shiro框架实例

1.基于maven下的框架,首先是对web.xml下进行配置

   1.1配置servlet

   1.2配置中文编码过滤器

   1.3配置shiro过滤器

   1.4在这里需要配置一个spring容器监听器

   1.5适当情况下我们也可以配置一些错误页面跳转信息


  
  	contextConfigLocation
  	classpath:conf/spring-*.xml
  
  
  	org.springframework.web.context.ContextLoaderListener
  
  
  
  
  	SpringMvc
  	org.springframework.web.servlet.DispatcherServlet
  	
  		contextConfigLocation
  		classpath:conf/spring-*.xml
  	
  
  
  
  	SpringMvc
  	*.action
  
  
  
  
  	characterEncodingFilter
  	org.springframework.web.filter.CharacterEncodingFilter
  	
  		encoding
  		UTF-8
  	
  	
  		forceEncoding
  		true
  	
  
  
  	characterEncodingFilter
  	/*
  
  
  
  
  
  	shiroFilter
  	org.springframework.web.filter.DelegatingFilterProxy
  	
  	
  		targetFilterLifecycle
  		true
  	
  	
  	
  		targetBeanName
  		shiroFilter
  	
  
  
  	shiroFilter
  	/*
  
  
  

2.配置spring-mvc.xml


	
	
	
	
	
	
	
		
		
	

	
	
	
		
	

3.配置spring-mybatis.xml


	
	
		
		
		
		
	
	
	
	
		
		
	
	
	
	
		
		
	

4.配置spring-shiro.xml


	
		
		
		
		
		
		
		
		
			
			
			/logout.action = logout
			/images/** = anon
			/js/** = anon
			/styles/** = anon
			
			/** = authc
			
			
				
			
		
	
	
	
	
		
	
	
	
	
	
		
	
	
	
	
		
		
	

5.首先编写一个实体类用户存放主体的身份信息和凭证信息等

public class ResultUser {

	private String userId;
	private String username;
	private String usercode;
	private List menu;
	private List permissions;

	public String getUserId() {
		return userId;
	}

	public void setUserId(String userId) {
		this.userId = userId;
	}

	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}

	public String getUsercode() {
		return usercode;
	}

	public void setUsercode(String usercode) {
		this.usercode = usercode;
	}

	public List getMenu() {
		return menu;
	}

	public void setMenu(List menu) {
		this.menu = menu;
	}

	public List getPermissions() {
		return permissions;
	}

	public void setPermissions(List permissions) {
		this.permissions = permissions;
	}

}

6.处理请求

@Controller
public class LoginController {

	@Resource
	private LoginService loginService;
	
	@RequestMapping("/first.action")
	public String first(Model model) {
		Subject subject = SecurityUtils.getSubject();
		ResultUser resultUser = (ResultUser) subject.getPrincipal();
		model.addAttribute("resultUser", resultUser);
		return "jsp/first";
	}
	/**
	 * 当前端登录界面发出login.action请求时
	 * @throws Exception 
	 */
	@RequestMapping("/login.action")
	public String login(String username,String password,
			String randomcode,HttpSession session,
			HttpServletRequest request) throws Exception {
		String shiroLoginFailure = (String) request.getAttribute("shiroLoginFailure");
		if (shiroLoginFailure != null) {
			if (UnknownAccountException.class.getName().equals(shiroLoginFailure)) {
				throw new LoginException("账户不存在");
			}else if (IncorrectCredentialsException.class.getName().equals(shiroLoginFailure)) {
				throw new LoginException("用户名或密码错误");
			}else {
				throw new Exception();//未知异常
			}
		}
//		此方法只做登录失败的处理,如果shiro认证登录成功以后会自动刷新跳转到上一个路径
//		登录失败
		return "jsp/login";
	}
}

7.自定义的realm

public class CustomRealm extends AuthorizingRealm{

	@Resource
	private LoginService loginService;
	
//	授权
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
//		从principals获取主身份信息
		ResultUser resultUser = 
				(ResultUser) principals.getPrimaryPrincipal();
		List permissioncodes = 
				new ArrayList();
		List permissions = 
				loginService.findPermissionList(resultUser.getUserId());
		if (permissions != null) {
			for (SysPermission permission : permissions) {
				permissioncodes.add(permission.getPercode());
			}
		}
		SimpleAuthorizationInfo authorizationInfo = 
				new SimpleAuthorizationInfo();
		authorizationInfo.addStringPermissions(permissioncodes);
		return authorizationInfo;
	}
//	认证
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		// TODO Auto-generated method stub
		String usercode = (String) token.getPrincipal();
		UserPojo userPojo = loginService.findUserByUsercode(usercode);
		if (userPojo == null) {
			return null;
		}
		String password = userPojo.getPassword();
//		用户信息
		ResultUser resultUser = new ResultUser();
		resultUser.setUserId(userPojo.getId());
		resultUser.setUsercode(userPojo.getUsercode());
		resultUser.setUsername(userPojo.getUsername());
//		认证时候还需要加盐
		String salt  = userPojo.getSalt();
		List menuList = loginService.findMenuList(userPojo.getId());
		resultUser.setMenu(menuList);
		SimpleAuthenticationInfo info = 
				new SimpleAuthenticationInfo(resultUser, 
						password,
						ByteSource.Util.bytes(salt), 
						this.getName());
		return info;
	}
	@Override
	public void setName(String name) {
		// TODO Auto-generated method stub
		super.setName("customRealm");
	}

通常需要对密码 进行散列,常用的有md5、sha,

对md5密码,如果知道散列后的值可以通过穷举算法,得到md5密码对应的明文。

建议对md5进行散列时加salt(盐),进行加密相当 于对原始密码+进行散列。

正常使用时散列方法:

在程序中对原始密码+盐进行散列,将散列值存储到数据库中,并且还要将盐也要存储在数据库中。

如果进行密码对比时,使用相同 方法,将原始密码+盐进行散列,进行比对。

不写太多,反正没人看(行内人一看代码就知道什么意思)

你可能感兴趣的:(新手必看,编程规则,java,小东升职记)