shiro-springmvc-mybatis登录认证 权限控制

最近闲的没事研究了一下shiro,整合springmvc-mybatis-maven做了一个简单的登录认证权限控制:

1:shiro jar

			org.apache.shiro
			shiro-core
			1.2.3
		
		
			org.apache.shiro
			shiro-spring
			1.2.3
		
		
			org.apache.shiro
			shiro-cas
			1.2.3
			
				
					commons-logging
					commons-logging
				
			
		
		
			org.apache.shiro
			shiro-web
			1.2.3
		
		
			org.apache.shiro
			shiro-ehcache
			1.2.3
		
		
			org.apache.shiro
			shiro-quartz
			1.2.3
		
	

2:shiro 配置文件:

	Shiro Configuration

	
	
		
		
	

	
	
		
	

	
	
		
		
		
		
		
		
			
				
				
				/login/logincs.do = anon
				/login/submitcs.do = anon
				
				/** = authc
			
		
	
	
	
	

	
	

	
	
		
	
	
		
	

3:web.xml 对应配置

contextConfigLocation

classpath:conf/shiro.xml

  
        shiroFilter  
        org.springframework.web.filter.DelegatingFilterProxy  
          
            targetFilterLifecycle  
            true  
          
      
      
        shiroFilter  
        /*  
      

4:springmvc.xml

	
	
		
	
	
	
	

	
	
	
	
	
	
	
	
		
		
	
	
	
		
			
				
				classpath:/messages
			
		
		
		
		
	


	
	
		
			
				text/html;charset=UTF-8
			
		
	

	
	
		
		
		
	

	
	
		
	

	
	
		
			
				405
				405
			
		
	 

  

5:spring.xml

6:上面说的是配置文件下面贴一下 java代码:

当前贴出来的类对应 上面2 配置文件

pojo类就不贴了 我这里没连数据  只是模拟的用户登录 和手动添加的权限

/**
 * 
 */
package com.cat.shiro;

import java.util.ArrayList;
import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.cat.spring.entity.Role;
import com.cat.spring.entity.User;

/**
 */
public class ShiroRealm extends AuthorizingRealm {
	/*
	 * 授权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
		// 根据用户配置用户与权限
		if (principals == null) {
			throw new AuthorizationException(
					"PrincipalCollection method argument cannot be null.");
		}
		String name = (String) getAvailablePrincipal(principals);
		List roles = new ArrayList();
		// 简单默认一个用户与角色，实际项目应User user = userService.getByAccount(name);
		// 根据用户名查询出用户 判断用户信息的有效性 然获取用户的角色权限 授权
		User user = new User("shiro", "123456");
		if (user.getName().equals(name)) {
			// 模拟三个角色
			for (int x = 0; x < 3; x++) {
				roles.add("user" + x);
			}
		} else {
			throw new AuthorizationException();
		}
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		// 增加角色
		// 取出所有角色授权
		info.addRoles(roles);
		// 取出所有权限授权
		// info.addStringPermissions(permissions);
		// 模拟拥有的权限
		info.addStringPermission("cp:updatecs,updatecs1");
		return info;
	}

	/*
	 * 认证登录
	 */
	@SuppressWarnings("unused")
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		// 简单默认一个用户,实际项目应User user =
		// userService.getByAccount(token.getUsername());
		User user = new User("shiro", "123456");
		if (user == null) {
			throw new AuthorizationException();
		}
		SimpleAuthenticationInfo info = null;
		if (user.getName().equals(token.getUsername())) {
			info = new SimpleAuthenticationInfo(user.getName(),
					user.getPassword(), getName());
		}
		return info;
	}
}

7:logincontroller

package com.hnust.controller;
@Controller
@RequestMapping(value = "/login")
public class LoginController {


	/*****************测试shiro************************************/
	
	@RequestMapping(value = "/logincs", method = RequestMethod.GET)
	public String logincs() {
		return "/pages/login";
	}

	@RequestMapping(value = "/submitcs", method = RequestMethod.POST)
	public String submitcs(String username, String password) {
		User user = new User("shiro", "123456");
		try {
			// 如果登陆成功
			if (user.getName().equals(username)
					&& user.getPassword().equals(password)) {
				UsernamePasswordToken token = new UsernamePasswordToken(
						user.getName(), user.getPassword().toString());
				Subject subject = SecurityUtils.getSubject();
				subject.login(token);
				return "/pages/member/index";
			} else {
				return "/pages/login";
			}
		} catch (Exception e) {
			e.printStackTrace();
			return "/pages/login";
		}

	}
	

}

8:测试权限类 对应上面6 类里面设置的权限访问URL

package com.hnust.controller;

@Controller
@RequestMapping(value = "/cp")
public class CompanyController extends BaseController{

	
	/**
	 * updatecs
	 */
	@RequiresPermissions("cp:updatecs")
	@RequestMapping(value="/updatecs",method=RequestMethod.GET)
	public String updatecs(){
		System.err.println("成功1");
		return "index";
	}
	/**
	 * updatecs
	 */
	@RequiresPermissions("cp:updatecs1")
	@RequestMapping(value="/updatecs1",method=RequestMethod.GET)
	public String updatecs1(){
		System.err.println("成功2");
		return "index";
	}
	
	/**
	 * updatecs   这个我没用给当前用户添加权限  是会提示无权限的
	 */
	@RequiresPermissions("cp:updatecs2")
	@RequestMapping(value="/updatecs2",method=RequestMethod.GET)
	public String updatecs2(){
//		System.err.println("失败");
		return "index";
	}

}

9：下面贴出 效果图

登录不做权限验证:

登录成功:

下面开始进行权限认证:

这是我当前角色有的权限 所以去到了我指定的页面

下面进行 没有权限的URL访问:

好了这就完事了: 新手发帖大神勿喷