依賴:spring-context,spring-MVC,shiro-core,shiro-spring,shiro-webhtml
實話實說:web.xml,spring,springmvc配置文件好難java
大體效果web
代碼結構(使用web骨架構建)spring
pom.xml數據庫
<dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>4.2.4.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.2.4.RELEASE</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.4.0</version> </dependency> </dependencies>
實體類Userapache
public class User { private int id; private String username; private String password; public User() { } public User(String username, String password) { this.username = username; this.password = password; } public User(int id, String username, String password) { this.id = id; this.username = username; this.password = password; } @Override public String toString() { return "User{" + "id=" + id + ", username='" + username + '\'' + ", password='" + password + '\'' + '}'; } public int getId() { return id; } public void setId(int id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
自定義Realm 域 類(加鹽)json
public class CustomRealm extends AuthorizingRealm {
@Override //受權 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String username = (String) principals.getPrimaryPrincipal(); //經過用戶名username,獲取角色 Set<String> roles=getRolesByUsername(username); //經過用戶名username,獲取角色de權限 Set<String> permissions=getPermissionsByUsrname(username); //返回AuthorizationInfo對象,先建立 SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); //設置受權 ---角色 info.setRoles(roles); //設置受權 ---權限 info.setStringPermissions(permissions); return info; } private Set<String> getPermissionsByUsrname(String username) { //也是從數據庫去,這裏寫死 Set<String> permissions=new HashSet<>(); permissions.add("user:select"); permissions.add("user:update"); permissions.add("user:delete"); permissions.add("user:insert"); return permissions; } private Set<String> getRolesByUsername(String username) { //也是從數據庫去,這裏寫死 Set<String> roles=new HashSet<>(); roles.add("admin"); roles.add("user"); return roles; } @Override //認證 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal(); System.out.println("用戶名:"+username); String pwd=getPwdByUsername(username); System.out.println("密 碼:"+pwd); if (pwd==null){ return null; } SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,pwd,"customRealmSecret");
info.setCredentialsSalt(ByteSource.Util.bytes("salt")); return info; } private String getPwdByUsername(String username) { Map<String,String> map=new HashMap<>(); //加密的密碼admin再加鹽 --->c657540d5b315892f950ff30e1394480 map.put("admin","c657540d5b315892f950ff30e1394480"); super.setName("customRealmSecret"); return map.get(username); } }
控制器controllerspring-mvc
@Controller public class UserController { @ResponseBody @RequestMapping(value = "/subLogin",method = RequestMethod.POST,produces="application/json;charset=utf-8") public String subLogin(User user){ Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword()); try { subject.login(token); } catch (AuthenticationException e) { return e.getMessage(); } return "登陸成功"; } }
login.htnl架構
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>shiro登陸頁面</title> </head> <body> <form action="subLogin" method="post"> <input type="text" name="username"/><br/> <input type="password" name="password"/><br/> <input type="submit" value="登陸"/> </form> </body> </html>
重頭戲:配置文件mvc
web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:spring/spring.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- The front controller of this Spring Web application, responsible for handling all application requests --> <servlet> <servlet-name>springDispatcherServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:spring/springmvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <!-- Map all requests to the DispatcherServlet for handling --> <servlet-mapping> <servlet-name>springDispatcherServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>
spring.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="login.html"/> <property name="unauthorizedUrl" value="403.html"/> <!--過濾器頁面--> <property name="filterChainDefinitions"> <value> /subLogin=anon <!--提交登陸的url也不須要認證--> /login.html=anon <!--不須要認證,也能夠訪問--> /*=authc <!--須要認證,才能夠訪問--> </value> </property> </bean> <!--建立securityManager對象--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="realm"/> </bean> <bean class="com.imooc.shiro.realm.CustomRealm" id="realm"> <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher" id="credentialsMatcher"> <property name="hashAlgorithmName" value="md5"/> <property name="hashIterations" value="1"/> </bean> </beans>
springmvc.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <context:component-scan base-package="com.imooc.controller"/> <mvc:annotation-driven/> <!--排除靜態文件--> <mvc:resources mapping="/*" location="/"/> </beans>
我的總結下啦:
難在配置,特別有個坑在spring的bean裏面,要的是web的
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
而我配少了個web
<bean id="securityManager" class="org.apache.shiro.mgt.DefaultWebSecurityManager">
哎,這就搞了我一晚頭大,買了個表,頂
還有就是,理解好,shiro的
shiroFilter,
DefaultWebSecurityManager,
CustomRealm(自定義的域),
HashedCredentialsMatcher(加密),也就七七八八了