一、web.xml的配置

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>shiro_ssm</display-name>
<!-- spring的配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml,
classpath:applicationContext-shiro.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>



<!-- spring mvc核心:分发servlet -->
	<servlet>
		<servlet-name>mvc-dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<!-- spring mvc的配置文件 -->
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>classpath:springMVC.xml</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>mvc-dispatcher</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>




<!-- Shiro配置 -->
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
</web-app>


 




二、数据库访问配置文件applicationContext.xml




<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
     http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
     http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
     http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">


<context:annotation-config />
     <context:component-scan base-package="com.yuanbo.service"></context:component-scan>


<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
     	<property name="driverClassName">
     		<value>com.mysql.jdbc.Driver</value>
     	</property>
     	<property name="url">
     		<value>jdbc:mysql://127.0.0.1:3306/shiro?serverTimezone=GMT%2B8</value>
     	</property>
     	<property name="username">
     		<value>root</value>
     	</property>
     	<property name="password">
     		<value>123456</value>
     	</property>
     </bean>


<bean id="sqlSession" class="org.mybatis.spring.SqlSessionFactoryBean">
     	<property name="typeAliasesPackage" value="com.yuanbo.pojo"></property>
     	<property name="dataSource" ref="dataSource"></property>
     	<property name="mapperLocations" value="classpath:com/yuanbo/mapper/*.xml"></property>
     </bean>


<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
     	<property name="basePackage" value="com.yuanbo.mapper"></property>
     </bean>
</beans>


 




三、shiro配置文件applicationContext-shiro.xml




<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util"

    xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"

    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc"

    xmlns:aop="http://www.springframework.org/schema/aop"

    xsi:schemaLocation="http://www.springframework.org/schema/beans

    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx

    http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context

    http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/mvc

    http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/aop

    http://www.springframework.org/schema/aop/spring-aop-3.2.xsd http://www.springframework.org/schema/util

    http://www.springframework.org/schema/util/spring-util.xsd">

    <!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

        <!-- 调用我们配置的权限管理器 -->

        <property name="securityManager" ref="securityManager" />

        <!-- 配置我们的登录请求地址 -->

        <property name="loginUrl" value="/login" />

        <!-- 如果您请求的资源不再您的权限范围,则跳转到/403请求地址 -->

        <property name="unauthorizedUrl" value="/unauthorized" />

        <!-- 退出 -->

        <property name="filters">

            <util:map>

                <entry key="logout" value-ref="logoutFilter" />

            </util:map>

        </property>

        <!-- 权限配置 -->

        <property name="filterChainDefinitions">

            <value>

                <!-- anon表示此地址不需要任何权限即可访问 -->

                /login=anon

                /index=anon

                /static/**=anon

                /doLogout=logout

                <!--所有的请求(除去配置的静态资源请求或请求地址为anon的请求)都要通过登录验证,如果未登录则跳到/login -->

                /** = authc

            </value>

        </property>

    </bean>

    <!-- 退出过滤器 -->

    <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">

        <property name="redirectUrl" value="/index" />

    </bean>

    <!-- 会话ID生成器 -->

    <bean id="sessionIdGenerator"

        class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />

    <!-- 会话Cookie模板 关闭浏览器立即失效 -->

    <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">

        <constructor-arg value="sid" />

        <property name="httpOnly" value="true" />

        <property name="maxAge" value="-1" />

    </bean>

    <!-- 会话DAO -->

    <bean id="sessionDAO"

        class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">

        <property name="sessionIdGenerator" ref="sessionIdGenerator" />

    </bean>

    <!-- 会话验证调度器,每30分钟执行一次验证 ,设定会话超时及保存 -->

    <bean name="sessionValidationScheduler"

        class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">

        <property name="interval" value="1800000" />

        <property name="sessionManager" ref="sessionManager" />

    </bean>

    <!-- 会话管理器 -->

    <bean id="sessionManager"

        class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">

        <!-- 全局会话超时时间(单位毫秒),默认30分钟 -->

        <property name="globalSessionTimeout" value="1800000" />

        <property name="deleteInvalidSessions" value="true" />

        <property name="sessionValidationSchedulerEnabled" value="true" />

        <property name="sessionValidationScheduler" ref="sessionValidationScheduler" />

        <property name="sessionDAO" ref="sessionDAO" />

        <property name="sessionIdCookieEnabled" value="true" />

        <property name="sessionIdCookie" ref="sessionIdCookie" />

    </bean>

    <!-- 安全管理器 -->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="realm" ref="databaseRealm" />

        <property name="sessionManager" ref="sessionManager" />

    </bean>

    <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->

    <bean

        class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">

        <property name="staticMethod"

            value="org.apache.shiro.SecurityUtils.setSecurityManager" />

        <property name="arguments" ref="securityManager" />

    </bean>

    <bean id="databaseRealm" class="com.yuanbo.realm.DatabaseRealm">

    </bean>

    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

</beans> 




四、springmvc基本配置springMVC.xml




<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"

    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"

    xmlns:context="http://www.springframework.org/schema/context"

    xmlns:mvc="http://www.springframework.org/schema/mvc"

    xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd

        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd

        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd

        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd

        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">

     <context:annotation-config />

     <context:component-scan base-package="com.yuanbo.controller">

         <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>

     </context:component-scan>

     <mvc:annotation-driven/>

     <mvc:default-servlet-handler/>

     <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">

         <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property>

         <property name="prefix" value="/WEB-INF/jsp"></property>

         <property name="suffix" value=".jsp"></property>

     </bean>

     <!-- 启用shiro注解 -->

     <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"

             depends-on="lifecycleBeanPostProcessor">

         <property name="proxyTargetClass" value="true"></property>

     </bean>

     <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">

         <property name="securityManager" ref="securityManager"></property>

     </bean>

     <!-- 控制器异常处理 -->

     <bean id="exceptionHandlerExceptionResolver" class="org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver"></bean>

     <bean class="com.yuanbo.exception.DefaultExceptionHandler"></bean>

</beans>




五、日志文件log4j.properties




# Global logging configuration

log4j.rootLogger=ERROR, stdout

# MyBatis logging configuration...

log4j.logger.com.yuanbo=TRACE

# Console output...

log4j.appender.stdout=org.apache.log4j.ConsoleAppender

log4j.appender.stdout.layout=org.apache.log4j.PatternLayout

log4j.appender.stdout.layout.ConversionPattern=%5p [%t] - %m%n




六、PageController




package com.yuanbo.controller;

import org.apache.shiro.authz.annotation.RequiresPermissions;

import org.apache.shiro.authz.annotation.RequiresRoles;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

@Controller

@RequestMapping("")

public class PageController {

    @RequestMapping("index")

    public String index() {

        return "index";

    }

    @RequiresPermissions("deleteOrder")

    @RequestMapping("deleteOrder")

    public String deleteOrder() {

        return "deleteOrder";

    }

    @RequiresRoles("productManager")

    @RequestMapping("deleteProduct")

    public String deleteProduct() {

        return "deleteProduct";

    }

    @RequestMapping("listProduct")

    public String listProduct() {

        return "listProduct";

    }

    @RequestMapping(value="/login",method=RequestMethod.GET)

    public String login() {

        return "login";

    }

    @RequestMapping("unauthorized")

    public String noPerms() {

        return "unauthorized";

    }

}




七、LoginController




package com.yuanbo.controller;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.session.Session;

import org.apache.shiro.subject.Subject;

import org.springframework.stereotype.Controller;

import org.springframework.ui.Model;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

@Controller

@RequestMapping("")

public class LoginController {

    @RequestMapping(value = "/login", method = RequestMethod.POST)

    public String login(Model model, String name, String password) {

        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken(name, password);

        try {

            subject.login(token);

            Session session = subject.getSession();

            session.setAttribute("subject", subject);

            return "redirect:index";

        } catch (Exception e) {

            model.addAttribute("error","验证失败");

            return "login";

        }

    }

}




八、realm




package com.yuanbo.realm;

import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.springframework.beans.factory.annotation.Autowired;

import com.yuanbo.service.PermissionService;

import com.yuanbo.service.RoleService;

import com.yuanbo.service.UserService;

public class DatabaseRealm extends AuthorizingRealm {

    @Autowired

    private UserService userService;

    @Autowired

    private RoleService roleService;

    @Autowired

    private PermissionService permissionService;

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

        String userName = principalCollection.getPrimaryPrincipal().toString();

        Set<String> roles = roleService.listRoles(userName);

        Set<String> permissions = permissionService.listPermissions(userName);

        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

        authorizationInfo.setRoles(roles);

        authorizationInfo.setStringPermissions(permissions);

        return authorizationInfo;

    }

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken t = (UsernamePasswordToken) token;

        String userName = t.getUsername();

        String password = t.getPassword().toString();

        String passwordInDB = userService.getPassword(userName);

        if (passwordInDB == null || !password.equals(passwordInDB))

            throw new AuthenticationException();

        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(userName, password, getName());

        return authenticationInfo;

    }

}




九、exception




package com.yuanbo.exception;

import org.apache.shiro.authz.UnauthorizedException;

import org.springframework.http.HttpStatus;

import org.springframework.web.bind.annotation.ControllerAdvice;

import org.springframework.web.bind.annotation.ExceptionHandler;

import org.springframework.web.bind.annotation.ResponseStatus;

import org.springframework.web.context.request.NativeWebRequest;

import org.springframework.web.servlet.ModelAndView;

@ControllerAdvice

public class DefaultExceptionHandler {

    @ExceptionHandler({ UnauthorizedException.class })

    @ResponseStatus(HttpStatus.UNAUTHORIZED)

    public ModelAndView processUnauthenticatedException(NativeWebRequest request, UnauthorizedException exception) {

        ModelAndView mav = new ModelAndView();

        mav.addObject("ex", exception);

        mav.setViewName("unauthorized");

        return mav;

    }

}




最后,推荐一个java学习平台吧,感觉挺不错的,写得挺细的,还有问答,可以解疑


https://how2j.cn/k/shiro/shiro-ssm/1727.html?p=81485
												


											
shiro实战(2)--ssm的更多相关文章
	

    
						
  1. 模仿天猫实战【SSM版】——后台开发
		
    上一篇文章链接:模仿天猫实战[SSM版]--项目起步 后台需求分析 在开始码代码之前,还是需要先清楚自己要做什么事情,后台具体需要实现哪些功能: 注意: 订单.用户.订单.推荐链接均不提供增删的功能. ...
    
		
    2. 
						
  2. 模仿天猫实战【SSM】——总结
		
    第一篇文章链接:模仿天猫实战[SSM版]--项目起步 第二篇文章链接:模仿天猫实战[SSM版]--后台开发 总结:项目从4-27号开始写,到今天5-7号才算真正的完工,有许多粗糙的地方,但总算完成了, ...
    
		
    3. 
						
  3. Shiro实战教程-刘志敏-专题视频课程
		
    Shiro实战教程-62人已学习 课程介绍        本教程只介绍基本的 Shiro 使用,不会过多分析源码等,重在使用. 适用人群: 1.了解基于Servlet进行Web应用开发 2.了解Spr ...
    
		
    4. 
								
  4. shiro实战系列(二)之入门实战续
		
    下面讲解基于实战系列一,所以相关的java文件获取pom.xml及其log4j文件同样适用于本次讲解. 一.Using Shiro Using Shiro 现在我们的 SecurityManager  ...
    
		
    5. 
						
  5. shiro实战系列(一)之入门实战
		
    一.什么是shiro? Apache Shiro 是一个强大而灵活的开源安全框架,它干净利落地处理身份认证,授权,企业会话管理和加密.   Apache Shiro 的首要目标是易于使用和理解.安全有 ...
    
		
    6. 
						
  6. shiro实战整合
		
    引入依赖(包括缓存等): <!-- SECURITY begin --> <dependency> <groupId>org.apache.shiro</gr ...
    
		
    7. 
						
  7. Springmvc+Shiro实战
		
    原文链接:http://blog.csdn.net/qq_37936542/article/details/79010449 springmvc+shiro实现系统粗细粒度的权限管理步骤: 1:表格设 ...
    
		
    8. 
						
  8. PageHelper分页实战(SSM整合)
		
    步骤一:引入SSM相关的jar包,包列表如下: 步骤二:创建或修改配置文件,配置文件清单如下: applicationContext.xml <?xml version="1.0&qu ...
    
		
    9. 
						
  9. shiro框架整合ssm框架
		
    下面我通过一个web的maven项目来讲解如何将shiro整合ssm框架,具体结构如下图 一.引入依赖的jar包 <?xml version="1.0" encoding=& ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. HTML5变化
			
    HTML5变化 新的语义化元素 header footer nav main article section 删除了一些纯样式的标签 表单增强 新API 离线 (applicationCache )  ...
    
			
    2. 
						
  2. 2019年Spring核心知识点整理,看看你掌握了多少?
			
    前言 如今做Java尤其是web几乎是避免不了和Spring打交道了,但是Spring是这样的大而全,新鲜名词不断产生,学起来给人一种凌乱的感觉,在这里总结一下,理顺头绪. Spring 概述 Spr ...
    
			
    3. 
						
  3. 深入理解JVM:元空间大小详细解析
			
    前言 JVM加载类的时候,需要记录类的元数据,这些数据会保存在一个单独的内存区域内,在Java 7里,这个空间被称为永久代(Permgen),在Java 8里,使用元空间(Metaspace)代替了永 ...
    
			
    4. 
						
  4. Neety的基础使用及说明
			
    BIO(缺乏弹性伸缩能力,并发量小,容易出现内存溢出,出现宕机 每一个客户端对应一个线程 伪异步IO:创建线程池,由线程池里边的线程负责连接处理,M个个请求进来时,会在线程池创建N个线程.容易出现线程 ...
    
			
    5. 
						
  5. Android(常用)主流UI开源库整理
			
    这几天刚做完一个项目..有点空余时间,就想着吧这一两年做的项目中的UI界面用到的一些库整理一下.后来想了一下,既然要整理,就把网上常用的 AndroidUI界面的主流开源库 一起整理一下,方便查看.  ...
    
			
    6. 
						
  6. iview可收缩侧边菜单实现(支持二级菜单)
			
    想用iview做一个可以伸缩的侧边菜单栏,效果如下: 1.侧边栏收缩前:可以通过点击菜单分类展开子菜单项: 2.可以让用户点击图标动态收缩菜单栏: 3.侧边栏收缩后:只显示菜单分类的图标,鼠标放置在菜 ...
    
			
    7. 
						
  7. 手把手教你看懂并理解Arduino PID控制库——引子
			
    介绍 本文主要依托于Brett Beauregard大神针对Arduino平台撰写的PID控制库Arduino PID Library及其对应的帮助博客Improving the Beginner’s ...
    
			
    8. 
						
  8. VS2017 无法修改代码编辑区的项背景颜色问题
			
    以前都是好好的,安装  ClaudiaIDE: https://github.com/buchizo/ClaudiaIDE 之后也没啥问题,用着用着代码编辑区自定义的颜色就没有了,好几台电脑都是这样, ...
    
			
    9. 
						
  9. visualStudio 的一些常用使用操作总结
			
    今年苟了差不多一整年,期间断断续续把c++ prime plus 看完了 ,发现并没有什么鸟用 ,但是对代码怎么形成二进制的过程 动态内存管理 这些模模糊糊的确实理解更深刻些了 特别是c++过度到c# ...
    
			
    10. 
						
  10. 3. abp依赖注入的分析.md
			
    abp依赖注入的原理剖析 请先移步参考 [Abp vNext 源码分析] - 3. 依赖注入与拦截器 本文此篇文章的补充和完善. abp的依赖注入最后是通过IConventionalRegister接 ...
    
			
    11.