shiro安全框架是目前为止作为登录注册最常用的框架,因为它十分的强大简单,提供了认证、授权、加密和会话管理等功能 。

  shiro能做什么?

       认证:验证用户的身份

       授权:对用户执行访问控制:判断用户是否被允许做某事

       会话管理:在任何环境下使用 Session API,即使没有 Web 或EJB 容器。

       加密:以更简洁易用的方式使用加密功能,保护或隐藏数据防止被偷窥

       Realms:聚集一个或多个用户安全数据的数据源

       单点登录(SSO)功能。

       为没有关联到登录的用户启用 "Remember Me“ 服务

  Shiro 的四大核心部分

      Authentication(身份验证):简称为“登录”,即证明用户是谁。

      Authorization(授权):访问控制的过程,即决定是否有权限去访问受保护的资源。

      Session Management(会话管理):管理用户特定的会话,即使在非 Web 或 EJB 应用程序。

      Cryptography(加密):通过使用加密算法保持数据安全

  shiro的三个核心组件:     

      Subject :正与系统进行交互的人,或某一个第三方服务。所有 Subject 实例都被绑定到(且这是必须的)一个SecurityManager 上。

      SecurityManager:Shiro 架构的心脏,用来协调内部各安全组件,管理内部组件实例,并通过它来提供安全管理的各种服务。当 Shiro 与一个 Subject 进行交互时,实质上是幕后的 SecurityManager 处理所有繁重的 Subject 安全操作。

      Realms :本质上是一个特定安全的 DAO。当配置 Shiro 时,必须指定至少一个 Realm 用来进行身份验证和/或授权。Shiro 提供了多种可用的 Realms 来获取安全相关的数据。如关系数据库(JDBC),INI 及属性文件等。可以定义自己 Realm 实现来代表自定义的数据源。

shiro整合SSM框架:

1.我的demo目录:

2.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.xingshang</groupId>
<artifactId>ShiroDemo</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>ShiroDemo Maven Webapp</name>
<url>http://maven.apache.org</url>
<properties>
<!-- spring版本号 -->
<spring.version>3.2.4.RELEASE</spring.version>
<!-- mybatis版本号 -->
<mybatis.version>3.2.4</mybatis.version>
<!-- log4j日志文件管理包版本 -->
<slf4j.version>1.6.6</slf4j.version>
<log4j.version>1.2.9</log4j.version>
</properties>
<dependencies>
<!-- spring核心包 -->
<!-- springframe start -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- springframe end --> <!-- mybatis核心包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>${mybatis.version}</version>
</dependency>
<!-- mybatis/spring包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.2.2</version>
</dependency>
<!-- mysql驱动包 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.29</version>
</dependency>
<!-- junit测试包 -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<!-- 阿里巴巴数据源 包 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.2</version>
</dependency> <!-- json数据 -->
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency> <!-- 日志文件管理包 -->
<!-- log start -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>${slf4j.version}</version>
</dependency>
<!-- log end --> <!--shiro核心包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>
<!--shiro web支持-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.2</version>
</dependency>
<!--shiro spring支持-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.2</version>
</dependency>
<!---->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>com.alipay</groupId>
<artifactId>sdk-java</artifactId>
<version>20180309170622</version>
</dependency>
</dependencies>
<build>
<finalName>ShiroDemo</finalName>
</build>
</project>

3.配置 web.xml 文件

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID3" version="3.0"> <display-name>Archetype Created Web Application</display-name> <!-- 读取spring配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-*.xml</param-value>
</context-param> <!-- Spring字符集过滤器 -->
<filter>
<filter-name>SpringEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SpringEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- springMVC核心配置 -->
<!--前端控制器-->
<servlet>
<servlet-name>springMVC</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!--初始化所需配置文件位置-->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!--设置拦截路径-->
<servlet-mapping>
<servlet-name>springMVC</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping> <!--Filter的代理器:shiro拦截-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<!--DelegatingFilterProxy:去spring的容器中去找filter—name相同名字的bean-->
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!-- 日志记录 -->
<context-param>
<!-- 日志配置文件路径 -->
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>
<context-param>
<!-- 日志页面的刷新间隔 -->
<param-name>log4jRefreshInterval</param-name>
<param-value>6000</param-value>
</context-param> <listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener> <!--spring监听器-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> <welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list> <!-- 错误跳转页面 -->
<error-page>
<!-- 路径不正确 -->
<error-code>404</error-code>
<location>/WEB-INF/file/404.jsp</location>
</error-page>
<error-page>
<!-- 没有访问权限,访问被禁止 -->
<error-code>405</error-code>
<location>/WEB-INF/file/405.jsp</location>
</error-page>
<error-page>
<!-- 内部错误 -->
<error-code>500</error-code>
<location>/WEB-INF/file/500.jsp</location>
</error-page> </web-app>

4.spring-mybatis.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.2.xsd">
<!-- 引入jdbc配置文件 -->
<context:property-placeholder location="classpath:jdbc.properties" />
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
init-method="init" destroy-method="close">
<property name="driverClassName">
<value>${jdbc_driverClassName}</value>
</property>
<property name="url">
<value>${jdbc_url}</value>
</property>
<property name="username">
<value>${jdbc_username}</value>
</property>
<property name="password">
<value>${jdbc_password}</value>
</property>
<!-- 连接池最大使用连接数 -->
<property name="maxActive">
<value>20</value>
</property>
<!-- 初始化连接大小 -->
<property name="initialSize">
<value>1</value>
</property>
<!-- 获取连接最大等待时间 -->
<property name="maxWait">
<value>60000</value>
</property>
<!-- 连接池最大空闲 -->
<property name="maxIdle">
<value>20</value>
</property>
<!-- 连接池最小空闲 -->
<property name="minIdle">
<value>3</value>
</property>
<!-- 自动清除无用连接 -->
<property name="removeAbandoned">
<value>true</value>
</property>
<!-- 清除无用连接的等待时间 -->
<property name="removeAbandonedTimeout">
<value>180</value>
</property>
<!-- 连接属性 -->
<property name="connectionProperties">
<value>clientEncoding=UTF-8</value>
</property>
</bean> <!-- mybatis文件配置,扫描所有mapper文件 -->
<!-- configLocation为mybatis属性;mapperLocations为所有mapper -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"
p:dataSource-ref="dataSource" p:configLocation="classpath:mybatis-config.xml"
p:mapperLocations="classpath:mapper/*.xml" /> <!-- spring与mybatis整合配置,扫描所有dao -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"
p:basePackage="com.xingshang.dao" p:sqlSessionFactoryBeanName="sqlSessionFactory" /> <!-- 对数据源进行事务管理 -->
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
p:dataSource-ref="dataSource" />
</beans>

5.spring-mvc.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd"> <!-- 扫描controller(controller层注入) -->
<context:component-scan base-package="com.xingshang.controller" /> <!-- 避免IE在ajax请求时,返回json出现下载 -->
<bean id="jacksonMessageConverter"
class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<value>text/html;charset=UTF-8</value>
</list>
</property>
</bean> <mvc:annotation-driven>
<mvc:message-converters register-defaults="true">
<bean class="org.springframework.http.converter.StringHttpMessageConverter">
<constructor-arg value="UTF-8" />
</bean>
</mvc:message-converters>
</mvc:annotation-driven> <!-- 对模型视图添加前后缀 -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/" p:suffix=".jsp" /> <!-- 开启shiro的注解支持 -->
<bean id="defaultAdvisorAutoProxyCreator" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
<!-- 必须改为true,即使用cglib方式为Action创建代理对象。默认值为false,使用JDK创建代理对象,会造成问题 -->
<property name="proxyTargetClass" value="true"></property>
</bean> <!-- 使用shiro框架提供的切面类,用于创建代理对象 -->
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"></bean> </beans>

6.jdbc.properties

jdbc_driverClassName=com.mysql.jdbc.Driver
jdbc_url=jdbc:mysql://localhost:3306/shirodemo
jdbc_username=root
jdbc_password=123456

7.log4j.properties

### set log levels ###
#log4j.rootLogger = debug , stdout , D , E
log4j.rootLogger = debug , stdout , D ### output to the console ###
log4j.appender.stdout = org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target = System.out
log4j.appender.stdout.layout = org.apache.log4j.PatternLayout
#log4j.appender.stdout.layout.ConversionPattern = %d{ABSOLUTE} %5p %c{ 1 }:%L - %m%n
log4j.appender.stdout.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss} [%c]-[%p] %m%n ### Output to the log file ###
log4j.appender.D = org.apache.log4j.DailyRollingFileAppender
log4j.appender.D.File = ${springmvc.root}/WEB-INF/logs/log.log
log4j.appender.D.Append = true
log4j.appender.D.Threshold = DEBUG
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss} [ %t:%r ] - [ %p ] %m%n ### Save exception information to separate file ###
log4j.appender.D = org.apache.log4j.DailyRollingFileAppender
log4j.appender.D.File = ${springmvc.root}/WEB-INF/logs/error.log
log4j.appender.D.Append = true
log4j.appender.D.Threshold = ERROR
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss} [ %t:%r ] - [ %p ] %m%n

8.spring-shiro.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- 配置 ShiroFilter bean: 该 bean 的 id 必须和 web.xml 文件中配置的 shiro filter 的 name 一致 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 装配 securityManager:shiro核心安全接口,这个属性是必须的-->
<property name="securityManager" ref="securityManager"/>
<!-- 配置登陆页面 非必须,若没有指定shiro会在web工程下寻找indexjsp页面-->
<property name="loginUrl" value="/login.jsp"/>
<!-- 登陆成功后的页面 -->
<property name="successUrl" value="/success.jsp"/>
<!--用户访问未对其授权的页面时所跳转的页面-->
<property name="unauthorizedUrl" value="WEB-INF/file/500.jsp"/>
<!--代表需要完成的shiro过滤器的具体配置--> <!-- 具体配置需要拦截哪些 URL, 以及访问对应的 URL 时使用 Shiro 的什么 Filter 进行拦截.
不同的filter有不同的拦截级别
anon:不需要登入
authc:必须需要登入
应用
/**=authc,都必须登入才能访问
-->
<property name="filterChainDefinitions">
<value>
/WEB-INF/index.jsp=anon
/WEB-INF/fail/*.jsp=anon
/login=anon
/**=authc
</value>
</property>
</bean> <!-- 配置 Shiro 的 SecurityManager Bean. -->
<!--配置安全管理器-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--引入缓存管理器-->
<property name="cacheManager" ref="cacheManager"/>
<!-- 目标realm的实现-->
<property name="realm" ref="myRealm"/>
<!-- <property name="sessionMode" value="native"/>-->
</bean> <!-- 配置缓存管理器 -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<!-- 指定 ehcache 的配置文件 -->
<property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/>
</bean> <!-- 配置进行授权和认证的 Realm -->
<bean id="myRealm" class="com.xingshang.realm.MyRealm">
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<!-- 加密算法为MD5 -->
<property name="hashAlgorithmName" value="MD5"></property>
<!-- 加密次数 -->
<property name="hashIterations" value="2"></property>
</bean>
</property> </bean> <!-- 配置 Bean 后置处理器: 会自动的调用和 Spring 整合后各个组件的生命周期方法. -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> </beans>

9.ehcache-shiro.xml

<ehcache updateCheck="false" name="shiroCache">

    <defaultCache
maxElementsInMemory="10000"
eternal="false"
timeToIdleSeconds="120"
timeToLiveSeconds="120"
overflowToDisk="false"
diskPersistent="false"
diskExpiryThreadIntervalSeconds="120"
/>
</ehcache>

10.mybatis-config.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<!-- 命名空间 --> </configuration>

到这一步,配置文件都基本准备好了,接下来要写Realm方法了,新建realm包,在包下新建MyRealm.java文件继承AuthorizingRealm

package com.xingshang.realm;

import com.xingshang.dao.UserDao;
import com.xingshang.entity.User;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.apache.shiro.util.ByteSource.Util; import java.util.HashSet;
import java.util.List;
import java.util.Set; public class MyRealm extends AuthorizingRealm { @Autowired
private UserDao userDao; /**
* 1、登入认证
* thenticationInfo:获取认证消息,如果数据库中没有,返回null,如果得到正确的用户名和密码
* 2、AuthenticationInfo 可用simpleAuthenticationInfo实现类,封装获取到的正确的账号和密码
* 返回正定类型的对象
*
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
protected SimpleAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //1、将token转换为UserNamePasswordToken
UsernamePasswordToken uptoken = (UsernamePasswordToken) authenticationToken; //2、获取用户名
User user = new User();
user.setUsername(uptoken.getUsername());
user.setPassword(uptoken.getPassword().toString()); User us = userDao.login(user);
if (us != null) {
SimpleAuthenticationInfo authenticationInfo
= new SimpleAuthenticationInfo(us.getUsername(), us.getPassword(), "a");
authenticationInfo.setCredentialsSalt(Util.bytes(us.getSalt()));
return authenticationInfo;
} else {
throw new ExcessiveAttemptsException("账号密码错误");
}
} /**
* 权限角色认证
*
* @param principalCollection
* @return
*/
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String username = principalCollection.getPrimaryPrincipal().toString(); List<String> roles = userDao.selectRole(username);
List<String> permissions = userDao.selectPermission(username); Set<String> ro = new HashSet<String>();
Set<String> per = new HashSet<String>(); for (String role : roles) {
ro.add(role);
}
for (String permission : permissions) {
per.add(permission);
} SimpleAuthorizationInfo sim = new SimpleAuthorizationInfo();
sim.setRoles(ro);
sim.setStringPermissions(per); return sim;
}
}

好了,接下来我们写一个简单的controller来通过shiro登录验证。

package com.xingshang.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; @Controller
public class LoginController { @RequestMapping("/login")
public String login(@RequestParam("username") String username,@RequestParam("password") String password){
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated()){
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
try {
          //执行认证操作
subject.login(token);
}catch (Exception e){
return e.getMessage();
}
}
return "success";
} @RequestMapping("/test1")
@ResponseBody
public String test1(){
Subject subject = SecurityUtils.getSubject();
try {
subject.checkRole("admin");
}catch (Exception e){
return "不拥有admin角色";
}
return "拥有admin角色";
} @RequestMapping("/test2")
@ResponseBody
public String test2(){
Subject subject= SecurityUtils.getSubject();
try {
subject.checkRole("CEO");
}catch (Exception e){
return "不拥有CEO角色";
}
return "拥有admin角色";
}
}

login.jsp

<%@ page language="java" contentType="text/html; charset=utf-8" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="/login" method="post">
<div>
账号:<input type="text" name="username">
</div>
<div>
密码:<input type="password" name="password">
</div>
<div>
<input type="submit" value="登入">
</div>
</form>
</body>
</html>

success.jsp

<%--
Created by IntelliJ IDEA.
User: Administrator
Date: 2018/3/19
Time: 9:31
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<a href="/test1">是不是admin</a>
<a href="/test2">是不是ceo</a>
</body>
</html>

UserMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.xingshang.dao.UserDao" > <select id="login" resultType="com.xingshang.entity.User" parameterType="com.xingshang.entity.User">
SELECT u.username,
u.password,
r.roleId AS "roleid",
CONCAT(u.username,u.password_salt) AS "salt"
FROM users u JOIN user_role r
on u.id=r.userId
WHERE u.username=#{userName}
</select> <select id="selectRole" parameterType="String" resultType="String">
SELECT r.role FROM roles r
where r.id=(select z.roleId FROM users u
join user_role z on u.id=z.userId
where u.username=#{username})
</select> <select id="selectPermission" parameterType="String" resultType="String">
select p.permission from permissions p
join role_permisssion x on p.id=x.permissionId
where x.roleId=(select z.roleId FROM users u
join user_role z on u.id=z.userId
where u.username=#{username})
</select> </mapper>

shirodemo.sql

/*
Navicat MySQL Data Transfer Source Server : localhost_3306
Source Server Version : 50558
Source Host : localhost:3306
Source Database : shirodemo Target Server Type : MYSQL
Target Server Version : 50558
File Encoding : 65001 Date: 2018-03-26 21:27:58
*/ SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for `permissions`
-- ----------------------------
DROP TABLE IF EXISTS `permissions`;
CREATE TABLE `permissions` (
`id` int(11) NOT NULL,
`permission` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ----------------------------
-- Records of permissions
-- ----------------------------
INSERT INTO `permissions` VALUES ('', 'add');
INSERT INTO `permissions` VALUES ('', 'delete');
INSERT INTO `permissions` VALUES ('', 'update');
INSERT INTO `permissions` VALUES ('', 'select'); -- ----------------------------
-- Table structure for `role_permisssion`
-- ----------------------------
DROP TABLE IF EXISTS `role_permisssion`;
CREATE TABLE `role_permisssion` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`roleId` int(255) DEFAULT NULL,
`permissionId` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; -- ----------------------------
-- Records of role_permisssion
-- ----------------------------
INSERT INTO `role_permisssion` VALUES ('', '', '');
INSERT INTO `role_permisssion` VALUES ('', '', ''); -- ----------------------------
-- Table structure for `roles`
-- ----------------------------
DROP TABLE IF EXISTS `roles`;
CREATE TABLE `roles` (
`id` int(11) NOT NULL,
`role` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ----------------------------
-- Records of roles
-- ----------------------------
INSERT INTO `roles` VALUES ('', 'CEO');
INSERT INTO `roles` VALUES ('', 'CTO');
INSERT INTO `roles` VALUES ('', 'CFO');
INSERT INTO `roles` VALUES ('', 'admin'); -- ----------------------------
-- Table structure for `user_role`
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`userId` int(11) DEFAULT NULL,
`roleId` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC; -- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES ('', '', '');
INSERT INTO `user_role` VALUES ('', '', '');
INSERT INTO `user_role` VALUES ('', '', '');
INSERT INTO `user_role` VALUES ('', '', '');
INSERT INTO `user_role` VALUES ('', '', ''); -- ----------------------------
-- Table structure for `users`
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`username` varchar(100) DEFAULT NULL,
`password` varchar(100) DEFAULT NULL,
`password_salt` varchar(100) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `idx_users_username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8; -- ----------------------------
-- Records of users
-- ----------------------------INSERT INTO `users` VALUES ('', 'miaomiao', '2a9c616f5dc6d23329ad4622ff8fa89f', 'b58c47e10cc56807ce31010a41c7fa65');
INSERT INTO `users` VALUES ('', 'admin', '', null);
//执行认证操作.

ssm框架与shiro的整合小demo,用idea开发+maven管理的更多相关文章

  1. 《SSM框架搭建》三.整合spring web

    感谢学习http://blog.csdn.net/zhshulin/article/details/37956105#,还是修改了spring到最新的版本和接口开发示例 根据前一篇日志,已经有了myb ...

  2. Eclipse 整合SpringMybatis,SpringMVC,用Maven管理项目搭建详情

    环境:JDK下载地址 https://pan.baidu.com/s/1UyvEAI-4Ci6TDdVJiYUUiQ 密码:ma51 IDE:eclipse下载地址 https://pan.baidu ...

  3. SSM框架整合搭建教程

    自己配置了一个SSM框架,打算做个小网站,这里把SSM的配置流程详细的写了出来,方便很少接触这个框架的朋友使用,文中各个资源均免费提供! 一. 创建web项目(eclipse) File-->n ...

  4. shiro框架整合ssm框架

    下面我通过一个web的maven项目来讲解如何将shiro整合ssm框架,具体结构如下图 一.引入依赖的jar包 <?xml version="1.0" encoding=& ...

  5. shiro权限控制(一):shiro介绍以及整合SSM框架

    shiro安全框架是目前为止作为登录注册最常用的框架,因为它十分的强大简单,提供了认证.授权.加密和会话管理等功能 . shiro能做什么? 认证:验证用户的身份 授权:对用户执行访问控制:判断用户是 ...

  6. SSM框架整合Demo

    目前项目大都开始采用SSM结构进行搭建,因为涉及项目比较多,新来的需求都是从现有项目中迁移一份出来进行修改,有的时候两个项目差别还是比较大,并不完全需要原有项目的东西,进行删减也是一项费神费时的事情, ...

  7. 整合最优雅SSM框架:SpringMVC + Spring + MyBatis

    我们看招聘信息的时候,经常会看到这一点,需要具备SSH框架的技能:而且在大部分教学课堂中,也会把SSH作为最核心的教学内容. 但是,我们在实际应用中发现,SpringMVC可以完全替代Struts,配 ...

  8. 手把手教你整合最优雅SSM框架:SpringMVC + Spring + MyBatis

    在写代码之前我们先了解一下这三个框架分别是干什么的? 相信大以前也看过不少这些概念,我这就用大白话来讲,如果之前有了解过可以跳过这一大段,直接看代码! SpringMVC:它用于web层,相当于con ...

  9. ssm框架整合快速入门

    写在前面: 公司一直都是使用ssh框架(Struts2,Spring,Hibernate)来开发,但是现在外面的公司大多数都是使用的ssm框架,所以也有必要多学习一下外面的新技术.这里就快速搭建一个小 ...

随机推荐

  1. java.lang.IllegalArgumentException: Wrong state classs

    java.lang.IllegalArgumentException: Wrong state class, expecting View State but received class cn.et ...

  2. sone1动态树

    这尼吗桑心病狂的动态树:http://www.lydsy.com/JudgeOnline/problem.php?id=3153 终于让哥以一种碉堡的姿势过了: 牛B轰轰的最后两个都是我的...无法超 ...

  3. python——变量作用域及嵌套作用域

    ----------------------------------------------------------------------------- 前言-------------------- ...

  4. java jdk 环境变量设置

    我的电脑点右键,选择“属性”,选择“高级”标签,进入环境变量设置,分别设置如下三个环境变量: 设置JAVA_HOME: 一是为了方便引用,比如,JDK安装在C:\jdk1.6.0目录里,则设置JAVA ...

  5. angular中使用daterangepicker完全能用版

    angular版本:angular5 先看效果图: 最新版是这样的: 附上插件的网址: http://www.daterangepicker.com/ 1 安装: daterangepicker依赖于 ...

  6. 基于多输出有序回归的年龄识别(CVPR_2016)

    作为学习记录,将所做PPT摘录如下: 网络结构: 网络结构描述: 网络工作流程: 损失函数计算: 亚洲人脸数据集: 参考代码:

  7. gulp配置,实例演示

    项目完成后的目录 我们所需要的插件为:gulp-minify-css gulp-concat gulp-uglify gulp-rename del 如下图所示,完成后的项目目录结构: 附加,获取pa ...

  8. NHibernate 延迟加载与立即加载 (第七篇)

    NHibernate 延迟加载与立即加载 (第七篇) 一.延迟加载 延迟加载可以理解为:当需要用的时候才加载. 假设我们数据库有一个Person对象,一个Country对象,其中Person属于Cou ...

  9. Ajax主要用来完成哪些工作?

    AJAX 是与服务器交换数据并更新部分网页的艺术,在不重新加载整个页面的情况下. 它使用 JavaScript 在 web 浏览器与 web 服务器之间来发送和接收数据. ajax主要用于在页面内容加 ...

  10. Java 异常介绍

    Java标准库内建了一些通用的异常,这些类以 Throwable 为顶层父类.Throwable又派生出 Error 类和 Exception 类. 错误:Error类以及他的子类的实例,代表了JVM ...