SSM集成Shiro安全框架(三)
2018-10-23 18:33
106 查看
七、实现or关系的角色过滤
1.RoleOrFilterAuthorizationFilter.java
[code]package com.yan.shiro.common; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authz.AuthorizationFilter; public class RoleOrFilterAuthorizationFilter extends AuthorizationFilter{ @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { Subject subject = getSubject(request, response); String[] rolesArray = (String[]) mappedValue; if (rolesArray == null || rolesArray.length == 0) { return true; } for(int i=0;i<rolesArray.length;i++) { if(subject.hasRole(rolesArray[i])) { return true; } } return false; } }
2.applicationContext-shiro.xml
[code] <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 调用我们配置的权限管理器 --> <property name="securityManager" ref="securityManager" /> <!-- 配置我们的登录请求地址 --> <property name="loginUrl" value="/login.jsp" /> <!-- 配置我们在登录页登录成功后的跳转地址,如果你访问的是非/login地址,则跳到您访问的地址 --> <property name="successUrl" value="/index.jsp" /> <!-- 如果您请求的资源不再您的权限范围,则跳转到/403请求地址 --> <property name="unauthorizedUrl" value="/unauthorized.jsp" /> <property name="filters"> <util:map> <!-- 自定义roleOrFilter --> <entry key="roleOrFilter" value-ref="roleOrFilter" /> <entry key="logout" value-ref="logoutFilter" /> </util:map> </property>
[code]/index.jsp = roleOrFilter["admin","productManager"] <!--只需具有其中一个权限就可以,但需要自定义filter -->
[code]<!--自定义的filter --> <bean id="roleOrFilter" class="com.yan.shiro.common.RoleOrFilterAuthorizationFilter"></bean>
八、shiro集成kaptcha验证码
1.pom.xml
[code] <!-- Shiro 集成验证码 --> <dependency> <groupId>com.github.penggle</groupId> <artifactId>kaptcha</artifactId> <version>2.3.2</version> </dependency>
2.spring-mvc.xml配置文件
[code] <!-- 配置kaptcha验证码 --> <bean id="captchaProducer" class="com.google.code.kaptcha.impl.DefaultKaptcha"> <property name="config"> <bean class="com.google.code.kaptcha.util.Config"> <constructor-arg type="java.util.Properties"> <props> <prop key="kaptcha.image.width">100</prop> <prop key="kaptcha.image.height">50</prop> <prop key="kaptcha.noise.impl">com.google.code.kaptcha.impl.NoNoise</prop> <prop key="kaptcha.textproducer.char.string">0123456789abcdefghijklmnopqrstuvwxyz</prop> <prop key="kaptcha.textproducer.char.length">4</prop> </props> </constructor-arg> </bean> </property> </bean>
3.applicationContext-shiro.xml
[code]<!-- 配置我们的登录请求地址 --> <property name="loginUrl" value="/login.jsp" />
[code]!-- 将自定义 的FormAuthenticationFilter注入shiroFilter中--> <entry key="authc" value-ref="myAuthenFilter" />
[code]/login.jsp=authc
[code]<bean id="myAuthenFilter" class="com.yan.shiro.common.CaptchaFormAuthenticationFilter"/>
4.CaptchaFormAuthenticationFilter.java
[code]package com.yan.shiro.common; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.util.WebUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.yan.shiro.exception.IncorrectCaptchaException; public class CaptchaFormAuthenticationFilter extends FormAuthenticationFilter { private static final Logger LOG = LoggerFactory.getLogger(CaptchaFormAuthenticationFilter.class); private static void sysout() { System.out.println("CaptchaFormAuthenticationFilter"); } public CaptchaFormAuthenticationFilter() { } @Override /** * 登录验证 */ protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { System.out.println("executeLogin"); CaptchaUsernamePasswordToken token = createToken(request, response); try { /* 图形验证码验证 */ doCaptchaValidate((HttpServletRequest) request, token); Subject subject = getSubject(request, response); subject.login(token);// 正常验证 LOG.info(token.getUsername() + "登录成功"); return onLoginSuccess(token, subject, request, response); } catch (AuthenticationException e) { LOG.info(token.getUsername() + "登录失败--" + e); return onLoginFailure(token, e, request, response); } } // 验证码校验 protected void doCaptchaValidate(HttpServletRequest request, CaptchaUsernamePasswordToken token) { System.out.println("doCaptchaValidate"); // session中的图形码字符串 String captcha = (String) request.getSession().getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY); // 比对 if (captcha != null && !captcha.equalsIgnoreCase(token.getCaptcha())) { throw new IncorrectCaptchaException("验证码错误!"); } } @Override protected CaptchaUsernamePasswordToken createToken(ServletRequest request, ServletResponse response) { String username = getUsername(request); String password = getPassword(request); String captcha = getCaptcha(request); boolean rememberMe = isRememberMe(request); String host = getHost(request); return new CaptchaUsernamePasswordToken(username, password.toCharArray(), rememberMe, host, captcha); } public static final String DEFAULT_CAPTCHA_PARAM = "captcha"; private String captchaParam = DEFAULT_CAPTCHA_PARAM; public String getCaptchaParam() { return captchaParam; } public void setCaptchaParam(String captchaParam) { this.captchaParam = captchaParam; } protected String getCaptcha(ServletRequest request) { return WebUtils.getCleanParam(request, getCaptchaParam()); } // 保存异常对象到request @Override protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) { request.setAttribute(getFailureKeyAttribute(), ae); } }
5.CaptchaUsernamePasswordToken.java
[code]package com.yan.shiro.common; import org.apache.shiro.authc.UsernamePasswordToken; public class CaptchaUsernamePasswordToken extends UsernamePasswordToken{ //验证码字符串 private String captcha; public CaptchaUsernamePasswordToken(String username, char[] password, boolean rememberMe, String host, String captcha) { super(username, password, rememberMe, host); this.captcha = captcha; } public String getCaptcha() { return captcha; } public void setCaptcha(String captcha) { this.captcha = captcha; } }
6.login.jsp
[code]<%@page import="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"%> <%@page import="com.yan.shiro.exception.IncorrectCaptchaException"%> <%@page import="org.apache.shiro.authc.AuthenticationException"%> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <base href="<%=basePath%>"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> <style type="text/css"> .error { color: red; } </style> <script type="text/javascript"> function refreshCaptcha(){ document.getElementById("img_captcha").src="http://localhost:8081/ShiroDemo/kaptcha?t=" + Math.random(); } </script> </head> <body> <% Object obj = request .getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); String msg = ""; if (obj != null) { if (obj instanceof IncorrectCaptchaException) msg = "验证码错误!"; else msg = "账号或密码错误!"; } out.println("<div class='error'>" + msg + "</div>"); %> <form action="login.jsp" method="post"> <input type="hidden" name="rememberMe" value="0" /> <br /> <table> <tr> <td>用户帐号:</td> <td><input type="text" name="username" id="username" value="" /></td> </tr> <tr> <td>登录密码:</td> <td><input type="password" name="password" id="password" value="" /></td> </tr> <tr> <td>验证码:</td> <td><input type="text" name="captcha" /></td> </tr> <tr> <td> </td> <td><img alt="验证码" src="http://localhost:8081/ShiroDemo/kaptcha" title="点击更换" id="img_captcha" onclick="javascript:refreshCaptcha();">(看不清<a href="javascript:void(0)" onclick="javascript:refreshCaptcha()">换一张</a>)</td> </tr> <tr> <td colspan="2"><input value="登录" type="submit"></td> </tr> </table> </form> </body> </html>
7.Controller.java
[code] @Autowired private Producer captchaProducer; @RequestMapping(value = "/kaptcha") public void getKaptchaImage(HttpServletRequest request, HttpServletResponse response) throws Exception { HttpSession session = request.getSession(); response.setDateHeader("Expires", 0); response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate"); response.addHeader("Cache-Control", "post-check=0, pre-check=0"); response.setHeader("Pragma", "no-cache"); response.setContentType("image/jpeg"); //生成验证码 String capText = captchaProducer.createText(); session.setAttribute(Constants.KAPTCHA_SESSION_KEY, capText); //向客户端写出 BufferedImage bi = captchaProducer.createImage(capText); ServletOutputStream out = response.getOutputStream(); ImageIO.write(bi, "jpg", out); try { out.flush(); } finally { out.close(); } } /** * 获取验证码 * * @author atd681 * @since 2018年8月13日 */ @RequestMapping("/kaptcha/get") @ResponseBody public String getKaptcha(HttpSession session) { // Kaptcha生成验证后保存SESSION中的KEY为KAPTCHA_SESSION_KEY return (String) session.getAttribute("KAPTCHA_SESSION_KEY"); }
九、demo下载
阅读更多相关文章推荐
- SSM集成安全框架shiro
- AdminEAP框架-集成Shiro安全认证
- ssm搭建shiro安全框架
- SSM框架下的shiro集成
- java安全框架-Shiro学习笔记(五)-Shiro集成Web
- 基于Spirng的Shiro安全框架与CAS SSO的集成
- SSM集成Shiro:实现登录认证
- 安全框架Shiro和Spring Security比较
- 基于权限安全框架Shiro的登录验证功能实现
- Shiro安全框架相关配置
- 安全框架-Shiro
- 安全框架Shiro和Spring Security比较
- 开源安全框架Apache Shiro
- ssm+shiro基础框架搭建(一)
- Shiro (Java安全框架)
- SpringBoot集成Spring Security安全框架
- 【SSM框架 SSM项目源码 SSM源码 下载】java框架整合Springmvc+mybatis+shiro+bootstrap
- 快速搭建springboot框架以及整合ssm+shiro+安装Rabbitmq和Erlang、Mysql下载与配置
- java安全框架-Shiro学习笔记(二)-身份认证
- java安全框架-Shiro学习笔记(三)-权限认证