SSM整合Shiro实现登陆认证完整demo（亲写）

前提：准备SSM项目，废话不多言，直接上代码。

一、添加依赖

    
    
      org.apache.shiro
      shiro-core
      1.3.2
    
    
      org.apache.shiro
      shiro-web
      1.3.2
    
    
      org.apache.shiro
      shiro-ehcache
      1.3.2
    
    
      org.apache.shiro
      shiro-quartz
      1.3.2
    
    
      org.apache.shiro
      shiro-spring
      1.3.2
    

二、配置web.xml

  
  
    shiroFilter
    org.springframework.web.filter.DelegatingFilterProxy
    
      targetFilterLifecycle
      true
    
    
    
      targetBeanName
      shiroFilter
    
  
  
    shiroFilter
    
    *.do
  

三、添加spring-shiro.xml

    
    

    
    
        
        
        
        
        
    

    
    
        
    

    
    
        
        
        
        
    

    
    
        
        
        
        
        
        
        
        
            
                
                /login.do=anon
                /dologin.do=anon
                /loginOut=logout
                
                /**=authc
            
        
    

    
    

    
    

    
        
    

 四、添加spring-shiro.xml

五、自定义的Realm

package com.xxf.shiro;

import com.xxf.model.AdminInfo;
import com.xxf.service.AdminResouceService;
import com.xxf.service.AdminService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

public class UserRealm  extends AuthorizingRealm {

    @Autowired
    private AdminService adminService;
    @Autowired
    private AdminResouceService adminResouceService;

    /**
     * 功能描述: 授权
     * @Param: [principalCollection]
     * @Return: org.apache.shiro.authz.AuthorizationInfo
     * @Author: Administrator
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String userName = principalCollection.getPrimaryPrincipal().toString();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        //用户
        AdminInfo info = this.adminService.findByName(userName);
        if(info!=null){
            //根据用户获取用户的角色
            Set sroles = new HashSet<>();
            sroles.add(String.valueOf(info.getRoleId()));
            //赋值角色给simpleAuthorizationInfo
            simpleAuthorizationInfo.setRoles(sroles);
        }
        //根据用户查询用户的权限
        Set spermit = this.adminResouceService.selpremission(Integer.parseInt(info.getRoleId()));
        //授权
        simpleAuthorizationInfo.setStringPermissions(spermit);
        return simpleAuthorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("身份校验--执行了goGetAuthenticationInfo...");
        //拿到用户名
        String username = (String) token.getPrincipal();
        //根据用户名数据库中找到admin
        AdminInfo user = adminService.findByName(username);
        if (user == null) {
            throw new UnknownAccountException(); //没有找到账号
        }
        //交给AuthenticationRealm使用CredentialsMatcher进行密码匹配
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                user, //这里要传user，否则后面想拿到登录的用户信息，拿不到而报错
                user.getPassword(), //密码
                getName() //realm name
        );

        return authenticationInfo;
    }
}

六、Controller代码（登录）

 /**
     * 功能描述: 执行登陆验证
     * @Param: [adminInfo]
     * @Return: java.lang.String
     * @Author: Administrator
     */
    @RequestMapping("/dologin")
    @ResponseBody
    public String login(@RequestBody AdminInfo adminInfo, HttpSession session){
        /*AdminInfo admin = this.adminService.checkPwdAndUserName(adminInfo);
        if(admin!=null){
            session.setAttribute("admin",admin);
            return "success";
        }
        return "error";*/

        String resuleMesage = "error";
        if (adminInfo != null ) {
            //初始化
            Subject subject = SecurityUtils.getSubject();
            UsernamePasswordToken token = new UsernamePasswordToken(adminInfo.getUserName(), adminInfo.getPassword());
            try {
                //登录，即身份校验，由通过Spring注入的UserRealm会自动校验输入的用户名和密码在数据库中是否有对应的值
                subject.login(token);
                resuleMesage = "success";
                return resuleMesage;
                //return "redirect:index.do";
            }catch (Exception e){
                e.printStackTrace();
                resuleMesage = "未知错误，错误信息：" + e.getMessage();
            }
        } else {
            resuleMesage = "请输入用户名和密码";
        }
        return resuleMesage;
    }