spring-shiro 基本使用

maven配置

      
      
        org.apache.shiro  
        shiro-web  
        ${shiro-version}  
      
      
      
        org.apache.shiro  
        shiro-spring  
        ${shiro-version}  
      
      
      
        org.apache.shiro  
        shiro-ehcache  
        ${shiro-version}  
      
    ...
    
        1.2.4

spring配置

    
 
  

  

      
  

  
  
      
      
    
    
    
        
            
                
            
        
      
      
          
            /logout.do        = anon    
            /image/*.do        = authc    
            /blog/**.do        = authc,perms[blog] 
            /admin/*.do        = authc,roles[admin]

web.xml

  
    shiroFilter  
    org.springframework.web.filter.DelegatingFilterProxy  
      
        targetFilterLifecycle  
        true  
      
  
  
    shiroFilter  
    *.do  
    



    sitemesh
    org.sitemesh.config.ConfigurableSiteMeshFilter


    sitemesh
    *.do



    springmvc
    org.springframework.web.servlet.DispatcherServlet
    
        contextConfigLocation
        classpath:app-servlet.xml
        
    
    1



    springmvc
    *.do

PS : shiro filter，放在mvc的filter/servlet前面，如果有sitemesh，放在sitemesh前面

Realm类

/**
 * 登录和检查授权的时候调用当前类
 */
@Component("DefaultRealm")
public class DefaultRealm extends AuthorizingRealm {

  @Resource
  private AdminDao adminDao;

  public DefaultRealm() {
    setName("DefaultRealm");// This name must match the name in the User  
  }

  //获取授权信息, 用于验证权限
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    String username = (String) principalCollection.getPrimaryPrincipal();
    AdminUser admin = adminDao.getUniqueByProperty("username", username);
    Set roleSet = admin.getRoles();
    if (roleSet != null) {
      //获取角色权限
      Set roles = new HashSet<>();
      Set stringPermissions = new HashSet<>();
      for (Role role : roleSet) {
        roles.add(role.getRoleName());

        //封装到验证信息
        Set permissions = role.getPermissions();
        for (Permission permission : permissions) {
          stringPermissions.add(permission.getPermissionName());
        }
      }
      
      SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();  
      authorizationInfo.setRoles(roles);  
      authorizationInfo.setStringPermissions(stringPermissions);  
      return authorizationInfo;
    }
    return null;
  }

  //获取验证信息,用于登录验证用户名密码
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken principals)
      throws AuthenticationException {
    String username = (String) principals.getPrincipal();
    if (StringUtils.isNotEmpty(username)) {
      AdminUser admin = adminDao.getUniqueByProperty("username", username);
      SimpleAccount account = new SimpleAccount(username, admin.getPassword(), getName());
      return account;
    }
    return null;
  }

}

MVC登录验证

//在MVC的Controller中, 接收参数username和password, 装配成UsernamePasswordToken对象,
//然后用subject对象login方法进行登录.
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
Subject subject = SecurityUtils.getSubject();
subject.login(token);

User-Role-Permission实体类

@Entity
public class User {
    private String username; 
    private String password="";
    //省略getter setter
    
    private Set roles;
    
    @ManyToMany(targetEntity=Role.class)
    public Set getRoles() {
      return roles;
    }

    public void setRoles(Set roles) {
      this.roles = roles;
    }
}

@Entity
public class Role{
  private String roleName;    //省略getter setter
  private Set permissions = new HashSet<>();
  
  @ManyToMany
  public Set getPermissions() {
    return permissions;
  }

  public void setPermissions(Set permissions) {
    this.permissions = permissions;
  }
}  

@Entity
public class Permission {
    private String permissionName;//省略getter setter
}

spring-shiro 基本使用

maven配置

spring配置

web.xml

Realm类

MVC登录验证

User-Role-Permission实体类

你可能感兴趣的:(shiro,java)