Shiro学习总结(10)——Spring集成Shiro
1.引入Shiro的Maven依赖
- <!-- Spring 整合Shiro需要的依赖 -->
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-core</artifactId>
- <version>1.2.1</version>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-web</artifactId>
- <version>1.2.1</version>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-ehcache</artifactId>
- <version>1.2.1</version>
- </dependency>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-spring</artifactId>
- <version>1.2.1</version>
- </dependency>
- <!-- 除此之外还有一些东西也不可少spring, spring-mvc, ibatis等 spring.3.1.2 spring-mvc.3.1.2
- ibatis.2.3.4 cglib.2.2 -->
2.web.xml中配置
- <!-- 配置shiro的核心拦截器 -->
- <filter>
- <filter-name>shiroFilter</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>shiroFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
3. 编写自己的UserRealm类继承自Realm,主要实现认证和授权的管理操作
- package com.jay.demo.shiro;
- import java.util.HashSet;
- import java.util.Iterator;
- import java.util.Set;
- import org.apache.shiro.authc.AuthenticationException;
- import org.apache.shiro.authc.AuthenticationInfo;
- import org.apache.shiro.authc.AuthenticationToken;
- import org.apache.shiro.authc.LockedAccountException;
- import org.apache.shiro.authc.SimpleAuthenticationInfo;
- import org.apache.shiro.authc.UnknownAccountException;
- import org.apache.shiro.authz.AuthorizationInfo;
- import org.apache.shiro.authz.SimpleAuthorizationInfo;
- import org.apache.shiro.realm.AuthorizingRealm;
- import org.apache.shiro.subject.PrincipalCollection;
- import org.springframework.beans.factory.annotation.Autowired;
- import com.jay.demo.bean.Permission;
- import com.jay.demo.bean.Role;
- import com.jay.demo.bean.User;
- import com.jay.demo.service.UserService;
- public class UserRealm extends AuthorizingRealm{
- @Autowired
- private UserService userService;
- /**
- * 授权操作
- */
- @Override
- protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
- // String username = (String) getAvailablePrincipal(principals);
- String username = (String) principals.getPrimaryPrincipal();
- Set<Role> roleSet = userService.findUserByUsername(username).getRoleSet();
- //角色名的集合
- Set<String> roles = new HashSet<String>();
- //权限名的集合
- Set<String> permissions = new HashSet<String>();
- Iterator<Role> it = roleSet.iterator();
- while(it.hasNext()){
- roles.add(it.next().getName());
- for(Permission per:it.next().getPermissionSet()){
- permissions.add(per.getName());
- }
- }
- SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
- authorizationInfo.addRoles(roles);
- authorizationInfo.addStringPermissions(permissions);
- return authorizationInfo;
- }
- /**
- * 身份验证操作
- */
- @Override
- protected AuthenticationInfo doGetAuthenticationInfo(
- AuthenticationToken token) throws AuthenticationException {
- String username = (String) token.getPrincipal();
- User user = userService.findUserByUsername(username);
- if(user==null){
- //木有找到用户
- throw new UnknownAccountException("没有找到该账号");
- }
- /* if(Boolean.TRUE.equals(user.getLocked())) {
- throw new LockedAccountException(); //帐号锁定
- } */
- /**
- * 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以在此判断或自定义实现
- */
- SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(),getName());
- return info;
- }
- @Override
- public String getName() {
- return getClass().getName();
- }
- }
4.在Spring的applicationContext.xml中进行Shiro的相关配置
1、添加shiroFilter定义
Xml代码 
- <!-- Shiro Filter -->
- <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
- <property name="securityManager" ref="securityManager" />
- <property name="loginUrl" value="/login" />
- <property name="successUrl" value="/user/list" />
- <property name="unauthorizedUrl" value="/login" />
- <property name="filterChainDefinitions">
- <value>
- /login = anon
- /user/** = authc
- /role/edit/* = perms[role:edit]
- /role/save = perms[role:edit]
- /role/list = perms[role:view]
- /** = authc
- </value>
- </property>
- </bean>
2、添加securityManager定义
Xml代码
- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
- <property name="realm" ref="myRealm" />
- </bean>
3、添加realm定义
Xml代码
- <bean id=" myRealm" class="com.jay.demo.shiro.UserRealm/>
4、配置EhCache
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager" />
5、保证实现了Shiro内部lifecycle函数的bean执行
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit;"><bean id=<span class="code-quote" style="color: rgb(0, 145, 0); background-color: inherit;">"lifecycleBeanPostProcessor"</span> class=<span class="code-quote" style="color: rgb(0, 145, 0); background-color: inherit;">"org.apache.shiro.spring.LifecycleBeanPostProcessor"</span>/></span>
特别注意:
如果使用Shiro相关的注解,需要在springmvc-servlet.xml中配置一下信息
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit;"><bean class=<span class="code-quote" style="color: rgb(0, 145, 0); background-color: inherit;">"org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"</span> depends-on=<span class="code-quote" style="color: rgb(0, 145, 0); background-color: inherit;">"lifecycleBeanPostProcessor"</span>/></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit;"><bean class=<span class="code-quote" style="color: rgb(0, 145, 0); background-color: inherit;">"org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"</span>></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit;"><property name=<span class="code-quote" style="color: rgb(0, 145, 0); background-color: inherit;">"securityManager"</span> ref=<span class="code-quote" style="color: rgb(0, 145, 0); background-color: inherit;">"securityManager"</span>/></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit;"></bean></span>
备注:Shiro权限管理的过滤器解释:
- 默认过滤器(10个)
- anon -- org.apache.shiro.web.filter.authc.AnonymousFilter
- authc -- org.apache.shiro.web.filter.authc.FormAuthenticationFilter
- authcBasic -- org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
- perms -- org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
- port -- org.apache.shiro.web.filter.authz.PortFilter
- rest -- org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
- roles -- org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
- ssl -- org.apache.shiro.web.filter.authz.SslFilter
- user -- org.apache.shiro.web.filter.authc.UserFilter
- logout -- org.apache.shiro.web.filter.authc.LogoutFilter
- anon:例子/admins/**=anon 没有参数,表示可以匿名使用。
- authc:例如/admins/user/**=authc表示需要认证(登录)才能使用,没有参数
- roles:例子/admins/user/**=roles[admin],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,例如admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。
- perms:例子/admins/user/**=perms[user:add:*],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,例如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于isPermitedAll()方法。
- rest:例子/admins/user/**=rest[user],根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等。
- port:例子/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString是你访问的url里的?后面的参数。
- authcBasic:例如/admins/user/**=authcBasic没有参数表示httpBasic认证
- ssl:例子/admins/user/**=ssl没有参数,表示安全的url请求,协议为https
- user:例如/admins/user/**=user没有参数表示必须存在用户,当登入操作时不做检查
关于Shiro的标签应用:
- <shiro:authenticated> 登录之后
- <shiro:notAuthenticated> 不在登录状态时
- <shiro:guest> 用户在没有RememberMe时
- <shiro:user> 用户在RememberMe时
- <shiro:hasAnyRoles name="abc,123" > 在有abc或者123角色时
- <shiro:hasRole name="abc"> 拥有角色abc
- <shiro:lacksRole name="abc"> 没有角色abc
- <shiro:hasPermission name="abc"> 拥有权限abc
- <shiro:lacksPermission name="abc"> 没有权限abc
- <shiro:principal> 显示用户登录名
以上是Shiro的相关配置,出于安全的考虑,一般都会使用ACL(基于角色的用户权限管理去控制用户登录后的权限)
ACL详细代码案例如下:
涉及到的表:3+2(User,Role,Permission + user-role,role-permission)
3张实体表+2张关系表
1.关于User类:
- package com.jay.demo.bean;
- import java.util.HashSet;
- import java.util.Set;
- public class User {
- private String id;
- private String username;
- private String password;
- private Set<Role> roleSet = new HashSet<Role>();
- public User() {
- }
- public String getId() {
- return id;
- }
- public void setId(String id) {
- this.id = id;
- }
- public String getUsername() {
- return username;
- }
- public void setUsername(String username) {
- this.username = username;
- }
- public String getPassword() {
- return password;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public Set<Role> getRoleSet() {
- return roleSet;
- }
- public void setRoleSet(Set<Role> roleSet) {
- this.roleSet = roleSet;
- }
- }
2.关于Role表
- package com.jay.demo.bean;
- import java.io.Serializable;
- import java.util.HashSet;
- import java.util.Set;
- public class Role implements Serializable {
- private static final long serialVersionUID = -4987248128309954399L;
- private Integer id;
- private String name;
- private Set<Permission> permissionSet = new HashSet<Permission>();
- public Role() {
- super();
- }
- // --------------------------------------------------------------------------------
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- Role other = (Role) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
- // --------------------------------------------------------------------------------
- public Integer getId() {
- return id;
- }
- public void setId(Integer id) {
- this.id = id;
- }
- public String getName() {
- return name;
- }
- public void setName(String name) {
- this.name = name;
- }
- public Set<Permission> getPermissionSet() {
- return permissionSet;
- }
- public void setPermissionSet(Set<Permission> permissionSet) {
- this.permissionSet = permissionSet;
- }
- }
3.关于permission表
- <pre name="code" class="java">package com.jay.demo.bean;
- import java.io.Serializable;
- public class Permission implements Serializable {
- private static final long serialVersionUID = -8025597823572680802L;
- private Integer id;
- private String name;
- public Permission() {
- super();
- }
- // --------------------------------------------------------------------------------------
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- Permission other = (Permission) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
- // --------------------------------------------------------------------------------------
- public Integer getId() {
- return id;
- }
- public void setId(Integer id) {
- this.id = id;
- }
- public String getName() {
- return name;
- }
- public void setName(String name) {
- this.name = name;
- }
- }
4.dao层接口
- package com.jay.demo.dao;
- import com.jay.demo.bean.User;
- public interface UserDao {
- User findUserByUsername(String username);
- }
4.使用Mybatis完成的Dao层实现
- <?xml version="1.0" encoding="UTF-8" ?>
- <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
- <mapper namespace="com.jay.demo.dao.UserDao">
- <resultMap id="userMap" type="com.jay.demo.bean.User">
- <id property="id" column="USER_ID"/>
- <result property="username" column="USER_USERNAME"/>
- <result property="password" column="USER_PASSWORD"/>
- <!-- 进行 多表关联插叙,先关联user和role -->
- <collection property="roleSet" column="roleid" ofType="com.jay.demo.bean.Role">
- <id property="id" column="ROLE_ID"/>
- <result property="name" column="ROLE_NAME"/>
- <!-- 再在role中关联role和permission -->
- <collection property="permissionSet" column="permissionid" ofType="com.jay.demo.bean.Permission">
- <id property="id" column="permission_id"/>
- <result property="name" column="permission_name"/>
- </collection>
- </collection>
- </resultMap>
- <!-- 通过User来查找Role -->
- <!-- <select id="selectRoleByUser" parameterType="int" resultMap="RoleMap">
- select * from tbl_role_user user_id = #{id}
- </select>
- <resultMap id="roleMap" type="com.jay.demo.bean.User">
- <result property="id" column="ROLE_ID" />
- <result property="name" column="ROLE_NAME" />
- </resultMap>
- <resultMap id="permissionMap" type="com.jay.demo.bean.Permission">
- <result property="id" column="PERMISSION_ID" />
- <result property="name" column="PERMISSION_NAME" />
- </resultMap> -->
- <sql id="select-base-01">
- SELECT
- u.USER_ID,
- u.USER_USERNAME,
- u.USER_PASSWORD,
- r.ROLE_ID,
- r.ROLE_NAME,
- p.PERMISSION_ID,
- p.PERMISSION_NAME
- FROM
- tbl_user as u,
- tbl_role as r,
- tbl_permission as p,
- tbl_permission_role as pr,
- tbl_role_user as ru
- WHERE
- u.USER_ID = ru.USER_ID
- AND
- r.ROLE_ID = ru.ROLE_ID
- AND
- p.PERMISSION_ID = pr.PERMISSION_ID
- AND
- r.ROLE_ID = pr.ROLE_ID
- </sql>
- <select id="findUserByUsername" parameterType="string" resultMap="userMap">
- <include refid="select-base-01" />
- AND
- u.USER_USERNAME = #{username}
- <!-- select * from tbl_user u, tbl_role r, tbl_role_user tu
- where u.user_id = tu.user_id and r.role_id = tu.role_id
- and user_username=#{username} -->
- </select>
- </mapper>
Shiro学习总结(10)——Spring集成Shiro的更多相关文章
- Spring集成shiro做登陆认证
一.背景 其实很早的时候,就在项目中有使用到shiro做登陆认证,直到今天才又想起来这茬,自己抽空搭了一个spring+springmvc+mybatis和shiro进行集成的种子项目,当然里面还有很 ...
- spring集成shiro报错解决(no bean named 'shiroFilter' is defined)
引言: 本人在使用spring集成shiro是总是报“no bean named 'shiroFilter' is defined”,网上的所有方式挨个试了一遍,又检查了一遍, 还是没有解决,最后,抱 ...
- Activiti学习——Activiti与Spring集成
转: Activiti学习——Activiti与Spring集成 与Spring集成 基础准备 目录结构 相关jar包 Activiti的相关jar包 Activiti依赖的相关jar包 Spring ...
- Spring 源码学习笔记10——Spring AOP
Spring 源码学习笔记10--Spring AOP 参考书籍<Spring技术内幕>Spring AOP的实现章节 书有点老,但是里面一些概念还是总结比较到位 源码基于Spring-a ...
- shiro实战系列(十五)之Spring集成Shiro
Shiro 的 JavaBean 兼容性使得它非常适合通过 Spring XML 或其他基于 Spring 的配置机制.Shiro 应用程序需要一个具 有单例 SecurityManager 实例的应 ...
- spring 集成shiro 之 自定义过滤器
在web.xml中加入 <!-- 过期时间配置 --> <session-config><session-timeout>3</session-timeout ...
- Spring集成Shiro使用小结
shiro的认证流程 Application Code:应用程序代码,由开发人员负责开发的 Subject:框架提供的接口,代表当前用户对象 SecurityManager:框架提供的接口,代表安全管 ...
- Shiro学习(10)Session管理
Shiro提供了完整的企业级会话管理功能,不依赖于底层容器(如web容器tomcat),不管JavaSE还是JavaEE环境都可以使用,提供了会话管理.会话事件监听.会话存储/持久化.容器无关的集群. ...
- Spring集成shiro+nginx 实现访问记录
最近公司的网站需要添加用户访问记录功能,由于使用了nginx请求转发直接通过HttpServletRequest无法获取用户真实Ip 关于nginx获取真实IP的资料 https://blog.cs ...
随机推荐
- flowable一个简单的例子
holiday-request.bpmn20.xml: <?xml version="1.0" encoding="UTF-8"?> <def ...
- Spring MVC 待学习---新特性
Spring3.1新特性 一.Spring2.5之前,我们都是通过实现Controller接口或其实现来定义我们的处理器类. 二.Spring2.5引入注解式处理器支持,通过@Controller ...
- node --- 服务一直启动
使用node xxx.js命令可以开始在服务器运行node.js程序. 可是它会占用终端的当前进程,而且当你离开服务器连接的时候(e.g.关闭终端或者Putty) node.js程序也会退出. 如何让 ...
- 关于commJS 和 es6 的一些区别
CommonJS模块与ES6模块的区别 本文转自 https://www.cnblogs.com/unclekeith/archive/2017/10/17/7679503.html CommonJS ...
- powerdesigner导出sql
http://jingyan.baidu.com/article/7082dc1c48960ee40a89bd38.html 生成注释 http://wangjingyi.iteye.com/blog ...
- OpenSUSE下支持托盘的邮件客户端Sylpheed
在网上搜索了很多客户端想支持系统托盘,发现一个很不错的邮件客户端Sylpheed.设置方式和foxmail很像,最为重要的是支持系统托盘,很方便,默认没有开启,简单设置下:配置->通用首选项-& ...
- python单元测试-unittest
python内部自带了一个单元测试的模块,pyUnit也就是我们说的:unittest 1.介绍下unittest的基本使用方法: 1)import unittest 2)定义一个继承自unittes ...
- Hexo 自动同步
灵感 最近认证阿里云学生用户,参与ESC服务器9.9元/月的活动,准备先搭建一个博客网站,写写自已的心得以及经验.之前也搭建过网站,最后由于个人没时间(没时间是假的,就是懒.哈哈)的原因导致最后服务器 ...
- mysql索引工作原理、分类
一.概述 在mysql中,索引(index)又叫键(key),它是存储引擎用于快速找到所需记录的一种数据结构.在越来越大的表中,索引是对查询性能优化最有效的手段,索引对性能影响非常关键.另外,mysq ...
- 安装成功的nginx,如何添加未编译安装模块(非覆盖安装http_image_filter_module)
背景:1.做了图片上传小项目.2.图片上传,需要多图管理.3.图片上传,需要存储到Fastdfs.4.Fastdfs上的图片,和Nginx结合.5.Nginx从Fastdfs获得的图片,需要使用缩略图 ...