SSM整合Shiro,实现系统的认证管理和权限管理?
资料:
一、首先导入依赖:
4.3.13.RELEASE
3.4.5
4.0.0
5.1.46
1.4
2.9.2
1.4.0
junit
junit
4.12
test
org.springframework
spring-core
${spring-version}
org.springframework
spring-web
${spring-version}
org.springframework
spring-oxm
${spring-version}
org.springframework
spring-tx
${spring-version}
org.springframework
spring-jdbc
${spring-version}
org.springframework
spring-webmvc
${spring-version}
org.springframework
spring-aop
${spring-version}
org.springframework
spring-context-support
${spring-version}
org.springframework
spring-test
${spring-version}
org.mybatis
mybatis
${mybatis-version}
org.mybatis
mybatis-spring
1.3.1
javax.servlet
javax.servlet-api
${servlet-version}
mysql
mysql-connector-java
${mysql-version}
commons-dbcp
commons-dbcp
${dbcp-version}
log4j
log4j
1.2.12
org.slf4j
slf4j-api
1.5.6
org.slf4j
slf4j-log4j12
1.7.7
test
com.fasterxml.jackson.core
jackson-databind
${jackson-version}
com.fasterxml.jackson.core
jackson-core
${jackson-version}
com.fasterxml.jackson.core
jackson-annotations
${jackson-version}
org.apache.shiro
shiro-core
${shiro-version}
org.apache.shiro
shiro-web
${shiro-version}
org.apache.shiro
shiro-spring
${shiro-version}
commons-logging
commons-logging
1.2
org.slf4j
slf4j-log4j12
1.5.8
log4j
log4j
1.2.12
在build标签里加上(不加会找不到文件路径):
src/main/java
**/*.xml
二、编写java代码:
1、pojo包的实体类 User.java:
/**
* 测试类的实体类
*/
public class User implements Serializable {
/**
* 编号
*/
private String user_id;
/**
* 用户名
*/
private String user_name;
/**
* 密码
*/
private String user_pwd;
/**
* 类型
*/
private int user_type;
public User() {
}
public User(String user_id, String user_name, String user_pwd, int user_type) {
this.user_id = user_id;
this.user_name = user_name;
this.user_pwd = user_pwd;
this.user_type = user_type;
}
public String getUser_id() {
return user_id;
}
public void setUser_id(String user_id) {
this.user_id = user_id;
}
public String getUser_name() {
return user_name;
}
public void setUser_name(String user_name) {
this.user_name = user_name;
}
public String getUser_pwd() {
return user_pwd;
}
public void setUser_pwd(String user_pwd) {
this.user_pwd = user_pwd;
}
public int getUser_type() {
return user_type;
}
public void setUser_type(int user_type) {
this.user_type = user_type;
}
@Override
public String toString() {
return "User{" +
"user_id='" + user_id + '\'' +
", user_name='" + user_name + '\'' +
", user_pwd='" + user_pwd + '\'' +
", user_type=" + user_type +
'}';
}
}2、mapper包的接口 IUsersMapper.java:
/**
* 测试类mapper包的接口
*/
@Repository
public interface IUsersMapper {
/**
* 用户登录的方法
* @param user_name
* @return
*/
public String UserLogin(String user_name);
}3、mapper包的myBatis的配置文件 IUsersMapper.xml:
4、service包的接口 IUsersService.java:
/**
* 测试类service包的接口
*/
public interface IUsersService {
/**
* 用户登录的方法
* @param user_name
* @return
*/
public String UserLogin(String user_name);
}5、service.impl包的实现类 UsersServiceImpl.java:
/**
* 测试类service包的实现类
*/
@Service("IUsersService")
public class UsersServiceImpl implements IUsersService {
@Resource(name = "IUsersMapper")
private IUsersMapper ium;
@Override
public String UserLogin(String user_name) {
return ium.UserLogin(user_name);
}
}6、realm包的自定义realm的类 CustomRealm.java:
/**
* 自定义realm的类
*/
public class CustomRealm extends AuthorizingRealm {
@Resource(name = "IUsersService")
private IUsersService ius;
/**
* 用于权限管理
*
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//得到用户名
String user_name = (String) principalCollection.getPrimaryPrincipal();
//创建返回数据的授权对象
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//连接数据库,获取当前用户的角色
Set roleSet = new HashSet<>();
roleSet.add("admin");
//连接数据库,获取当前用户的权限(传递到页面,判断哪些内容显示)
Set permissionSet = new HashSet<>();
permissionSet.add("Useradd");
permissionSet.add("Userremove");
permissionSet.add("Useredit");
//授权角色
simpleAuthorizationInfo.addRoles(roleSet);
//授权权限
simpleAuthorizationInfo.addStringPermissions(permissionSet);
return simpleAuthorizationInfo;
}
/**
* 用于认证管理
*
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取传递过来的数据
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
//获取用户名和密码
String user_name = usernamePasswordToken.getUsername();
String user_pwd = ius.UserLogin(user_name);
//创建返回数据的认证对象:用户名,密码,当前用户名
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user_name, user_pwd, this.getName());
//认证对象
return simpleAuthenticationInfo;
}
} 7、controller包的数据交互类 UsersController.java:
@Controller//定义为是一个控制器类
@RequestMapping("user")//提供初步的请求映射信息,相对于 WEB 应用的根目录
public class UsersController {
@Resource(name = "IUsersService")
private IUsersService ius;
//注解式授权判断
//@RequiresRoles("admin") //只有角色为admin才能进入这个方法
//@RequiresPermissions("add") //只显示新增的方法
@RequestMapping(value = "userLogin")
public String userLogin(User user) {
//得到Subject对象
Subject subject = SecurityUtils.getSubject();
//实例化令牌
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(user.getUser_name(), user.getUser_pwd());
//验证
subject.login(usernamePasswordToken);
//认证是否通过
//System.out.println(subject.isAuthenticated());
return "index";
}
}三、配置信息:
1、spring-mvc.xml文件信息:
text/html;charset=UTF-8
text/json;charset=UTF-8
application/json;charset=UTF-8
2、spring-mybatis.xml文件信息:
3、shiro-realm.ini文件:
#自定义名=自定义类权限定名
myRealm=com.zking.realm.CustomRealm
#securityManager.realms=自定义名
securityManager.realms=$myRealm4、spring-shiro.xml文件:
/login.jsp*=anon
/index.jsp*=authc
/jsp/*=roles[admin]
5、在web.xml配置:
contextConfigLocation
classpath*:spring-mybatis.xml
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
characterEncodingFilter
org.springframework.web.filter.CharacterEncodingFilter
encoding
UTF-8
forceEncoding
true
characterEncodingFilter
/*
shiroFilter
/*
org.springframework.web.context.ContextLoaderListener
springmvc
org.springframework.web.servlet.DispatcherServlet
contextConfigLocation
classpath:spring-mvc.xml
springmvc
*.action
四、页面测试:
1、login.jsp:
2、index.jsp:
跳转到jsp文件夹下的index页面
跳转到权限判断页面
3、permission.jsp:
新增
删除
编辑
查询