spring中shiro的应用

应用目标

实现注册登录的权限管理，具体需求描述如下：

流程图

• salt的原理

salt（盐的原理）

• shiro自带记住我的功能

image.png

• 配置相关

        
            
                /static/** = anon //anon代表任何用户都可以访问
                /userfiles/** = anon
                ${adminPath}/tag/** = anon
                ${adminPath}/sys/area/** = anon
                ${adminPath}/factory/factory/getData = anon
                ${adminPath}/sys/user/infoCareStatus = anon
                ${adminPath}/sys/user/validateLoginName = anon
                ${adminPath}/sys/user/validateMobile = anon
                ${adminPath}/sys/user/validateMobileExist = anon
                ${adminPath}/sys/user/resetPassword = anon
                ${adminPath}/sys/register = anon
                ${adminPath}/sys/register/registerUser = anon
                ${adminPath}/sys/register/getRegisterCode = anon
                ${adminPath}/sys/register/validateMobileCode = anon
                ${adminPath}/soft/sysVersion/getAndroidVer = anon
                ${adminPath}/soft/sysVersion/getIosVer = anon
                ${adminPath}/cas = cas
                ${adminPath}/login = authc //表示认证,必须要经过重新认证
                ${adminPath}/logout = anon
                ${adminPath}/** = user  //user表示session里存在用户可以访问
                /act/rest/service/editor/** = perms[act:model:edit]
                /act/rest/service/model/** = perms[act:model:edit]
                /act/rest/service/** = user
                /ReportServer/** = user