SSM+Shiro搭建权限管理
一、shiro介绍
Shiro过滤器参数:
- anon:例子/admins/**=anon 没有参数,表示可以匿名使用。
- authc:例如/admins/user/**=authc表示需要认证(登录)才能使用,没有参数
- roles:例子/admins/user/**=roles[admin],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,例如admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。
- perms:例子/admins/user/**=perms[user:add:*],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,例如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于isPermitedAll()方法。
- rest:例子/admins/user/**=rest[user],根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等。
- port:例子/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString是你访问的url里的?后面的参数。
- authcBasic:例如/admins/user/**=authcBasic没有参数表示httpBasic认证
- ssl:例子/admins/user/**=ssl没有参数,表示安全的url请求,协议为https
- user:例如/admins/user/**=user没有参数表示必须存在用户,当登入操作时不做检查
shiro的JSP标签使用
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>- <shiro:authenticated> 登录之后
- <shiro:notAuthenticated> 不在登录状态时
- <shiro:guest> 用户在没有RememberMe时
- <shiro:user> 用户在RememberMe时
- <shiro:hasAnyRoles name="abc,123" > 在有abc或者123角色时
- <shiro:hasRole name="abc"> 拥有角色abc
- <shiro:lacksRole name="abc"> 没有角色abc
- <shiro:hasPermission name="abc"> 拥有权限abc
- <shiro:lacksPermission name="abc"> 没有权限abc
- <shiro:principal> 显示用户登录名
二、表设计
实现用户->角色->权限 需要五张表
用户表(t_user)
角色表(t_role)
权限表(t_permission)
用户角色关联表(t_role_user)
角色权限关联表(t_permission_role)
三、实体和映射文件的建立
我们需要三个实体和一个映射文件UserMapper.xml
用户实体(要包含一个角色集合)
角色实体(要包含一个权限集合)
权限实体
看代码:
User.java
package com.lei.entity;
import java.util.HashSet;
import java.util.Set;
public class User {
private String id;
private String username;
private String password;
//roleSet记得跟UserMapping里面表关联时字段名字相对应
private Set roleSet = new HashSet();
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Set getRoleSet() {
return roleSet;
}
public void setRoleSet(Set roleSet) {
this.roleSet = roleSet;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((password == null) ? 0 : password.hashCode());
result = prime * result + ((roleSet == null) ? 0 : roleSet.hashCode());
result = prime * result + ((username == null) ? 0 : username.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
User other = (User) obj;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
if (password == null) {
if (other.password != null)
return false;
} else if (!password.equals(other.password))
return false;
if (roleSet == null) {
if (other.roleSet != null)
return false;
} else if (!roleSet.equals(other.roleSet))
return false;
if (username == null) {
if (other.username != null)
return false;
} else if (!username.equals(other.username))
return false;
return true;
}
}
package com.lei.entity;
import java.util.HashSet;
import java.util.Set;
public class Role {
private String id;
private String name;
//permissionSet记得跟UserMapping里面表关联时字段名字相对应
private Set permissionSet = new HashSet<>();
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Set getPermissionSet() {
return permissionSet;
}
public void setPermissionSet(Set permissionSet) {
this.permissionSet = permissionSet;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((permissionSet == null) ? 0 : permissionSet.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
Role other = (Role) obj;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
if (name == null) {
if (other.name != null)
return false;
} else if (!name.equals(other.name))
return false;
if (permissionSet == null) {
if (other.permissionSet != null)
return false;
} else if (!permissionSet.equals(other.permissionSet))
return false;
return true;
}
}
package com.lei.entity;
public class Permission {
private String id;
private String name;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
Permission other = (Permission) obj;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
if (name == null) {
if (other.name != null)
return false;
} else if (!name.equals(other.name))
return false;
return true;
}
}
UserMapper.xml (重点)
SELECT
u.user_id,
u.username,
u.password,
r.role_id,
r.role_name,
p.permission_id,
p.permission_name
FROM
t_user as u,
t_role as r,
t_permission as p,
t_permission_role as pr,
t_role_user as ru
WHERE
u.user_id = ru.user_id
AND
r.role_id = ru.role_id
AND
p.permission_id = pr.permission_id
AND
r.role_id = pr.role_id
四、将SSM和Shiro整合
配置文件:
applicationContext.xml
/user/login.do=anon
/admin/*=roles["超级管理员"]
/student/*=roles["学生"]
/book/add=perms["book:create"]
spring-mvc.xml
mybatis-config.xml
web.xml
Shiro
index.jsp
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
targetFilterLifecycle
true
shiroFilter
/*
contextConfigLocation
classpath:applicationContext.xml
encodingFilter
org.springframework.web.filter.CharacterEncodingFilter
encoding
UTF-8
encodingFilter
/*
org.springframework.web.context.ContextLoaderListener
springMVC
org.springframework.web.servlet.DispatcherServlet
contextConfigLocation
classpath:spring-mvc.xml
1
springMVC
*.do
log4j.properties
log4j.rootLogger=DEBUG, Console
#Console
log4j.appender.Console=org.apache.log4j.ConsoleAppender
log4j.appender.Console.layout=org.apache.log4j.PatternLayout
log4j.appender.Console.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n
log4j.logger.java.sql.ResultSet=INFO
log4j.logger.org.apache=INFO
log4j.logger.java.sql.Connection=DEBUG
log4j.logger.java.sql.Statement=DEBUG
log4j.logger.java.sql.PreparedStatement=DEBUG pom.xml
4.0.0
shiro
shiro
0.0.1-SNAPSHOT
shiro Maven Webapp
war
3.4.5
5.0.0.RELEASE
4.10
1.3.1
5.1.44
1.1.3
1.4.0
org.mybatis
mybatis
${mybatis.version}
org.mybatis
mybatis-spring
${spring-mybatis.version}
org.springframework
spring-core
${spring.version}
org.springframework
spring-beans
${spring.version}
org.springframework
spring-tx
${spring.version}
org.springframework
spring-context
${spring.version}
org.springframework
spring-context-support
${spring.version}
org.springframework
spring-web
${spring.version}
org.springframework
spring-webmvc
${spring.version}
org.springframework
spring-aop
${spring.version}
org.springframework
spring-aspects
${spring.version}
org.springframework
spring-jdbc
${spring.version}
mysql
mysql-connector-java
${mysql-connector.version}
com.alibaba
druid
${druid.version}
org.apache.shiro
shiro-core
${shiro.version}
org.apache.shiro
shiro-web
${shiro.version}
org.apache.shiro
shiro-spring
${shiro.version}
org.slf4j
slf4j-log4j12
1.7.25
test
junit
junit
${junit.version}
commons-fileupload
commons-fileupload
1.3.3
log4j
log4j
1.2.17
com.alibaba
fastjson
1.2.38
javax.servlet
javax.servlet-api
4.0.0
provided
shiro
项目完整打包下载:http://download.csdn.net/download/junmoxi/10136548