springmvc配置shiro进行权限控制

Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能。本文将简单介绍springmvc中如何配置shiro。1.首先是maven中配置shiro所需要的jar包<dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.3</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.3</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-ehcache</artifactId><version>1.2.3</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.2.3</version></dependency>2.往web.xml中配置shiro过滤器<filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><init-param><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter>3.在web.xml中配置shiro所要拦截的请求或资源<!--拦截所有.do请求--><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>*.do</url-pattern></filter-mapping><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>*.jsp</url-pattern></filter-mapping>4.在spring的配置文件中配置shiro<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><!-- Shiro的核心安全接口,这个属性是必须的 --><property name="securityManager" ref="securityManager" /><!-- 登录的页面，当shiro验证不同过的时候，会进入该页面，请根据自己项目的实际需求配置 --><property name="loginUrl" value="/views/common/login.jsp" /><!-- 登录成功之后跳转的页面 --><property name="successUrl" value="/views/login.jsp" /><!-- 定义shiro过滤规则 --><property name="filterChainDefinitions"><value><!-- 这里面配置响应的请求一及所需的权限 --><!-- authc表示仅需对 /information/deal_change.do进行登录验证，即必须登录之后才可以正常发送改请求，如果没有登录，即会跳转到上边配置好的loginUrl对应的页面-->/information/deal_change.do = authc<!-- 此处表示既要登录，而且只允许角色是[]里面定义好的角色才可以访问-->/demand/getDemand.do = authc,perms[designer]</value>在spring配置文件中再添加如下配置其他配置<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><!--设置自定义realm --><property name="realm" ref="monitorRealm" /></bean><bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /><!--自定义Realm 继承自AuthorizingRealm --><bean id="monitorRealm" class="com.gdqy.FCS.common.api.MonitorRealm"></bean><!-- securityManager --><beanclass="org.springframework.beans.factory.config.MethodInvokingFactoryBean"><property name="staticMethod"value="org.apache.shiro.SecurityUtils.setSecurityManager" /><property name="arguments" ref="securityManager" /></bean><beanclass="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"><property name="securityManager" ref="securityManager" /></bean>配置到此就已经完成接下来就是编写自定义的realm

package com.gdqy.FCS.common.api;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import com.gdqy.FCS.entity.User;
import com.gdqy.FCS.service.UserService;

//自定义的类必须继承<span style="font-family: Arial, Helvetica, sans-serif;">AuthorizingRealm ，并重写其方法</span>

public class MonitorRealm extends AuthorizingRealm {

public MonitorRealm() {
super();

}

//注入角色对应的service
@Autowired
private UserService userService;

<span style="white-space:pre">	</span><span style="font-family:Consolas, Bitstream Vera Sans Mono, Courier New, Courier, monospace;color:#808080;"><span style="font-size: 12.5px; line-height: 13.75px;">
</span></span>
public void clearCachedAuthorizationInfo(String principal) {
SimplePrincipalCollection principals = new SimplePrincipalCollection(
principal, getName());

clearCachedAuthorizationInfo(principals);
}
<span style="white-space:pre">	</span><pre name="code" class="html"><span style="font-family:Consolas, Bitstream Vera Sans Mono, Courier New, Courier, monospace;color:#808080;"><span style="font-size: 12.5px; line-height: 13.75px;"><span style="white-space:pre">	</span>//</span></span><span style="font-size: 12.5px; line-height: 13.75px; color: rgb(128, 128, 128); font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;">该方法的调用时机为需授权资源被访问时执行 </span><span style="font-size: 12.5px; line-height: 13.75px; color: rgb(128, 128, 128); font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace;"> </span>

@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

<span style="white-space:pre">		</span>//获取用户名，在登录的Controller中加入SecurityUtils.getSubject().login(new UsernamePasswordToken(user.getUsername(), user.getPassword()));//就可以在此处使用<span style="font-family: Arial, Helvetica, sans-serif;">String currentUsername = (String)super.getAvailablePrincipal(principals);去获取角色的用户名</span>

String currentUsername = (String)super.getAvailablePrincipal(principals);

<span style="white-space:pre">		</span>//访问数据库，查找对应的角色
User user = userService.selectByName(currentUsername);
if(user !=null) {

<span style="white-space:pre">			</span> //分配权限
SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
simpleAuthorInfo.addRole(user.getRole());
simpleAuthorInfo.addStringPermission(user.getRole());
return simpleAuthorInfo;
}
return null;
}
<span style="white-space:pre">	</span>//<span style="color: rgb(128, 128, 128); font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 12.5px; line-height: 13.75px; white-space: pre;">LoginController.login()方法中执行Subject.login()时调用此方法</span>
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
return new SimpleAuthenticationInfo(token.getUsername(),
token.getPassword(),getName());
}

}

到这里。shiro的配置就算完成了