shiro學習（4、shiro集成spring+springmvc）

 

 依賴：spring-context，spring-MVC，shiro-core，shiro-spring，shiro-web

實話實說：web.xml,spring,springmvc配置文件好難

大體效果

 

 

代碼結構(使用web骨架構建)

 

 pom.xml

<dependencies>

        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.11</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>4.2.4.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>4.2.4.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.4.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0</version>
        </dependency>
    </dependencies>

實體類User

public class User {
    private int id;
    private String username;
    private String password;

    public User() {
    }

    public User(String username, String password) {
        this.username = username;
        this.password = password;
    }

    public User(int id, String username, String password) {
        this.id = id;
        this.username = username;
        this.password = password;
    }

    @Override
    public String toString() {
        return "User{" +
                "id=" + id +
                ", username='" + username + '\'' +
                ", password='" + password + '\'' +
                '}';
    }

    public int getId() {
        return id;
    }

    public void setId(int id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }
}

自定義Realm 域  類（加鹽）

public class CustomRealm extends AuthorizingRealm { 
　　@Override //受權
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String username = (String) principals.getPrimaryPrincipal(); //經過用戶名username，獲取角色
        Set<String> roles=getRolesByUsername(username); //經過用戶名username，獲取角色de權限
        Set<String> permissions=getPermissionsByUsrname(username); //返回AuthorizationInfo對象，先建立
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); //設置受權 ---角色
 info.setRoles(roles); //設置受權 ---權限
 info.setStringPermissions(permissions); return info; } private Set<String> getPermissionsByUsrname(String username) { //也是從數據庫去，這裏寫死
        Set<String> permissions=new HashSet<>(); permissions.add("user:select"); permissions.add("user:update"); permissions.add("user:delete"); permissions.add("user:insert"); return permissions; } private Set<String> getRolesByUsername(String username) { //也是從數據庫去，這裏寫死
        Set<String> roles=new HashSet<>(); roles.add("admin"); roles.add("user"); return roles; } @Override //認證
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal(); System.out.println("用戶名："+username); String pwd=getPwdByUsername(username); System.out.println("密  碼："+pwd); if (pwd==null){ return null; } SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,pwd,"customRealmSecret");
　　　　 info.setCredentialsSalt(ByteSource.Util.bytes("salt")); return info; } private String getPwdByUsername(String username) { Map<String,String> map=new HashMap<>(); //加密的密碼admin再加鹽 --->c657540d5b315892f950ff30e1394480
        map.put("admin","c657540d5b315892f950ff30e1394480"); super.setName("customRealmSecret"); return map.get(username); } }

控制器controller

@Controller
public class UserController {
    @ResponseBody
    @RequestMapping(value = "/subLogin",method = RequestMethod.POST,produces="application/json;charset=utf-8")
    public String subLogin(User user){
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());

        try {
            subject.login(token);
        } catch (AuthenticationException e) {
            return e.getMessage();
        }
        return "登陸成功";
    }
}

login.htnl

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>shiro登陸頁面</title>
</head>
<body>
    <form action="subLogin" method="post">
        <input type="text" name="username"/><br/>
        <input type="password" name="password"/><br/>
        <input type="submit" value="登陸"/>
    </form>
</body>
</html>

重頭戲：配置文件

web.xml

 

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         id="WebApp_ID" version="3.0">

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:spring/spring.xml</param-value>
  </context-param>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
  </listener>

  <filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- The front controller of this Spring Web application, responsible for handling all application requests -->
  <servlet>
    <servlet-name>springDispatcherServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath*:spring/springmvc.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <!-- Map all requests to the DispatcherServlet for handling -->
  <servlet-mapping>
    <servlet-name>springDispatcherServlet</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>


</web-app>

 

spring.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="login.html"/>
        <property name="unauthorizedUrl" value="403.html"/>
        <!--過濾器頁面-->
        <property name="filterChainDefinitions">
            <value>
                /subLogin=anon          <!--提交登陸的url也不須要認證-->
                /login.html=anon         <!--不須要認證，也能夠訪問-->
                /*=authc                <!--須要認證，才能夠訪問-->
            </value>
        </property>
    </bean>

    <!--建立securityManager對象-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="realm"/>
    </bean>

    <bean class="com.imooc.shiro.realm.CustomRealm" id="realm">
        <property name="credentialsMatcher" ref="credentialsMatcher"/>
    </bean>


    <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"
          id="credentialsMatcher">
        <property name="hashAlgorithmName" value="md5"/>
        <property name="hashIterations" value="1"/>
    </bean>
</beans>

springmvc.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">



<context:component-scan base-package="com.imooc.controller"/>
    <mvc:annotation-driven/>
    <!--排除靜態文件-->
    <mvc:resources mapping="/*" location="/"/>

</beans>

我的總結下啦：

　　難在配置，特別有個坑在spring的bean裏面，要的是web的

　　<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

　　而我配少了個web
　　<bean id="securityManager" class="org.apache.shiro.mgt.DefaultWebSecurityManager">
哎，這就搞了我一晚頭大，買了個表，頂
還有就是，理解好，shiro的

shiroFilter，

DefaultWebSecurityManager，

CustomRealm（自定義的域），

HashedCredentialsMatcher（加密），也就七七八八了