shiro知识点 含多realms认证以及授权实例(SpringMVC + Spring + shiro)
1.获取subject(用户信息)
Subject subject = SecurituUtils.getSubject();
2.获取Session(会话管理)
Session session = subject.getSession();
3.测试当前用户是否已经被认证,即是否登陆
subject.isAuthenticated();
4.校验登陆
UsernamePasswordToken token = new UsernamePasswordToke(“账号”,”密码”);
subject.login()
5.检测是否有该角色
subject.hasRole(“角色名字”);
6.检测角色是否有该权限
subject.isPermitted(“类型:权限”);
实例:subject.isPermitted(“user:save”);
7.检测角色是否有具体权限
subject.isPermitted(“类型:权限:对象”);
实例subject.isPermitted(“user:delete:zhangsan”);
8.登出
subject.logout();
9.Shiro 路径拦截采取第一次匹配优先的方式,即从头开始使用第一个匹配的url模式对应的拦截器链。
/** = authc
/list = anon
则list页面是无法访问的。
10.Shiro 认证过程
11.Shiro 采取MD5加密添加盐值避免密码重复
可以通过账号获取盐值
Object credentials = password;
Object principal = username;
String realName = getName();
ByteSource salt = ByteSource.Util.bytes(username);
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal, credentials, salt, realName);12.HttpSession 保存的键值对可以通过shiro中的Session获取
13.多realms认证以及授权(SpringMVC + Spring + Shiro )
pom.xml
4.0.0
NEWssm
NEWssm
1.0-SNAPSHOT
war
NEWssm Maven Webapp
http://www.example.com
UTF-8
1.7
1.7
4.0.2.RELEASE
3.2.6
1.7.7
1.2.17
6.0.1
junit
junit
4.11
test
com.fasterxml.jackson.core
jackson-annotations
2.3.0
com.fasterxml.jackson.core
jackson-core
2.3.1
com.fasterxml.jackson.core
jackson-databind
2.3.3
javax.websocket
javax.websocket-api
1.1
provided
org.springframework
spring-websocket
4.0.5.RELEASE
org.springframework
spring-messaging
4.0.5.RELEASE
org.springframework
spring-core
${spring.version}
org.springframework
spring-web
${spring.version}
org.springframework
spring-oxm
${spring.version}
org.springframework
spring-tx
${spring.version}
org.springframework
spring-jdbc
${spring.version}
org.springframework
spring-webmvc
${spring.version}
org.springframework
spring-aop
${spring.version}
org.springframework
spring-context-support
${spring.version}
org.springframework
spring-test
${spring.version}
org.mybatis
mybatis
${mybatis.version}
org.mybatis
mybatis-spring
1.2.2
javax
javaee-api
7.0
provided
mysql
mysql-connector-java
5.1.30
commons-dbcp
commons-dbcp
1.2.2
jstl
jstl
1.2
log4j
log4j
${log4j.version}
com.alibaba
fastjson
1.1.41
org.slf4j
slf4j-api
${slf4j.version}
org.slf4j
slf4j-log4j12
${slf4j.version}
org.codehaus.jackson
jackson-mapper-asl
1.9.13
commons-fileupload
commons-fileupload
1.3.1
commons-io
commons-io
2.4
commons-codec
commons-codec
1.9
org.apache.lucene
lucene-core
${lucene.version}
org.apache.lucene
lucene-queryparser
${lucene.version}
org.apache.lucene
lucene-analyzers-common
${lucene.version}
org.apache.lucene
lucene-analyzers-smartcn
${lucene.version}
org.apache.lucene
lucene-highlighter
${lucene.version}
junit
junit
3.8.1
test
aopalliance
aopalliance
1.0
aspectj
aspectjrt
1.5.4
org.aspectj
aspectjweaver
1.9.1
org.apache.shiro
shiro-core
1.2.5
org.apache.shiro
shiro-web
1.2.5
org.apache.shiro
shiro-spring
1.2.4
org.apache.shiro
shiro-ehcache
1.2.4
com.mchange
c3p0
0.9.5.2
NEWssm
maven-clean-plugin
3.0.0
maven-resources-plugin
3.0.2
maven-compiler-plugin
3.7.0
maven-surefire-plugin
2.20.1
maven-war-plugin
3.2.0
maven-install-plugin
2.5.2
maven-deploy-plugin
2.8.2
1)applicationContext-shiro.xml配置文件
/index.jsp = anon
/user/login =anon
/logout = logout
/user.jsp = roles[user]
/admin.jsp = roles[admin]
/** = authc
2)applicationContext.xml
3)applicationContext-serlvet.xml
(需要注意的是
这两个配置文件需要加在SpringMvc配置文件当中,不然shiro在Controller的注解无法生效)
4)userRealm
package com.bzj.shiro;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.HashSet;
import java.util.Set;
public class userRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = token.getUsername();
System.out.println("===============a");
if("unknown".equals(username)){
throw new UnknownAccountException("用户不才能在");
}
Object principal = username;
Object credentials = null;
if ("user".equals(username)){
credentials = "098d2c478e9c11555ce2823231e02ec1";
}else if ("admin".equals(username)){
credentials = "038bdaf98f2037b31f1e75b5b4c9b26e";
}
String realName = getName();
ByteSource salt = ByteSource.Util.bytes(username);
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal, credentials, salt, realName);
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("==============b");
Object principal = principalCollection.getPrimaryPrincipal();
Set roles = new HashSet();
Set power = new HashSet();
roles.add("user");
power.add("user:look");
if ("admin".equals(principal)){
roles.add("admin");
power.add("admin:look");
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roles);
info.addStringPermissions(power);
return info;
}
public static void main(String[]args){
String hashAlgorithmName = "MD5";
String credentials = "123456";
int hashIterations = 1024;
ByteSource credentialsSalt = ByteSource.Util.bytes("admin");
Object obj = new SimpleHash(hashAlgorithmName, credentials, credentialsSalt, hashIterations);
System.out.println(obj);
}
}
5)LoginController
package com.bzj.controller;
import com.bzj.Service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
@RequestMapping("/user")
public class LoginController {
@Autowired
UserService userService;
@RequestMapping("login")
public String login(@RequestParam String username,@RequestParam String password){
Subject subject = SecurityUtils.getSubject();
if(!subject.isAuthenticated()){
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
token.setRememberMe(true);
try {
subject.login(token);
}catch (AuthenticationException e){
System.out.println("=====");
}
System.out.println(subject.hasRole("user"));
System.out.println(subject.hasRole("admin"));
}
return "success";
}
@RequiresRoles(value={"user"},logical = Logical.OR)
@RequiresPermissions(value = {"user:look"},logical = Logical.OR)
@RequestMapping("/testShiro")
public String TestShiro(){
userService.TestShiro();
return "success";
}
@RequiresRoles(value={"admin"},logical = Logical.OR)
@RequiresPermissions(value = {"admin:look"},logical = Logical.OR)
@RequestMapping("/testShiroPermission")
public String TestShiroPermission(){
System.out.println("Permission!!=============");
return "success";
}
@RequiresRoles(value={"admin"},logical = Logical.OR)
@RequiresPermissions(value = {"admin:edit"},logical = Logical.OR)
@RequestMapping("/TestShiroPermissionEdit")
public String TestShiroPermissionEdit(){
System.out.println("TestShiroPermissionEdit!!=============");
return "success";
}
}
6)Jsp页面:
success.jsp
<%--
Created by IntelliJ IDEA.
User: beibei
Date: 2018/11/2
Time: 16:43
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
Title
success!
user
admin
logout
testShiro
testShiroPermission
TestShiroPermissionEdit
user.jsp
<%--
Created by IntelliJ IDEA.
User: beibei
Date: 2018/11/3
Time: 10:58
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
Title
拥有user角色
user
admin.jsp
<%--
Created by IntelliJ IDEA.
User: beibei
Date: 2018/11/3
Time: 10:58
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
Title
拥有admin
unauthorizedUrl.jsp
<%--
Created by IntelliJ IDEA.
User: beibei
Date: 2018/11/2
Time: 16:43
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
Title
unauthorizedUrl