Shiro-Spring-Web
一、web.xml
contextConfigLocation
classpath:applicationContext.xml
org.springframework.web.context.ContextLoaderListener
spring
org.springframework.web.servlet.DispatcherServlet
1
spring
/
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
targetFilterLifecycle
true
shiroFilter
/*
二、application.xml配置解析
/rcCaptcha* = anon
/system/unauthorized.jsp = anon
/common/** = anon
/dwz/** =anon
/favicon.ico=anon
/login = rcCaptchaValidate,authc
/user.jsp = roles[user]
/admin.jsp = roles[admin]
/logout = logout
/** = authc
过滤器细节
[urls] 部分的配置,其格式是: “
url=拦截器[参数]
,拦截器[参数]”;
anon(anonymous) 拦截器表示匿名访问(即不需要登录即可访问)
authc (authentication)拦截器表示需要身份认证通过后 才能访问
三、自定义realm
/**
* 自定义realm .
*/
public class OperatorRealm extends AuthorizingRealm {
@Autowired
private PmsOperatorService pmsOperatorService;
@Autowired
private PmsOperatorRoleService pmsOperatorRoleService;
@Autowired
private PmsRolePermissionService pmsRolePermissionService;
@Override// 认证核心方法 AuthenticationToken 是subject.login(token) 方法传过来的
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String loginName = (String) token.getPrincipal();
if (StringUtils.isEmpty(loginName.trim())) {
throw new UnknownAccountException();// 没找到帐号
}
// 根据登录名查询操作员
PmsOperator operator = pmsOperatorService.findOperatorByLoginName(loginName);
if (operator == null) {
throw new UnknownAccountException();// 没找到帐号
}
if (PublicStatusEnum.UNACTIVE.name().equals(operator.getStatus())) {
throw new LockedAccountException(); // 帐号锁定
}
//密码比对
//交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以自定义实现(如application.xml中定义的 MD5加密次数等)
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
operator.getLoginName(), // 登录名
operator.getLoginPwd(), // 密码
ByteSource.Util.bytes(operator.getCredentialsSalt()), //盐值
getName() // realm name
);
return authenticationInfo;
}
@SuppressWarnings("unchecked")
@Override//授权核心方法
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String loginName = (String) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
PmsOperator operator = (PmsOperator) session.getAttribute("PmsOperator");
if (operator == null) {
operator = pmsOperatorService.findOperatorByLoginName(loginName);
session.setAttribute("PmsOperator", operator);
}
// 根据登录名查询角色
Long operatorId = operator.getId();
Set roles = (Set) session.getAttribute("ROLES");
if (roles == null || roles.isEmpty()) {
roles = pmsOperatorRoleService.getRoleCodeByOperatorId(operatorId);
session.setAttribute("ROLES", roles);
}
// 查询角色信息
authorizationInfo.setRoles(roles);
Set permisstions = (Set) session.getAttribute("PERMISSIONS");
if (permisstions == null || permisstions.isEmpty()) {
permisstions = pmsRolePermissionService.getPermissionsByOperatorId(operatorId);
session.setAttribute("PERMISSIONS", permisstions);
}
// 根据商户名查询权限
authorizationInfo.setStringPermissions(permisstions);
return authorizationInfo;
}
}
四、注册时加密方法工具类 PasswordHelper
/**
* 生成密码工具类
*/
public class PasswordHelper {
private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
private static String algorithmName = "md5";
private static String hashIteration = "2";
private static int hashIterations = Integer.valueOf(hashIteration);
public static void encryptPassword(PmsOperator pmsOperator) {
pmsOperator.setsalt(randomNumberGenerator.nextBytes().toHex());
String newPassword = new SimpleHash(algorithmName, pmsOperator.getLoginPwd(), ByteSource.Util.bytes(pmsOperator.getCredentialsSalt()), hashIterations).toHex();
pmsOperator.setLoginPwd(newPassword);
}
/**
* 加密密码
*
* @param loginPwd 明文密码
* @param salt
* @return
*/
public static String getPwd(String loginPwd, String salt) {
String newPassword = new SimpleHash(algorithmName, loginPwd, ByteSource.Util.bytes(salt), hashIterations).toHex();
return newPassword;
}
public static void main(String[] args) {
System.out.println(getPwd("********", "salt"));
}
}五、数据库
1、pms_operator 用户表
2、pms_role_operator 用户角色关联表
3、pms_role 角色表
4、pms_role_permission 角色权限关联表
5、pms_permission 权限表
1、pms_operator 用户表
CREATE TABLE `pms_operator` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
`version` bigint(20) NOT NULL,
`creater` varchar(50) NOT NULL COMMENT '创建人',
`create_time` datetime NOT NULL COMMENT '创建时间',
`editor` varchar(50) DEFAULT NULL COMMENT '修改人',
`edit_time` datetime DEFAULT NULL COMMENT '修改时间',
`status` varchar(20) NOT NULL,
`remark` varchar(300) DEFAULT NULL,
`real_name` varchar(50) NOT NULL,
`mobile_no` varchar(50) NOT NULL,
`login_name` varchar(50) NOT NULL,
`login_pwd` varchar(256) NOT NULL,
`type` varchar(20) NOT NULL,
`salt` varchar(50) NOT NULL,
PRIMARY KEY (`id`),
KEY `ak_key_2` (`login_name`)
) ENGINE=InnoDB AUTO_INCREMENT=1000 DEFAULT CHARSET=utf8 COMMENT='操作员表';
2、pms_role 角色表
CREATE TABLE `pms_role` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
`version` bigint(20) DEFAULT NULL,
`creater` varchar(50) DEFAULT NULL COMMENT '创建人',
`create_time` datetime DEFAULT NULL COMMENT '创建时间',
`editor` varchar(50) DEFAULT NULL COMMENT '修改人',
`edit_time` datetime DEFAULT NULL COMMENT '修改时间',
`status` varchar(20) DEFAULT NULL,
`remark` varchar(300) DEFAULT NULL,
`role_code` varchar(20) NOT NULL COMMENT '角色类型(1:超级管理员角色,0:普通操作员角色)',
`role_name` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
KEY `ak_key_2` (`role_name`)
) ENGINE=InnoDB AUTO_INCREMENT=1000 DEFAULT CHARSET=utf8 COMMENT='角色表';
3、pms_role_operator 用户角色关联表
CREATE TABLE `pms_role_operator` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
`version` bigint(20) NOT NULL,
`creater` varchar(50) NOT NULL COMMENT '创建人',
`create_time` datetime NOT NULL COMMENT '创建时间',
`editor` varchar(50) DEFAULT NULL COMMENT '修改人',
`edit_time` datetime DEFAULT NULL COMMENT '修改时间',
`status` varchar(20) NOT NULL,
`remark` varchar(300) DEFAULT NULL,
`role_id` bigint(20) NOT NULL,
`operator_id` bigint(20) NOT NULL,
PRIMARY KEY (`id`),
KEY `ak_key_2` (`role_id`,`operator_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1000 DEFAULT CHARSET=utf8 COMMENT='操作员与角色关联表';
4、pms_permission 权限表
CREATE TABLE `pms_permission` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
`version` bigint(20) NOT NULL,
`creater` varchar(50) NOT NULL COMMENT '创建人',
`create_time` datetime NOT NULL COMMENT '创建时间',
`editor` varchar(50) DEFAULT NULL COMMENT '修改人',
`edit_time` datetime DEFAULT NULL COMMENT '修改时间',
`status` varchar(20) NOT NULL,
`remark` varchar(300) DEFAULT NULL,
`permission_name` varchar(100) NOT NULL,
`permission` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
KEY `ak_key_2` (`permission`),
KEY `ak_key_3` (`permission_name`)
) ENGINE=InnoDB AUTO_INCREMENT=1000 DEFAULT CHARSET=utf8 COMMENT='权限表';
5、pms_role_permission 角色权限关联表
CREATE TABLE `pms_role_permission` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
`version` bigint(20) DEFAULT NULL,
`creater` varchar(50) DEFAULT NULL COMMENT '创建人',
`create_time` datetime DEFAULT NULL COMMENT '创建时间',
`editor` varchar(50) DEFAULT NULL COMMENT '修改人',
`edit_time` datetime DEFAULT NULL COMMENT '修改时间',
`status` varchar(20) DEFAULT NULL,
`remark` varchar(300) DEFAULT NULL,
`role_id` bigint(20) NOT NULL,
`permission_id` bigint(20) NOT NULL,
PRIMARY KEY (`id`),
KEY `ak_key_2` (`role_id`,`permission_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1145 DEFAULT CHARSET=utf8 COMMENT='权限与角色关联表';
6、pms_menu 菜单表 用于显示系统左侧的菜单栏
CREATE TABLE `pms_menu` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`version` bigint(20) NOT NULL,
`creater` varchar(50) NOT NULL COMMENT '创建人',
`create_time` datetime NOT NULL COMMENT '创建时间',
`editor` varchar(50) DEFAULT NULL COMMENT '修改人',
`edit_time` datetime DEFAULT NULL COMMENT '修改时间',
`status` varchar(20) NOT NULL,
`remark` varchar(300) DEFAULT NULL,
`is_leaf` varchar(20) DEFAULT NULL,
`level` smallint(6) DEFAULT NULL,
`parent_id` bigint(20) NOT NULL,
`target_name` varchar(100) DEFAULT NULL,
`number` varchar(20) DEFAULT NULL,
`name` varchar(100) DEFAULT NULL,
`url` varchar(100) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1000 DEFAULT CHARSET=utf8 COMMENT='菜单表';
7、pms_menu_role 菜单角色关联表
CREATE TABLE `pms_menu_role` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
`version` bigint(20) DEFAULT NULL,
`creater` varchar(50) DEFAULT NULL COMMENT '创建人',
`create_time` datetime DEFAULT NULL COMMENT '创建时间',
`editor` varchar(50) DEFAULT NULL COMMENT '修改人',
`edit_time` datetime DEFAULT NULL COMMENT '修改时间',
`status` varchar(20) DEFAULT NULL,
`remark` varchar(300) DEFAULT NULL,
`role_id` bigint(20) NOT NULL,
`menu_id` bigint(20) NOT NULL,
PRIMARY KEY (`id`),
KEY `ak_key_2` (`role_id`,`menu_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1126 DEFAULT CHARSET=utf8 COMMENT='权限与角色关联表';