Apache shiro 笔记整理之整合spring
2016-03-03 22:34
751 查看
以下内容是在看了涛哥的《跟我一起学shiro》 和 视频《一头扎入进shiro》 后整理出来备忘和方便自己和其他人学习。
shiro整合spring 通用配置。
用到的框架有spring + springMVC + mybatis
spring简介:/article/2297954.html
springMVC简介:/article/2297950.html
mybatis简介:暂时没有 ToT(找到一篇比较好的文章会及时更新)
第一步:创建maven web项目:/article/2297943.html
第二步:导入相关的jar包
第三步:整合框架
(其配置为查用配置,可以根据具体业务修改。笔者也是安装教程来做的,和公司项目中有很多相似之处,仅供学习使用。)
配置web.xml文件:
spring配置文件applicationContext.xml:
springMVC 配置文件 spring-mvc.xml:
第四步:创建实体类并配置对应的映射文件:
mybatis 配置文件 mybatis-config.xml:
觉得用spring data 说不定是更好的选择,通过注解便可以完成映射关系。
实体类映射文件 UserMap.xml:
第五步:创建实体类对应的Dao层和Server层
UserDao:
UserServer:
UserServerImpl:
第六步:创建自定义realm
第七步:创建UserController:
第八步:准备两张页面负责登入的index.jsp和登入成功的主页success.jsp
index.jsp:
success.jsp:
测试和之前一样。访问 http://localhost:8080/shiro.spring/user/login.do 开始测试之旅吧!
源码下载:http://download.csdn.net/detail/qq_19558705/9452197
shiro整合spring 通用配置。
用到的框架有spring + springMVC + mybatis
spring简介:/article/2297954.html
springMVC简介:/article/2297950.html
mybatis简介:暂时没有 ToT(找到一篇比较好的文章会及时更新)
第一步:创建maven web项目:/article/2297943.html
第二步:导入相关的jar包
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>shiro-spring</groupId> <artifactId>shiro.spring</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <dependencies> <!-- Spring start --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>1.2.3</version> </dependency> <!-- Spring end --> <!-- logger start --> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!-- logger end --> <!-- mybatis start --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>3.3.0</version> </dependency> <!-- mybatis end --> <!-- jdbc start --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.22</version> </dependency> <!-- jdbc end --> <!-- shiro start --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.4</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.12</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.4</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.4</version> </dependency> <!-- shiro end --> </dependencies> </project>
第三步:整合框架
(其配置为查用配置,可以根据具体业务修改。笔者也是安装教程来做的,和公司项目中有很多相似之处,仅供学习使用。)
配置web.xml文件:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <!-- 定义shiro过滤器 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 --> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring配置文件 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:applicationContext.xml</param-value> </context-param> <!-- 编码过滤器 --> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <async-supported>true</async-supported> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring监听器 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- 添加对springmvc的支持 --> <servlet> <servlet-name>springMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-mvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> <async-supported>true</async-supported> </servlet> <servlet-mapping> <servlet-name>springMVC</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> </web-app>
spring配置文件applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation=" http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd"> <!-- 自动扫描 --> <context:component-scan base-package="com.shiro.service" /> <!-- 配置数据源 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"/> <property name="url" value="jdbc:mysql://localhost:3306/db_shiro"/> <property name="username" value="root"/> <property name="password" value="root"/> </bean> <!-- 配置mybatis的sqlSessionFactory --> <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"> <property name="dataSource" ref="dataSource" /> <!-- 自动扫描mappers.xml文件 --> <property name="mapperLocations" value="classpath:com/shiro/mappers/*.xml"></property> <!-- mybatis配置文件 --> <property name="configLocation" value="classpath:mybatis-config.xml"></property> </bean> <!-- DAO接口所在包名,Spring会自动查找其下的类 --> <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"> <property name="basePackage" value="com.shiro.dao" /> <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"></property> </bean> <!-- (事务管理)transaction manager, use JtaTransactionManager for global tx --> <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource" /> </bean> <!-- 自定义Realm --> <bean id="myRealm" class="com.shiro.realm.MyRealm"/> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm"/> </bean> <!-- Shiro过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- Shiro的核心安全接口,这个属性是必须的 --> <property name="securityManager" ref="securityManager"/> <!-- 身份认证失败,则跳转到登录页面的配置 --> <property name="loginUrl" value="/index.jsp"/> <!-- 权限认证失败,则跳转到指定页面 --> <property name="unauthorizedUrl" value="/unauthor.jsp"/> <!-- Shiro连接约束配置,即过滤链的定义 --> <property name="filterChainDefinitions"> <!-- 一般修改以下内容 --> <value> /login=anon /admin*=authc /student=roles[teacher] /teacher=perms["user:create"] </value> </property> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- 开启Shiro注解 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- 配置事务通知属性 --> <tx:advice id="txAdvice" transaction-manager="transactionManager"> <!-- 定义事务传播属性 --> <tx:attributes> <tx:method name="insert*" propagation="REQUIRED" /> <tx:method name="update*" propagation="REQUIRED" /> <tx:method name="edit*" propagation="REQUIRED" /> <tx:method name="save*" propagation="REQUIRED" /> <tx:method name="add*" propagation="REQUIRED" /> <tx:method name="new*" propagation="REQUIRED" /> <tx:method name="set*" propagation="REQUIRED" /> <tx:method name="remove*" propagation="REQUIRED" /> <tx:method name="delete*" propagation="REQUIRED" /> <tx:method name="change*" propagation="REQUIRED" /> <tx:method name="check*" propagation="REQUIRED" /> <tx:method name="get*" propagation="REQUIRED" read-only="true" /> <tx:method name="find*" propagation="REQUIRED" read-only="true" /> <tx:method name="load*" propagation="REQUIRED" read-only="true" /> <tx:method name="*" propagation="REQUIRED" read-only="true" /> </tx:attributes> </tx:advice> <!-- 配置事务切面 --> <aop:config> <aop:pointcut id="serviceOperation" expression="execution(* com.shiro.service.*.*(..))" /> <aop:advisor advice-ref="txAdvice" pointcut-ref="serviceOperation" /> </aop:config> </beans>
springMVC 配置文件 spring-mvc.xml:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation=" http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd"> <!-- 使用注解的包,包括子集 --> <context:component-scan base-package="com.shiro.controller" /> <!-- 视图解析器 --> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/" /> <property name="suffix" value=".jsp"></property> </bean> </beans>
第四步:创建实体类并配置对应的映射文件:
package com.shiro.entity; public class User { private Integer id; private String userName; private String password; public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
mybatis 配置文件 mybatis-config.xml:
觉得用spring data 说不定是更好的选择,通过注解便可以完成映射关系。
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd"> <configuration> <!-- 别名 --> <typeAliases> <package name="com.shiro.entity"/> </typeAliases> </configuration>
实体类映射文件 UserMap.xml:
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.shiro.dao.UserDao"> <resultMap type="User" id="UserResult"> <result property="id" column="id"/> <result property="userName" column="userName"/> <result property="password" column="password"/> </resultMap> <select id="getByUserName" parameterType="String" resultMap="UserResult"> select * from t_user where userName=#{userName} </select> <select id="getRoles" parameterType="String" resultType="String"> select r.roleName from t_user u,t_role r where u.roleId=r.id and u.userName=#{userName} </select> <select id="getPermissions" parameterType="String" resultType="String"> select p.permissionName from t_user u,t_role r,t_permission p where u.roleId=r.id and p.roleId=r.id and u.userName=#{userName} </select> </mapper>
第五步:创建实体类对应的Dao层和Server层
UserDao:
package com.shiro.dao; import java.util.Set; import com.shiro.entity.User; public interface UserDao { /** * 通过用户名查询用户 * @param userName * @return */ public User getByUserName(String userName); /** * 通过用户名查询角色信息 * @param userName * @return */ public Set<String> getRoles(String userName); /** * 通过用户名查询权限信息 * @param userName * @return */ public Set<String> getPermissions(String userName); }
UserServer:
package com.shiro.service; import java.util.Set; import com.shiro.entity.User; public interface UserService { /** * 通过用户名查询用户 * @param userName * @return */ public User getByUserName(String userName); /** * 通过用户名查询角色信息 * @param userName * @return */ public Set<String> getRoles(String userName); /** * 通过用户名查询权限信息 * @param userName * @return */ public Set<String> getPermissions(String userName); }
UserServerImpl:
package com.shiro.service.impl; import java.util.Set; import javax.annotation.Resource; import org.springframework.stereotype.Service; import com.shiro.dao.UserDao; import com.shiro.entity.User; import com.shiro.service.UserService; @Service("userService") public class UserServiceImpl implements UserService{ @Resource private UserDao userDao; public User getByUserName(String userName) { return userDao.getByUserName(userName); } public Set<String> getRoles(String userName) { return userDao.getRoles(userName); } public Set<String> getPermissions(String userName) { return userDao.getPermissions(userName); } }
第六步:创建自定义realm
package com.shiro.realm; import javax.annotation.Resource; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.shiro.entity.User; import com.shiro.service.UserService; public class MyRealm extends AuthorizingRealm{ @Resource private UserService userService; /** * 为当限前登录的用户授予角色和权 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String userName=(String)principals.getPrimaryPrincipal(); SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo(); authorizationInfo.setRoles(userService.getRoles(userName)); authorizationInfo.setStringPermissions(userService.getPermissions(userName)); return authorizationInfo; } /** * 验证当前登录的用户 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName=(String)token.getPrincipal(); User user=userService.getByUserName(userName); if(user!=null){ AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx"); return authcInfo; }else{ return null; } } }
第七步:创建UserController:
package com.shiro.controller; import javax.servlet.http.HttpServletRequest; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import com.shiro.entity.User; /** * 用户Controller层 * @author Administrator * */ @Controller @RequestMapping("/user") public class UserController { /** * 用户登录 * @param user * @param request * @return */ @RequestMapping("/login") public String login(User user,HttpServletRequest request){ Subject subject=SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken(user.getUserName(), user.getPassword()); try{ subject.login(token); Session session=subject.getSession(); System.out.println("sessionId:"+session.getId()); System.out.println("sessionHost:"+session.getHost()); System.out.println("sessionTimeout:"+session.getTimeout()); session.setAttribute("info", "session的数据"); return "redirect:/success.jsp"; }catch(Exception e){ e.printStackTrace(); request.setAttribute("user", user); request.setAttribute("errorMsg", "用户名或密码错误!"); return "index"; } } }
第八步:准备两张页面负责登入的index.jsp和登入成功的主页success.jsp
index.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="${pageContext.request.contextPath }/user/login.do" method="post"> userName:<input type="text" name="userName" value="${user.userName }"/><br/> password:<input type="password" name="password" value="${user.password }"><br/> <input type="submit" value="login"/><font color="red">${errorMsg }</font> </form> </body> </html>
success.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> ${info } 欢迎你! <shiro:hasRole name="admin"> 欢迎有admin角色的用户!<shiro:principal/> </shiro:hasRole> <shiro:hasPermission name="student:create"> 欢迎有student:create权限的用户!<shiro:principal/> </shiro:hasPermission> </body> </html>
测试和之前一样。访问 http://localhost:8080/shiro.spring/user/login.do 开始测试之旅吧!
源码下载:http://download.csdn.net/detail/qq_19558705/9452197
相关文章推荐
- LAMP第二部分apache配置
- 全文检索-Apache Lucene初探
- apache编译出错 error: mod_deflate has been requested
- Unable to load config class org.apache.struts2.interceptor.debugging.DebuggingInterceptor at interce
- class "org.apache.commons.collections.FastHashMap"'s signer information does not match signer inform
- Apache 的ab测试
- AXIS客户端调用出错org.apache.axis.NoEndPointException
- Apache shiro 笔记整理之加密
- Apache Kafka:下一代分布式消息系统
- (1) PHP 随笔---跟老韩学(24-34)---Apache、PHP简介、环境的搭建
- 在本地使用Apache配置WEB服务器
- Eclipse使用Maven创建Web时错误:Could not resolve archetype org.apache.maven.archetypes:maven-archetype-webap
- org.apache.subversion.javahl.ClientException: Previous operation has not finished
- Apache Thrift - 可伸缩的跨语言服务开发框架
- 闰年2月29号 通过apache的ftp工具从ftp上下载文件失败
- Windows 64位系统安装Apache2.4 mysql5.5
- Apache之AllowOverride参数详解
- Apache中的SetEnvIf是什么?
- MAC下用homebrew安装及配置apache、php和mysql
- Linux下编译安装Apache及模块