spring+shiro 整合实例代码详解
2018-10-25 10:25
183 查看
一、添加相关依赖
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency>
二、编写代码
1、自定义realm
public class CommonRealm extends AuthorizingRealm {
@Autowired
private UserLoginService userLoginService;
@Override
public String getName() {
return "CommonRealm";
}
//授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String usernmae = (String) principals.getPrimaryPrincipal();
List<String> permissions = new ArrayList<String>();
if ("admin".equals(usernmae)) {
permissions.add("admin:ee");
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(permissions);
return info;
}
//身份认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
User user = userLoginService.getUser(username);
if (user == null) {
return null;
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, user.getPassword(), getName());
return info;
}
}
2、login controller
@Controller
public class UserAction {
@Autowired
private UserLoginService userLoginService;
@RequestMapping("/login.do")
public String userLogin(HttpServletRequest request, String username, String password) throws Exception {
// 如果登陆失败从request中获取异常信息,shiroLoginFailure就是shiro异常类的全限定名
String exceptionClassName = (String) request.getAttribute("shiroLoginFailure");
if (exceptionClassName != null) {
if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
// 最终会抛给异常处理器
throw new XXXException("用户名不存在");
} else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
throw new XXXException("用户名/密码错误");
} else {
throw new Exception();// 最终在异常处理器生成未知错误
}
}
// 如果登录成功的话不走此方法,shiro认证成功会自动跳转到上一个请求路径,配的的successUrl没效果,后边会说
// 登陆失败走此方法,捕获异常,然后 return ~ ,还到login页面
return "login.jsp";
}
}
3、检测权限 controller
//此方法为了验证权限是否生效
@RequestMapping("/findAll.do")
@RequiresPermissions("admin:ee")
public ModelAndView list(HttpServletRequest request){
.......
}
三、常见问题
因为有一些特别常见的问题,需要修改xml配置,所以现在先手问题,把xml配置放在后边,直接就配置完善好的xml
问题一:登陆成功后shiro默认跳到上一次请求,没有上一次请求默认跳到/ ,那我们就想控制调到自己定义的路径咋办呢?
解决方案:
步骤一:继承FormAuthenticationFilter类,重写onLoginSuccess方法,这里可以自定义路径,因为这里自定义了成功跳转的路径,所以配置里的successUrl不用配置,赔了也没效果。。
public class LoginSuccessToFilter extends FormAuthenticationFilter {
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
WebUtils.getAndClearSavedRequest(request);
WebUtils.redirectToSavedRequest(request,response,"/findAll.do");
return false;
}
}
步骤二:
在shiro的xml配置文件中配置
<bean id="myfilter" class="com.xxx.realm.LoginSuccessToFilter"></bean>
在 shiroFilter配置中引入,完整xml在后边
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="filters"> <map> <entry key="authc" value-ref="myfilter"></entry> </map> </property> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="filters"> <map> <entry key="authc" value-ref="myfilter"></entry> </map> </property> </bean>
四、Xml配置
applicationContext-shiro.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 管理器,必须设置 --> <property name="securityManager" ref="securityManager"/> <property name="filters"> <map> <entry key="authc" value-ref="myfilter"></entry> </map> </property> <!-- 拦截到,跳转到的地址,通过此地址去认证 --> <property name="loginUrl" value="/login.do"/> <!-- 认证成功统一跳转到/admin/index.do,建议不配置,shiro认证成功自动到上一个请求路径 --> <!--<property name="successUrl" value="/findAll.do"/>--> <!-- 通过unauthorizedUrl指定没有权限操作时跳转页面 --> <property name="unauthorizedUrl" value="/refuse.jsp"/> <!-- 自定义filter,可用来更改默认的表单名称配置 --> <!--<property name="filters">--> <!--<map>--> <!--<!– 将自定义 的FormAuthenticationFilter注入shiroFilter中 –>--> <!--<entry key="authc" value-ref="formAuthenticationFilter" />--> <!--</map>--> <!--</property>--> <property name="filterChainDefinitions"> <value> <!-- 对静态资源设置匿名访问 --> /image/** = anon /css/** = anon /js/** = anon /logout.do = logout /** = authc </value> </property> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- securityManager安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="customRealm"/> <!-- 注入缓存管理器 --> <!--<property name="cacheManager" ref="cacheManager" />--> <!-- 注入session管理器 --> <!-- <property name="sessionManager" ref="sessionManager" /> --> <!-- 记住我 --> <!--<property name="rememberMeManager" ref="rememberMeManager" />--> </bean> <!-- 自定义realm --> <bean id="customRealm" class="com.dhl.realm.CommonRealm"></bean> <bean id="myfilter" class="com.dhl.realm.LoginSuccessToFilter"></bean> <!-- 凭证匹配器 --> <!--<bean id="credentialsMatcher"--> <!--class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">--> <!--<!– 选用MD5散列算法 –>--> <!--<property name="hashAlgorithmName" value="md5"/>--> <!--<!– 进行一次加密 –>--> <!--<property name="hashIterations" value="1"/>--> <!--</bean>--> </beans>
springmvc的配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jdbc="http://www.springframework.org/schema/jdbc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd"> <context:component-scan base-package="com.dhl.controller"></context:component-scan> <mvc:annotation-driven></mvc:annotation-driven> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"></bean> <!-- 开启shiro注解的配置移动到这儿 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> </beans>
以上就是一个大概的整合和遇到的两个问题,博主也是查阅了很多的博客得到的较优答案,整理出来,已备后续参考,遇到一样问题的同学可以看看
您可能感兴趣的文章:
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Apache Shiro+SpringMVC+Hibernate Search+Hibernate+Bootstrap企业信息管理系统基础框架搭建整合实例代码教程
- SpringBoot整合Shiro的代码详解
- Spring 整合Shiro 并扩展使用EL表达式的实例详解
- Apache Shiro+SpringMVC+Hibernate Search+Hibernate+Bootstrap企业信息管理系统基础框架搭建整合实例代码教程
- 详解MongoDB和Spring整合的实例代码
- Spring mvc+struts2+Hibernate整合实例代码(注解详解)
- Spring组件自动扫描详解及实例代码
- Spring+Spring MVC+Mybatis+Maven整合教程(图文详解附代码)
- rabbitMQ教程(三) spring整合rabbitMQ代码实例
- 详解注解配置整合Spring MVC+Thymeleaf整合实例
- shiro与spring整合详解与spring项目中shiro注解不生效的解决办法
- Spring整合Redis完整实例代码
- MyBatis代码实例系列-09:初步整合Spring + Spring MVC框架之后,如何打印MyBatis的SQL语句
- Spring 整合 Hibernate 时启用二级缓存实例详解
- springboot与mybatis整合实例详解
- ssh框架搭建Struts2.06+spring2.5+hibernate3.2整合实例代码教程步骤
- Spring结合java Quartz配置实例代码详解
- spring boot application properties配置实例代码详解
- 详解注解配置整合Spring MVC+Thymeleaf整合实例
- Spring 整合 Hibernate 时启用二级缓存实例详解