Shiro的permission管理,用户的认证和授权
2016-08-16 13:58
309 查看
Shiro的permission管理,用户的认证和授权demo步骤:
1.web.xml中配置:
2.spring-shiro.xml
3.spring-mvc.xml增加自动扫描
4.applicationContext.xml增加自动扫描配置
5.LoginController.java
6.UserController.java
7.service层下的MonitorRealm.java
8.MD5加密EncryptUtils.java
9.model实体类 User.java
10.eclipse结构图
1.web.xml中配置:
<display-name>shirodemo</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:applicationContext.xml,classpath:spring-shiro.xml</param-value> </context-param> <!-- apache shiro权限 在web.xml中添加shiro过滤器 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>
2.spring-shiro.xml
<description>shiro权限管理配置</description> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- shiro通过一个filter控制权限--> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login.jsp" /> <!-- 登陆页 --> <property name="successUrl" value="/login.jsp" /> <!-- 登陆成功之后跳转的页面 --> <property name="unauthorizedUrl" value="/error/noperms.jsp" /> <!-- 用户在请求无权限的资源时,跳转到这个url --> <property name="filterChainDefinitions"> <!-- 配置访问url资源需要用户拥有什么权限 配置的优先级由上至下--> <value> /login.jsp* = anon /login.do* = anon /index.jsp*= anon /error/noperms.jsp*= anon /*.jsp* = authc /*.do* = authc </value> </property> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--设置自定义realm --> <property name="realm" ref="monitorRealm" /> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <!--自定义Realm 继承自AuthorizingRealm --> <bean id="monitorRealm" class="com.shiro.service.MonitorRealm"></bean> <!-- securityManager --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" /> <property name="arguments" ref="securityManager" /> </bean> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after --> <!-- the lifecycleBeanProcessor has run: --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" /> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean>
3.spring-mvc.xml增加自动扫描
<!--# 自动扫描controller包下的所有类,使其认为spring mvc的控制器 --> <context:component-scan base-package="com.shiro.controller" />
4.applicationContext.xml增加自动扫描配置
<!--自动扫描dao和service包(自动注入)--> <context:component-scan base-package="com.shiro.dao,com.shiro.service" />
5.LoginController.java
package com.shiro.controller; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; import com.shiro.Utils.EncryptUtils; import com.shiro.model.User; @Controller @RequestMapping(value = "login") public class LoginController { /* * @Autowired User user; * 用户登录 */ @RequestMapping(params = "main") public ModelAndView login(User user,HttpSession session, HttpServletRequest request) { ModelAndView modelView = new ModelAndView(); //认证:验证用户身份的过程 //收集了实体/凭据信息之后, //我们可以通过SecurityUtils工具类,获取当前的用户 Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(user.getUsercode(), EncryptUtils.encryptMD5(user.getPassword())); //“记住我”的功能。 token.setRememberMe(true); try { //然后通过调用login方法提交认证 currentUser.login(token); } catch (AuthenticationException e) { modelView.addObject("message", "login errors"); modelView.setViewName("/login"); e.printStackTrace(); } //使用subject.isAuthenticated()判断用户是否已验证返回true/false. if(currentUser.isAuthenticated()){ user.setUserName("张三"); session.setAttribute("userinfo", user); modelView.setViewName("/main"); }else{ modelView.addObject("message", "登陆名或密码错误!"); modelView.setViewName("/login"); } return modelView; } /** * 退出登录 */ @RequestMapping(params = "logout") public String logout() { Subject currentUser = SecurityUtils.getSubject(); try { currentUser.logout(); } catch (AuthenticationException e) { e.printStackTrace(); } return "/login"; } @RequestMapping(params = "myjsp") public ModelAndView login2() { System.out.println("sss"); ModelAndView modelView = new ModelAndView(); modelView.addObject("message", "登录成功!"); modelView.setViewName("/my"); return modelView; } @RequestMapping(params = "test") public ModelAndView login3() { System.out.println("sss"); ModelAndView modelView = new ModelAndView(); modelView.addObject("message", "登录成功!"); modelView.setViewName("/test"); return modelView; } }
6.UserController.java
package com.shiro.controller; import org.apache.shiro.SecurityUtils; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @Controller @RequestMapping(value="user") public class UserController { /** * 跳转到myjsp页面 */ @RequestMapping(params = "myjsp") public String home() { Subject currentUser = SecurityUtils.getSubject(); //对比是否有权限,permissions中有此"user.do?myjsp" //则有权,无 则无权 if(currentUser.isPermitted("user.do?myjsp")){ return "my"; }else{ return "error/noperms"; } } @RequestMapping(params = "notmyjsp") public String nopermission() { Subject currentUser = SecurityUtils.getSubject(); if(currentUser.isPermitted("user.do?notmyjsp")){ return "notmyjsp"; }else{ return "error/noperms"; } } }
7.service层下的MonitorRealm.java
package com.shiro.service; import java.util.HashSet; import java.util.Set; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.SimplePrincipalCollection; import org.springframework.stereotype.Service; import com.shiro.Utils.EncryptUtils; import com.shiro.model.User; @Service("monitorRealm") public class MonitorRealm extends AuthorizingRealm { /* * @Autowired UserService userService; * @Autowired RoleService roleService; * @Autowired LoginLogService loginLogService; */ public MonitorRealm() { super(); } /** * 授权信息 * 用户权限源(shiro调用此方法获取用户权限, * 至于从何处获取权限项,由我们定义。) */ @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { /* 这里编写授权代码 */ Set<String> roleNames = new HashSet<String>(); Set<String> permissions = new HashSet<String>(); roleNames.add("111111"); permissions.add("user.do?myjsp"); permissions.add("login.do?main"); permissions.add("login.do?logout"); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames); info.setStringPermissions(permissions); //将用户权限返回给shiro return info; } /** * 认证信息 */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { /* 这里编写认证代码 */ UsernamePasswordToken token = (UsernamePasswordToken) authcToken; // User user = securityApplication.findby(upToken.getUsername()); User user = new User(); user.setUsercode(token.getUsername()); user.setUserName("admin"); user.setPassword(EncryptUtils.encryptMD5("admin")); // if (user != null) { //比对成功则返回info,比对失败则抛出对应信息的异常AuthenticationException return new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(), getName()); } public void clearCachedAuthorizationInfo(String principal) { SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName()); clearCachedAuthorizationInfo(principals); } }
8.MD5加密EncryptUtils.java
package com.shiro.Utils; import org.apache.shiro.crypto.hash.Md5Hash; public class EncryptUtils { public static final String encryptMD5(String source) { if (source == null) { source = ""; } Md5Hash md5 = new Md5Hash(source); return md5.toString(); } }
9.model实体类 User.java
public class User { private String usercode; private String userName; private String password; }
10.eclipse结构图
相关文章推荐
- Shiro入门2:权限管理入门,用户认证、授权
- Apache Shiro学习笔记(三)用户授权自定义Permission
- Apache Shiro 认证、授权、加密和会话管理
- BOS项目练习(权限/角色/用户管理(CRUD),基于数据库实现动态授权,ehcache缓存权限,shiro标签,菜单权限展示)
- springmvc+shiro+maven 实现登录认证与权限授权管理
- SpringMVC整合Shiro,Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能
- springmvc+shiro+maven 实现登录认证与权限授权管理
- 用户登录安全框架shiro—用户的认证和授权(一)
- 权限管理——用户认证和用户授权
- Spring Shiro配置实现用户认证和授权
- JAVAWEB开发之权限管理(二)——shiro入门详解以及使用方法、shiro认证与shiro授权
- springmvc+shiro+maven 实现登录认证与权限授权管理 201
- web中采用shiro实现登录认证与权限授权管理
- springmvc+shiro+maven 实现登录认证与权限授权管理
- Spring-shiro源码陶冶-AuthorizingRealm用户认证以及授权
- 采用shiro实现登录认证与权限授权管理
- 框架 day54 BOS项目练习(权限/角色/用户管理(CRUD),基于数据库实现动态授权,ehcache缓存权限,shiro标签,菜单权限展示)
- Shiro用户登录认证、权限授权示例,以及源码分析(上)
- 基于AOP实现权限管理:通过shiro认证身份和模拟授权认证
- springmvc+shiro+maven 实现登录认证与权限授权管理