SSH集成shiro实现登陆
Shiro执行流程:应用程序—>Subject—>SecurityManager—>Realm—>安全数据
导入maven坐标
<dependency>
<groupId>org.apache.shirogroupId>
<artifactId>shiro-allartifactId>
<version>${shiro.version}version>
dependency>web.xml配置shiroFilter(核心控制器)时,filtername的名字不能随便定义,必须要定义为shiroFilter,而且区分大小写
<filter>
<filter-name>shiroFilterfilter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
filter>
<filter-mapping>
<filter-name>shiroFilterfilter-name>
<url-pattern>/*url-pattern>
filter-mapping>
在application-shiro.xml主配置文件中,配置shiroFilter时,bean的id的名字要与web.xml中配置的核心 过滤器的filtername名称一样。
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
配置安全管理器和Shiro生命周期处理器LifecycleBeanPostProcessor
/login.html后面加上*是因为会有如下情况:
http://localhost:6001/ikayakibos_management/login.html;jsessionid=68A360BFE7413C7CEAE81E5069F1EE81
/**=authc放在最后
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login.html" />
<property name="successUrl" value="/index.html" />
<property name="unauthorizedUrl" value="/unauthorized.html" />
<property name="filterChainDefinitions">
<value>
/login.html* = anon
/css/** = anon
/js/** = anon
/upload/** = anon
/images/** = anon
/validatecode.jsp* = anon
/services/** = anon
/user_login.action* = anon
/pages/base/courier.html* = perms[courier:list]
/** = authc
value>
property>
bean>Action代码
package com.ikayaki.bos.web.action.system;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.struts2.convention.annotation.Action;
import org.apache.struts2.convention.annotation.Namespace;
import org.apache.struts2.convention.annotation.ParentPackage;
import org.apache.struts2.convention.annotation.Result;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;
import com.ikayaki.bos.domain.system.User;
import com.ikayaki.bos.web.action.common.BaseAction;
@ParentPackage("json-default")
@Namespace("/")
@Controller
@Scope("prototype")
public class UserAction extends BaseAction {
private static final long serialVersionUID = 1L;
@Action(value = "user_login", results = { @Result(name = "success", location = "login.html", type = "redirect"),
@Result(name = "input", location = "index.html", type = "redirect") })
public String login() {
//基于shiro登陆
Subject subject = SecurityUtils.getSubject();
//用户名和密码信息保存于token
AuthenticationToken token = new UsernamePasswordToken(model.getUsername(),model.getPassword());
try {
subject.login(token);
return SUCCESS;
} catch (AuthenticationException e) {
//登陆失败
e.printStackTrace();
return INPUT;
}
}
}
自定义Realm对象,实现认证方法(实际开发中,只需要继承AuthorizingRealm)
package com.ikayaki.bos.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.ikayaki.bos.domain.system.User;
import com.ikayaki.bos.service.system.UserService;
//自定义realm
@Service("bosRealm")
public class BosRealm extends AuthorizingRealm{
@Autowired
private UserService userService;
@Override
//授权
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
return null;
}
@Override
//认证
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//转换token
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
//根据用户名查询用户信息
User user = userService.findByUsername(usernamePasswordToken.getUsername());
if(user ==null){
//用户名不存在,返回null
//参数一:期望登陆后,保存在subject中的信息
//参数二:密码,如果返回为null,说明用户不存在
//参数三:realm名称
return null;
}else{
//用户名存在,返回密码SimpleAuthenticationInfo(user,user.getPassword(),getName())
//返回用户密码时,securityManager自动比较返回密码用户名是否一致,不一致则报错
return new SimpleAuthenticationInfo(user,user.getPassword(),getName());
}
}
}
将自定义Realm注入安全管理器SecurityManager当中
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="bosRealm" />
bean>service代码
package com.ikayaki.bos.service.system.impl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.ikayaki.bos.dao.system.UserRepository;
import com.ikayaki.bos.domain.system.User;
import com.ikayaki.bos.service.system.UserService;
@Service
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserRepository userRepository;
@Override
public User findByUsername(String username) {
return userRepository.findByUsername();
}
}
dao代码
package com.ikayaki.bos.dao.system;
import org.springframework.data.jpa.repository.JpaRepository;
import com.ikayaki.bos.domain.system.User;
public interface UserRepository extends JpaRepository {
User findByUsername();
}
在shiroFilter配置中将user_login.action放行
/user_login.action* = anon