shiro 小结

shiro 资料很多，大家可以到网上找，找到后可以改成适合自己方式，就我自己的做个小结，并没有什么新鲜东西，怕忘记而已。

1.shiro 可以直接写JdbcRealm

2.也可以定制自己的，继承AuthorizingRealm就可以了

这里记录下第一种方式并与Spring集成：


第一步：建表

delimiter $$

CREATE TABLE `user` (
  `ID` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
  `user_name` varchar(50) NOT NULL,
  `password` varchar(50) NOT NULL,
  `email` varchar(50) NOT NULL,
  `mobile_phone` varchar(45) DEFAULT NULL,
  `create_time` datetime DEFAULT NULL,
  PRIMARY KEY (`ID`),
  UNIQUE KEY `ID` (`ID`),
  KEY `ID_2` (`ID`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8$$


delimiter $$

CREATE TABLE `role` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `ROLE_ID` varchar(45) NOT NULL,
  `ROLE_NAME` varchar(45) NOT NULL,
  `DESCRIPTION` varchar(45) DEFAULT NULL,
  `CREATE_TIME` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8$$

delimiter $$

CREATE TABLE `user_role` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` bigint(20) NOT NULL,
  `role_id` varchar(45) NOT NULL,
  `create_time` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8$$

delimiter $$

CREATE TABLE `permission` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `permission_id` varchar(45) NOT NULL,
  `permission_name` varchar(45) DEFAULT NULL,
  `permission_note` varchar(45) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8$$

delimiter $$

CREATE TABLE `role_permission` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `role_id` varchar(45) NOT NULL,
  `permission_id` varchar(45) NOT NULL,
  `role_permission_note` varchar(45) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8$$

第二步：集成

<dependency>
		<groupId>org.apache.shiro</groupId>
		<artifactId>shiro-core</artifactId>
		<version>1.2.0</version> 
	</dependency> 
	<dependency>
		<groupId>org.apache.shiro</groupId>
		<artifactId>shiro-web</artifactId>
		<version>1.2.0</version> 
	</dependency> 
	<dependency>
		<groupId>org.apache.shiro</groupId>
		<artifactId>shiro-ehcache</artifactId>
		<version>1.2.0</version> 
	</dependency> 
	<dependency>
		<groupId>org.apache.shiro</groupId>
		<artifactId>shiro-spring</artifactId>
		<version>1.2.0</version> 
	</dependency> 
	<dependency>
		<groupId>net.sf.ehcache</groupId>
		<artifactId>ehcache-core</artifactId>
		<version>2.5.3</version> 
	</dependency> 
	<dependency>
		<groupId>org.slf4j</groupId>
		<artifactId>slf4j-jdk14</artifactId>
		<version>1.6.4</version> 
	</dependency> 

<bean id="sampleRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
		<property name="dataSource" ref="dataSource"></property>
		<property name="authenticationQuery">
			<value>
				select password from user where user_name=?
			</value>
		</property>
		<property name="userRolesQuery">
			<value>
				select a.role_name from role a,user_role b,user c
				where a.role_id=b.role_id and b.user_id=c.id and c.user_name=?
			</value>
		</property>
		<property name="permissionsQuery">
			<value>
				select b.permission_name from role t 
				left join role_permission a on t.role_id=a.role_id 
				left join permission b on a.permission_id=b.permission_id where t.role_name=?
			</value>
		</property>
		<property name="permissionsLookupEnabled" value="true"></property>
		<property name="saltStyle" value="NO_SALT"></property>
		
	</bean>
	<!--  
	<property name="credentialsMatcher" ref="hashedCredentialsMatcher"></property>
	<bean id="hashedCredentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
		<property name="hashAlgorithmName" value="MD5"></property>
		<property name="storedCredentialsHexEncoded" value="false"></property>
		<property name="hashIterations" value="1"></property>
	</bean>
	-->
	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
	 
	 <!-- AOP式方法级权限检查  -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" 
	depends-on="lifecycleBeanPostProcessor">
		<property name="proxyTargetClass" value="true" />
	</bean>
	
	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
		<property name="securityManager" ref="securityManager"></property>
	</bean>
	<!-- 
	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
		<property name="excludedExceptions">
			<props>
				<prop key="org.apache.shiro.authz.UnauthorizedException">
					/unauthorized
				</prop>
				<prop key="org.apache.shiro.authz.UnauthenticatedException">
					/unauthorized
				</prop>
			</props>
		</property>
	</bean>
	-->

这里需要注意下SQL的方式，先是user_name，再是role_name


第三步：验证

public String login()throws Exception {
		UsernamePasswordToken token = new UsernamePasswordToken(this.operId,this.password);
		//记录该令牌，如果不记录则类似购物车功能不能使用。
		token.setRememberMe(false);
		//subject理解成权限对象。类似user
		Subject subject = SecurityUtils.getSubject();
		try {
			subject.login(token);
		} catch (UnknownAccountException ex) {//用户名没有找到
			ex.printStackTrace();
		} catch (IncorrectCredentialsException ex) {//用户名密码不匹配
			ex.printStackTrace();
		}catch (AuthenticationException e) {//其他的登录错误
			e.printStackTrace();
		}
		subject.checkPermission("add");
		subject.checkRole("admin");
		if(subject.isPermitted("add")){
			System.out.println("admin");
		}
		
		if(subject.isPermitted("add")){
			System.out.println("add");
		}
		//验证是否成功登录的方法
		if (subject.isAuthenticated()) {
			return Constants.SUCCESS_KEY;
		}
		return Constants.FAILURE_KEY;
}