shiro

本次缓存使用ehcache

pom.xml

      1.3.2

      
      
          org.apache.shiro
          shiro-all
          ${shiro.version}
      

---

web.xml

开头加入spring文件。 spring-model.xml包括spring-model-shiro.xml  spring-model-ehcache.xml  spring-model.xml


contextConfigLocation

classpath:conf/spring-model*.xml







shiroFilter

org.springframework.web.filter.DelegatingFilterProxy



targetFilterLifecycle

true







shiroFilter

/*

---

spring-model-shiro.xml

    Shiro配置信息

    

    
    
        
        
        
            
                 
                 
            
        
    

    
    
        
    
    
    
        
        
    

    
        
        
        
            
                /callMBG = anon
                /test/** = anon
                /static/** = anon
                /css/** = anon
                /js/** = anon
                /scripts/** = anon
                /images/** = anon
                /login/** = anon
                /error/** = anon
                /** = authc
            
        
    

    
    

    
    
    
        
    

最关键部分，"com.common.MyRealm"

MyRealm.java

package com.common;

import com.dataSource.DataSourceEnum;
import com.dataSource.DataSourceHolder;
import com.entity.TPriResource;
import com.entity.TPriRole;
import com.entity.TPriUser;
import com.entity.TPriUserRoleRel;
import com.service.TPriResourceService;
import com.service.TPriRoleService;
import com.service.TPriUserRoleRelService;
import com.service.TPriUserService;
import com.util.JsonUtil;
import com.util.SessionUtil;
import com.util.StringUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.ArrayList;
import java.util.List;

/**
 * @Title:
 * @Description:
 * @Author:ChenZey
 * @Company：
 * @Create：2019-08-27 16:54
 * @Version：V1.0
 **/
public class MyRealm  extends AuthorizingRealm {
    protected Logger logger = LoggerFactory.getLogger(MyRealm.class);

    @Autowired
    private TPriUserService userService;
    @Autowired
    private TPriRoleService roleService;
    @Autowired
    private TPriResourceService tPriResourceService;
    @Autowired
    private TPriUserRoleRelService tPriUserRoleRelService;
//    @Autowired
//    private ResourceService resourceService;
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addRoles(SessionUtil.getRoles());//添加角色
        info.addStringPermissions(SessionUtil.getResources());//添加按钮资源
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        DataSourceHolder.setDataSources(DataSourceEnum.RASDATA.getKey());
        String userName = (String) token.getPrincipal();
        TPriUser user = userService.getByUserName(userName);
        if (user == null) {
            // 没找到帐号
            throw new UnknownAccountException();
        } else {
            SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(userName, user.getPassword(), getName());
            System.out.println(JsonUtil.toJson(user));
            //session中保存用户信息
            SessionUtil.setAttribute("user", user);
            //保存机构信息
           /* Org org = orgService.getById(user.getOrgId());
            SessionUtil.setAttribute("org", org);*/
            //保存角色信息
            TPriUserRoleRel tPriUserRoleRel = tPriUserRoleRelService.userRole(user.getUserId());
            TPriRole tPriRole = roleService.tPriRole(tPriUserRoleRel.getRoleId());
            List roleStrs = new ArrayList<>();
            roleStrs.add(tPriRole.getRoleCode());
            SessionUtil.setAttribute("roles",roleStrs );

            //保存资源信息
             List resources = null;
            if ("admin".equals(user.getStaffName())){
                resources = tPriResourceService.getAll();
            }else{
                resources = tPriResourceService.getResourceListByUserId(user.getUserId());
            }
            List resourceStrs = new ArrayList<>();
            for (TPriResource resource : resources) {
     //permission 页面使用name中值 与数据库中该按钮注册存储值需一致。用法：
     //  -----------------------------------------------
     //  
     //    

     //       删除
     //        
     //   
     //     -------------------------------------------------
                String permission = resource.getPermission();
                //3为资源表按钮类型资源  此处存储按钮权限，用来结合JSP使用标签来解决权限验证
                if ("3".equals(resource.getResourceType()) && StringUtils.isNotEmpty(permission)) {
                    resourceStrs.add(permission);
                }
            }
             SessionUtil.setAttribute("resources", resourceStrs);
            return authenticationInfo;
        }
    }
}

SessionUtil.java

package com.util;

import com.entity.TPriUser;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;

import java.util.List;

public class SessionUtil {
    /**
     * 获取Shiro 的 Session
     *
     * @return
     */
    public static Session getSession() {
        return SecurityUtils.getSubject().getSession();
    }

    /**
     * 获取Session中的属性
     *
     * @param attributeName
     * @return
     */
    public static Object getAttribute(String attributeName) {
        return SecurityUtils.getSubject().getSession().getAttribute(attributeName);
    }

    /**
     * 设置Session属性
     *
     * @param attributeName
     * @param attribute
     */
    public static void setAttribute(String attributeName, Object attribute) {
        SecurityUtils.getSubject().getSession().setAttribute(attributeName, attribute);
    }

    /**
     * 获取当前登录用户
     * @return
     */
    public static TPriUser getUser() {
        return (TPriUser) getAttribute("user");
    }

    /**
     * 获取当前登录用户ID
     * @return
     */
    public static String getUserId() {
        //判断当前登录用户是否存在
        TPriUser user = getUser();
        if(user == null){
            return null;
        }
        return getUser().getUserId();
    }

    /**
     * 获取当前登录用户名
     * @return
     */
    public static String getUsername() {
        //判断当前登录用户是否存在
        TPriUser user = getUser();
        if(user == null){
            return null;
        }
        return getUser().getUserName();
    }


    /**
     * 获取当前登录用户IP
     * @return
     */
    public static String getIp() {
        return getSession().getHost();
    }


    /**
     * 返回当前用户的角色列表
     * @return
     */
    public static List getRoles() {
        return (List) getSession().getAttribute("roles");
    }

    /**
     * 返回当前用户的资源列表
     * @return
     */
    public static List getResources() {
        return (List) getSession().getAttribute("resources");
    }

}

---

spring-model-ehcache.xml 其中引用ehcache.xml

    EhCache配置信息
    
    
    
    
    
        
    
    
    
        
    
    
    
    

ehcache.xml