pom.xml
4.0.0
com.qfedu
ssm_shiro
1.0-SNAPSHOT
war
4.3.6.RELEASE
org.springframework
spring-webmvc
${spring-version}
com.fasterxml.jackson.core
jackson-databind
2.8.10
mysql
mysql-connector-java
5.1.44
org.mybatis
mybatis
3.4.4
org.mybatis
mybatis-spring
1.3.0
org.springframework
spring-test
${spring-version}
org.springframework
spring-jdbc
${spring-version}
org.aspectj
aspectjweaver
1.6.8
com.alibaba
druid
1.0.28
log4j
log4j
1.2.17
junit
junit
4.12
org.projectlombok
lombok
1.18.6
provided
javax.servlet.jsp
jsp-api
2.2
provided
javax.servlet
javax.servlet-api
3.0.1
provided
jstl
jstl
1.2
org.apache.shiro
shiro-web
1.3.2
org.apache.shiro
shiro-spring
1.3.2
org.apache.maven.plugins
maven-compiler-plugin
3.6.1
1.8
1.8
org.apache.tomcat.maven
tomcat7-maven-plugin
2.2
/
8889
web.xml
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
targetFilterLifecycle
true
contextConfigLocation
classpath:*.xml
org.springframework.web.context.ContextLoaderListener
shiroFilter
/*
springDispatcherServlet
org.springframework.web.servlet.DispatcherServlet
contextConfigLocation
classpath:spring-mvc.xml
springDispatcherServlet
/
db.properties
driver=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/rbac?useSSL=false
user=root
pass=wangwei
shiro-mvc.xml
shiro-spring.xml
/login.jsp=anon
/main.jsp=authc
/manager.jsp=roles[manager]
/guest.jsp=roles[guest]
entity类
user.java
package com.qfedu.entity;
import lombok.Data;
import java.io.Serializable;
import java.util.Set;
/**
* (User)实体类
*
* @author makejava
* @since 2020-04-14 11:06:42
*/
@Data
public class User implements Serializable {
private static final long serialVersionUID = 617289138502785533L;
private Integer uid;
private String username;
private String password;
private String tel;
private String addr;
private Set rs;
}
Role.java
package com.qfedu.entity;
import lombok.Data;
import java.io.Serializable;
import java.util.Set;
/**
* (Role)实体类
*
* @author makejava
* @since 2020-04-14 11:06:42
*/
@Data
public class Role implements Serializable {
private static final long serialVersionUID = -74163700661732397L;
private Integer rid;
private String rname;
private String rdesc;
private Set ps;
}
Permission.java
package com.qfedu.entity;
import lombok.Data;
import java.io.Serializable;
import java.util.Set;
/**
* (Permission)实体类
*
* @author makejava
* @since 2020-04-14 11:06:42
*/
@Data
public class Permission implements Serializable {
private static final long serialVersionUID = 581645870054218482L;
private Integer pid;
private String pname;
private String pdesc;
}
dao
IUserDao.java
package com.qfedu.dao;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import java.util.List;
public interface IUserDao {
User login(User user);
List getAllRolesByUsername(String username);
List getAllPermissionsByUsername(String username);
}
service
IUserService.java
package com.qfedu.service;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import java.util.List;
public interface IUserService {
User login(String username, String pass);
List getAllRolesByUsername(String username);
List getAllPermissionsByUsername(String username);
}
service.impl
UserServiceImpl.java
package com.qfedu.service.impl;
import com.qfedu.dao.IUserDao;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import com.qfedu.service.IUserService;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.List;
@Service
public class UserServiceImpl implements IUserService {
@Resource
private IUserDao userDao;
@Override
public User login(String username, String pass) {
User u = new User();
u.setUsername(username);
u.setPassword(pass);
return userDao.login(u);
}
@Override
public List getAllRolesByUsername(String username) {
return userDao.getAllRolesByUsername(username);
}
@Override
public List getAllPermissionsByUsername(String username) {
return userDao.getAllPermissionsByUsername(username);
}
}
controller
UserController.java
package com.qfedu.controller;
import com.qfedu.service.IUserService;
import org.apache.ibatis.annotations.Param;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.annotation.Resource;
@Controller
public class UserController {
@PostMapping("/login")
public String login(@RequestParam("username") String username, @RequestParam("password") String password){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
try {
System.out.println(111);
subject.login(token);
System.out.println(000);
return "main.jsp";
} catch (AuthenticationException e) {
System.out.println(222);
e.printStackTrace();
return "login.jsp";
}
}
}
shiro
MyRealm.java
package com.qfedu.shiro;
import com.qfedu.entity.Permission;
import com.qfedu.entity.Role;
import com.qfedu.entity.User;
import com.qfedu.service.IUserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import javax.annotation.Resource;
import java.util.List;
public class MyRealm extends AuthorizingRealm {
@Resource
private IUserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
String username = getAvailablePrincipal(principals).toString();
List list = userService.getAllRolesByUsername(username);
for (Role r : list) {
info.addRole(r.getRname());
}
List permissionList = userService.getAllPermissionsByUsername(username);
for (Permission p : permissionList) {
info.addStringPermission(p.getPname());
}
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
AuthenticationInfo info = null;
UsernamePasswordToken tk = (UsernamePasswordToken) token;
String username = tk.getUsername();
char[] password = tk.getPassword();
String pass = new String(password);
User u = userService.login(username, pass);
if (u != null && u.getUid() != 0){
String name = getName();
info = new SimpleAuthenticationInfo(username, pass, name);
}
return info;
}
}
main.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
main
this is main page.
i am login successfully.
i am a manager
i am a guest
welcome back
i can select
i can delete
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
login