您的位置：首页 > 运维架构 > Apache

Apache Shiro 身份认证例子

2016-06-23 22:58 459 查看

在本例子中使用Apache Shiro在Web应用中实现身份认证，将Shiro与spring进行集成，使用内嵌的derby数据库存储用户信息。

持久层为hibernate，数据库连接池为alibaba druid。

2. 准备

创建一个内嵌的derby数据库，本例使用的是db-derby-10.10.1.1。

2.1 建表

Create table users(

Id int primary key,

Name varchar(20),

Passwd varchar(20)

);

2.2 初始化数据

Insert into users values(1,’admin’,’admin’);

Insert into users values(2,’peter’,’peter’);

3. 配置

3.1 Web.xml

[html] view
plain copy

<filter>

<filter-name>shiroFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

<init-param>

<param-name>targetFilterLifecycle</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>shiroFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

3.2 ApplicationContext.xml

[html] view
plain copy

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

<property name="securityManager" ref="securityManager" />

<property name="loginUrl" value="/index.do" />

<property name="filterChainDefinitions">

<value>

/login.do = anon

/** = authc

</value>

</property>

</bean>



<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

<property name="realm" ref="systemAuthorizingRealm" />

</bean>



<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

4. 认证

登录JSP

[html] view
plain copy

<%@ page language="java" contentType="text/html; charset=UTF-8"

pageEncoding="UTF-8"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>Login</title>

</head>

<body>

<form id="form1" name="form1" method="post" action="login.do">

用户登录

<table width="296" border="1" align="center" bgcolor="#00FF99">

<tr>

<td width="98" height="34">用户名：</td>

<td width="182"><label><input name="loginName"

type="text" id="loginName" /> </label></td>

</tr>

<tr>

<td height="36">密码：</td>

<td><label> <input name="password" type="password"

id="password" />

</label></td>

</tr>

<tr>

<td height="35" colspan="2"><label>

<input type="submit" name="Submit" value="提交" />

</label> <label> <input

type="reset" name="Submit2" value="重置" />

</label></td>

</tr>

</table>

</form>

</body>

</html>

Web控制器

[java] view
plain copy

@Controller

public class LoginController {

private static final Logger LOGGER = LoggerFactory.getLogger(LoginController.class);

@RequestMapping(value = "/login.do", method = RequestMethod.POST)

public String isLogin(HttpServletRequest request, PasswordAuthcInfo passwordAuthcInfo) {

String loginName = passwordAuthcInfo.getLoginName();

String loginPassword = passwordAuthcInfo.getPassword();

LOGGER.info("loginName:" + loginName + ";loginPassword:" + loginPassword);

HttpSession session = request.getSession(true);

String errorMessage = "";

Subject user = SecurityUtils.getSubject();

UsernamePasswordToken token = new UsernamePasswordToken(loginName, loginPassword);

token.setRememberMe(true);

try {

user.login(token);

String userID = (String) user.getPrincipal();

LOGGER.info("User [" + userID + "] logged in successfully.");

session.setAttribute("USERNAME", userID);

return "success";

} catch (UnknownAccountException uae) {

errorMessage = "用户认证失败：" + "username wasn't in the system.";

LOGGER.info(errorMessage);

} catch (IncorrectCredentialsException ice) {

errorMessage = "用户认证失败：" + "password didn't match.";

LOGGER.info(errorMessage);

} catch (LockedAccountException lae) {

errorMessage = "用户认证失败：" + "account for that username is locked - can't login.";

LOGGER.info(errorMessage);

} catch (AuthenticationException e) {

errorMessage = "登录失败错误信息：" + e;

LOGGER.error(errorMessage);

e.printStackTrace();

token.clear();

}

session.setAttribute("ErrorMessage", errorMessage);

return "error";

}

}

认证服务类

[java] view
plain copy

@Service

public class SystemAuthorizingRealm extends AuthorizingRealm {

@Resource(name = "userService")

private UserService userService;

// 授权

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {

// TODO Auto-generated method stub

return null;

}

// 认证

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {

UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

Users user = userService.getUser(token.getUsername());

if (user != null) {

return new SimpleAuthenticationInfo(user.getName(), user.getPassword(), "");

} else {

return null;

}

}

}

用户服务类

[java] view
plain copy

@Service("userService")

public class UserServiceImpl implements UserService {

 @Autowired

 private UserDao userDao;

 public Users getUser(String userName) {

 Users users = null;

 try {

 users = userDao.searchUser(userName);

 } catch (DataAccessException e) {

 e.printStackTrace();

 }

 return users;

 }

}

数据库操作类

[java] view
plain copy

@Repository("UserDao")

public class UserDaoImpl extends BaseDaoImpl implements UserDao {

 

 public Users searchUser(String userName) throws DataAccessException{

 Users users = null;

 try {

 Session session = sessionFactory.openSession();

 Query query = session.createQuery("from Users a where a.name=:name").setString(

 "name", userName);

 users = (Users) query.uniqueResult();

 session.close();

 } catch (Throwable e) {

 throw new DataAccessException(e);

 }

 return users;

 

 }

}

5. 内置表单过滤器

上面的程序是使用Spring的Web控制器来获取页面提交的数据，也可以使用Shiro内置的表单过滤器来实现页面数据提交。

authc org.apache.shiro.web.filter.authc.FormAuthenticationFilter

修改applicationContext.xml增加过滤器

[html] view
plain copy

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

<property name="securityManager" ref="securityManager" />

<property name="loginUrl" value="/login.do" />

<property name="successUrl" value="/main.do" />

<property name="unauthorizedUrl" value="/error.do" />

<property name="filters">

<util:map>

<entry key="authc">

<bean class="com.peter.smallshow.security.CustomFormAuthenticationFilter">

<property name="usernameParam" value="loginName" />

<property name="passwordParam" value="password" />

</bean>

</entry>

</util:map>

</property>

<property name="filterChainDefinitions">

<value>

/index.do = anon

/login.do = authc

/** = authc

</value>

</property>

</bean>

表单中的参数固定写法是username、password、rememberMe。

可以通过<property name="usernameParam" value="loginName" />来设置

自定义的表单过滤类

[java] view
plain copy

@Service

public class CustomFormAuthenticationFilter extends FormAuthenticationFilter {

protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {

String username = getUsername(request);

String password = getPassword(request);

if (password == null) {

password = "";

}

boolean rememberMe = false;

String host = getHost(request);

return new UsernamePasswordToken(username, password.toCharArray(), rememberMe, host);

}

}

6.工程代码

源码：smallShow-v0.9.1.rar http://download.csdn.net/detail/peterwanghao/6858101

Web应用：smallShow.war 直接放到Tomcat下即可。 http://download.csdn.net/detail/peterwanghao/6858127

在本例子中使用Apache Shiro在Web应用中实现身份认证，将Shiro与spring进行集成，使用内嵌的derby数据库存储用户信息。

持久层为hibernate，数据库连接池为alibaba druid。

2. 准备

创建一个内嵌的derby数据库，本例使用的是db-derby-10.10.1.1。

2.1 建表

Create table users(

Id int primary key,

Name varchar(20),

Passwd varchar(20)

);

2.2 初始化数据

Insert into users values(1,’admin’,’admin’);

Insert into users values(2,’peter’,’peter’);

3. 配置

3.1 Web.xml

[html] view
plain copy

3.2 ApplicationContext.xml

[html] view
plain copy

4. 认证

登录JSP

[html] view
plain copy

5. 内置表单过滤器

6.工程代码

源码：smallShow-v0.9.1.rar http://download.csdn.net/detail/peterwanghao/6858101

Web应用：smallShow.war 直接放到Tomcat下即可。 http://download.csdn.net/detail/peterwanghao/6858127

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航