spring mvc +hibernate +spring +shiro 实现权限管理详细配置
登陆界面 login.jsp
login.jsp
登录页面----${message }
2.在tomcat容器启动时 会对web.xml的文件进行初始化,在web.xml我们会配个shiro过滤器来对请求进行过滤以及对权限认证文件的初始化
web.xml 的 shiro fliter如下
3.applicationContext-shiro.xml 文件如下
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
/login.do*=anon
/logout.do=anon
/loginn.do=anon
/login.jsp* = anon
/*.do* = authc
4. 接下来我们只需要配置我们在配置文件里写的MyShrio.java
package com.zisine.service;
import java.util.Set;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.zisine.entity.Role;
import com.zisine.entity.User;
import com.zisine.util.EncryptUtils;
@Service
@Transactional
public class MyShiro extends AuthorizingRealm{
@Autowired
private UserService userServiceImpl;
//该方法的调用时机是前面有需要授权资源的请求时,比如前台验证某角色是否有改权限
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
// TODO Auto-generated method stub
String loginName=(String) arg0.fromRealm(getName()).iterator().next();
User user=userServiceImpl.findByName(loginName);
System.out.println("aaayanan");
System.out.println("users"+user.getUsername());
if(user!=null)
{
///用来存放所有查出来的角色和权限信息
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
//用户的角色集合
info.setRoles(user.getRolesName());
System.out.println("useRoleNmae");
Set
for(Role role:roleList)
{
System.out.println("aa"+role.getRoleName());
info.addStringPermissions(role.getPermissionsName());
}
return info;
}
return null;
}
/*
*
* 登录认证
*///该方法的调用时机为controller层里面的login方法 shiro自动封装的登录方法就会跳到这个方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
//获取基于用户名和密码的令牌
//实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
//从数据库中查询用户用信息
User user = userServiceImpl.findByName(token.getUsername());
if (user != null) {
System.out.println("password"+user.getPassword());
//此处无需比对,比对的逻辑Shiro会做,我们只需返回一个和令牌相关的正确的验证信息
return new SimpleAuthenticationInfo(user.getUsername(), user
.getPassword(), getName());
} else {
//没有返回登录用户名对应的SimpleAuthenticationInfo对象时,就会在LoginController中抛出UnknownAccountException异常
return null;
}
}
5.接下来是controller层
@RequestMapping(value="/login",method=RequestMethod.POST)
public String login(User user,BindingResult bindingResult,RedirectAttributes redirectAttributes,ModelMap modelMap)
{
System.out.println("pass"+user.getPassword());
if(bindingResult.hasErrors())
return "login";
//使用权限工具进行用户登录 登录成功后跳到shiro配置成功的url里
//会自动绑定一个SecurityManager的线层 也就是在Myshiro文件里
try {
Subject currentUser = SecurityUtils.getSubject();
Session session=currentUser.getSession();
UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());
token.setRememberMe(true);
currentUser.login(token);
} catch (UnknownAccountException ex) {//用户名没有找到
System.out.println("用户名没有找到");
ExceptionUtil.printExceptionMsg( logger, ex );
ex.printStackTrace();
redirectAttributes.addFlashAttribute("message", "用户名没有找到");
return "redirect:/loginn.do";
} catch (IncorrectCredentialsException ex) {//用户名密码不匹配
System.out.println("用户名密码不匹配");
ex.printStackTrace();
redirectAttributes.addFlashAttribute("message", "用户名密码不匹配");
return "redirect:/loginn.do";
}catch (AuthenticationException e) {//其他的登录错误
System.out.println("其他的登录错误");
e.printStackTrace();
return "user.jsp";
}
System.out.println("123");
return "user.jsp";
}
6.前台验证权限
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
${message}
用户列表--添加用户---退出登录
权限列表
当前用户名 :
权限列表
7.然后关于权限的五张表
一个用户可以有多种角色 一个角色可以属于多个用户 多对多
一个角色可以有多个权限 一个权限同样可以属于多个角色 多对多
所以有五张表 用户表(user.java)角色表(role.java) 用户角色表
权限表(permission.java)角色权限表
user.java
package com.zisine.entity;
import java.util.HashSet;
import java.util.Set;
public class User {
//用户id
private Integer id;
//用户名称
private String username;
//用户密码
private String password;
private Set
public Set
return userRole;
}
public void setUserRole(Set
this.userRole = userRole;
}
//一个用户他拥有多个脚色
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Set
Set
for (Role role : getUserRole()) {
set.add(role.getRoleName());
}
return set;
}
}
user.hbm.xml
"-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
role.java
package com.zisine.entity;
import java.beans.Transient;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
public class Role {
//角色ID
private Integer id;
//角色名称
private String roleName;
private Set
private Set
public Set
return permissions;
}
public void setPermissions(Set
this.permissions = permissions;
}
public Set
return users;
}
public void setUsers(Set
this.users = users;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
@Transient
public List
List
for (Permission per : getPermissions()) {
list.add(per.getPermissionName());
}
return list;
}
}
role.hbm.xml
"-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
permission.java
package com.zisine.entity;
import java.util.Set;
public class Permission {
private Integer id;
private String permissionName;
private Set
public Set
return roles;
}
public void setRoles(Set
this.roles = roles;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getPermissionName() {
return permissionName;
}
public void setPermissionName(String permissionName) {
this.permissionName = permissionName;
}
}
permission.hbm.xml
"-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
另外:如果项目用的是maven
早pom.xml配置
如下
如果没用的话 就去网上下即可