ssm+maven 使用shiro框架实现权限管理

1、添加依赖

    
        org.springframework
        spring-context
        4.2.6.RELEASE
    
    
        org.springframework
        spring-webmvc
        4.2.6.RELEASE
    
    
        org.apache.shiro
        shiro-core
        1.4.0
    
    
        org.apache.shiro
        shiro-spring
        1.4.0
    
    
        org.apache.shiro
        shiro-web
        1.4.0
    

    
        mysql
        mysql-connector-java
        5.1.40
    
    
        com.alibaba
        druid
        1.1.12
    
    
        org.springframework
        spring-jdbc
        4.2.6.RELEASE
    
    
        org.aspectj
        aspectjweaver
        1.8.13
    

2、xml文件配置

spring.xml





    
    
    
    
        
            /login.html = anon
            /subLogin = anon
            /testRole = roles["admin"]
            /testRole1 = roles["admin","admin1"]
            /testPerms = perms["user:delete"]
            /testPerms1 = perms["user:delete","user:update"]
            /* = authc
        
    




    



    


    
    

sping-dao.xml



    
    
    



    

sping-mvc.xml












    

3、自定义releam

public class CustomRealm extends AuthorizingRealm {

@Resource
private UserDao userDao;

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    //1.从主体传过来的认证信息中,获取用户名
    String userName = (String) principalCollection.getPrimaryPrincipal();
    //2.从数据库和缓存中获取角色数据
    Set roles = getRolesByUserName(userName);
    
    Set permissions = getPermissionsByUserName(userName);
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    simpleAuthorizationInfo.setStringPermissions(permissions);
    simpleAuthorizationInfo.setRoles(roles);
    return simpleAuthorizationInfo;
}

private Set getPermissionsByUserName(String userName) {
    Set sets = new HashSet<>();
    sets.add("user:delete");
    sets.add("user:add");
    return sets;
}

private Set getRolesByUserName(String userName) {
    List list = userDao.queryRolesByUserName(userName);
    Set sets = new HashSet<>(list);
    return sets;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    //1.从主体传过来的认证信息中,获取用户名
    String userName = (String) authenticationToken.getPrincipal();
    //2.通过用户名到数据库中获取凭证
    String password = getPasswordByUserName(userName);
    if(password==null){
        return null;
    }
    SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(userName,password,"customRealm");
    authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(userName));
    return authenticationInfo;
}

/**
 * 模拟数据库查询凭证
 * @param userName
 * @return
 */
private String getPasswordByUserName(String userName) {
    User user = userDao.getUserByUserName(userName);
    if(user!=null){
        return user.getPassword();
    }
    return null;
}
}

4、pojo类

在这里插入图片描述
并添加对应的get、set方法

5、dao层

public interface UserDao {

    User getUserByUserName(String userName);

    List queryRolesByUserName(String userName);
}

对应接口实现类

@Component
public class UserDaoImpl implements UserDao {

    @Resource
    private JdbcTemplate jdbcTemplate;

    @Override
    public User getUserByUserName(String userName) {
        String sql = "select username,password from users where username = ?";
        List list = jdbcTemplate.query(sql, new String[]{userName}, new RowMapper() {
            @Override
            public User mapRow(ResultSet resultSet, int i) throws SQLException {
                User user = new User();
                user.setUsername(resultSet.getString("username"));
                user.setPassword(resultSet.getString("password"));
                return user;
            }
        });
        if(CollectionUtils.isEmpty(list)){
            return null;
        }
        return list.get(0);
    }

    @Override
    public List queryRolesByUserName(String userName) {
        String sql = "select role_name from user_roles where username = ?";
        return jdbcTemplate.query(sql, new String[]{userName}, new RowMapper() {
            @Override
            public String mapRow(ResultSet resultSet, int i) throws SQLException {
                return resultSet.getString("role_name");
            }
        });
    }
}

6、controller层

@Controller
public class UserController {
    @RequestMapping(value = "/subLogin",method = RequestMethod.POST,
    produces = "application/json;charset=utf-8")
    @ResponseBody
    public String subLogin(User user){
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),
                user.getPassword());
        try {
            subject.login(token);
        } catch (AuthenticationException e) {
            return e.getMessage();
        }
        if(subject.hasRole("admin")){
            return "有admin权限";
        }
        return "无admin权限";
    }
}

7、数据库设计

User表
在这里插入图片描述
User_roles表
在这里插入图片描述

8、显示效果

ssm+maven 使用shiro框架实现权限管理_第1张图片
ssm+maven 使用shiro框架实现权限管理_第2张图片
账号密码输入正确

ssm+maven 使用shiro框架实现权限管理_第3张图片
ssm+maven 使用shiro框架实现权限管理_第4张图片
账号密码输入错误,显示认证失败的错误。

你可能感兴趣的:(ssm+maven 使用shiro框架实现权限管理)