spring整合shiro过程

一、添加依赖

    1.4.0



    
      org.apache.shiro
      shiro-core
      ${shiro.version}
    
    
      org.apache.shiro
      shiro-spring
      ${shiro.version}
    
    
      org.apache.shiro
      shiro-web
      ${shiro.version}
    
    
      org.apache.shiro
      shiro-ehcache
      ${shiro.version}
    

二、创建shiro配置文件，配置shiro

    
    
    
        
        
        
        
        
        
        
        
        
            
        

        
        
            
                
                /images/** = anon
                /js/** = anon
                /styles/** = anon
                /html/** = anon
                /WEB-INF/static/** = anon
                /user/login.do = anon
                
                /validatecode.jsp = anon

                
                /logout.do = logout
                
                
                
                /index.jsp  = user
                /first.action = user
                /welcome.jsp = user
                
                /** = authc
                

            
        
    

    
    
        
        
        
        
        
        
        

    

    
    
        
        
    

    
    
        
        
    

    
    
        
    

    
    
        
        
        
        

        
        

    

    
    
        
        
    

    
    
    
        
        
        
        
        
        
    

    
    
        
    
    
    
        
        
        
        
    

三、自定义shiroRealm

package cn.coolservice.oa.common;

import cn.coolservice.oa.entity.User;
import cn.coolservice.oa.service.systemService.PermissionService;
import cn.coolservice.oa.service.systemService.SroleService;
import cn.coolservice.oa.service.systemService.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;


import java.util.*;

/**
 * @Author: 樊小铭
 * Date: 2020/2/12 10:12
 * @Version:
 * @Description:
 */
public class ShiroRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    @Autowired
    private SroleService sroleService;

    @Autowired
    private PermissionService permissionService;



    /*
    * 授权
    *
    * */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        // 获取身份信息
        String username = (String) principals.getPrimaryPrincipal();
        // 根据身份信息从数据库中查询权限数据

        //....这里使用静态数据模拟
        List permissions = new ArrayList();
        permissions.add("user:create");
        permissions.add("user.delete");

        //将权限信息封闭为AuthorizationInfo

        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for(String permission:permissions){
            simpleAuthorizationInfo.addStringPermission(permission);
        }

        return simpleAuthorizationInfo;
    }



    /*
    * 认证
    * */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken uptoken = (UsernamePasswordToken)token;

        String username = uptoken.getUsername();

        char[] passwords = uptoken.getPassword();

        StringBuffer password = new StringBuffer();

        for(char i : passwords){
            password.append(i);
        }

        User user = userService.getUserByUserName(username);

        if( user == null || !user.getUsername().equals(username)) {
            throw new UnknownAccountException(); //如果用户名错误
        }

        String algo = "MD5";
        Object testSalt = ByteSource.Util.bytes(username); // 把用户名当作盐值
        int hashi = 5 ;  // 加密5次
        SimpleHash md5Pwd = new SimpleHash(algo,password.toString(),testSalt,hashi);


        if(!md5Pwd.toString().equals(user.getPassword())){
            throw new IncorrectCredentialsException();
        }

        ByteSource salt = ByteSource.Util.bytes(username);

        //如果身份认证验证成功，返回一个AuthenticationInfo实现；
        return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), salt, getName());
    }


    public static void main(String[] args) {
        String algo = "MD5";
        Object sour = "666666";
        Object salt = ByteSource.Util.bytes("admin");
        int hashi = 5 ;
//        String md5 = new Md5Hash("666666").toString();
        SimpleHash md5 = new SimpleHash(algo,sour,salt,hashi);
        System.out.println(md5);
    }
 }

四、在web.xml中注册shiro filter

  
      DelegatingFilterProxy
      org.springframework.web.filter.DelegatingFilterProxy
      
      
          targetBeanName
          shiroFilter
      
   

  
      DelegatingFilterProxy
      /*