSE应用及Web应用的集成. 在示 ...

随机推荐

  1. linux 搜索文件夹下的所有文件内容

    find . -type f -name "*.*" | xargs grep "博客园"

  2. dubbo学习笔记(一)超时与重试

    dubbo提供在provider和consumer端,都提供了超时(timeout)和重试(retries)的参数配置. 配置方式 provider端在<dubbo:service>中配置 ...

  3. other备忘

    wps CONCATENATE 只是因为格式 设置成了文本,把这列 格式 设置成 常规,双击下 结果就出来了 https://zhidao.baidu.com/question/21208668961 ...

  4. vue如何动态绑定v-model

    如图所示有三个字段要从弹出的输入框取值点击字段会弹出上面的弹窗,输入input会响应变化,比如点击身高,弹出输入框,输入值后身高后面会跟着一个同样的值点击体重,弹出输入框,输入值后体重后面会跟着一个同 ...

  5. 前端知识点回顾之重点篇——AJAX

    Ajax(Asynchronous JavaScript and XML) 这种技术就是无须刷新页面即可从服务器中取得数据,但不一定是XML数据.在原生方法上,Ajax技术的核心是XMLHttpReq ...

  6. selenium死活定位不到元素以及radio单选框点击不生效

    今天操作一个单选框浪费太多时间,现在其实很简单得东西,记录一下: 1,问题一,定位不到 如图,使用selenium IDE和xpath helper都试过,无法成功定位到这个单选框,实际上是因为,这个 ...

  7. MySQL数据库锁机制之MyISAM引擎表锁和InnoDB行锁详解

    转 http://blog.csdn.net/hsd2012/article/details/51112009 转 http://blog.csdn.net/e421083458/article/de ...

  8. Linux学习—maven安装

    1.下载maven安装包 cd /usr/local/ wget http://mirror.bit.edu.cn/apache/maven/maven-//binaries/apache-maven ...

  9. matlab之编写函数m文件计算排列组合Cnm

    function y=myfun(n) y=1; for i in 1:n; y=y*(m-i+1)/i; end 给y赋初值 给i遍历 计算每一项的乘积之和 注意:要保存函数的名字为myfun,因为 ...

  10. 用myeclipse连接MySQL8.0时没有配置jar包

    先上测试代码 package testJdbc; import java.sql.Connection; import java.sql.DriverManager; import java.sql. ...