shiro框架-權限管理

如下是整個項目的目錄結構:

 1 package com.aaa.ssm.common;
 2 
 3 import org.apache.shiro.crypto.hash.SimpleHash;
 4 
 5 /**
 6  * 加密工具類
 7  */
 8 public class MD5 {
 9     /**
10      *
11      * @param method  使用的加密方式
12      * @param password 加密的字符串
13      * @param code  能夠添加的加密字符串
14      * @param count  加密的字數
15      * @return  返回加密後的字符串
16      */
17     public static String getMd5(String method, String password,String code,Integer count){
18         SimpleHash simpleHash=null;
19         if (code==null&count==null){
20              simpleHash=new SimpleHash(method,password);
21         }else {
22             simpleHash=new SimpleHash(method,password,code,count);
23         }
24 
25         String newMd5=  simpleHash.toString();
26 
27         return newMd5;
28     }
29 
30 
31 
32 }
MD5加密方式
package com.aaa.ssm.common;

public class Const {

    //放置用戶登陸成功的session數據
    public  static final String SESSION_USER="SESSION_USER";
    //放置用戶的請求地址
    public static final  String SESSION_URLS="SESSION_URLS";

}
全局常量類
package com.aaa.ssm.controller;

import com.aaa.ssm.entity.Module;
import com.aaa.ssm.entity.Users;
import com.aaa.ssm.service.UsersService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

import java.util.List;

@Controller
@RequestMapping("/user")
public class UsersController {

    @Autowired
    private UsersService usersService;

    /**
     * 登陸成功
     * @param
     * @return
     */
    //@RequiresPermissions("user")
    @RequestMapping("/login")
    public String login(Users users,String rememberMe,Model model) {
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(users.getUsername(), users.getPassword());
        //處理空指針異常
        if (rememberMe == null) {
            rememberMe = "0";
        }
        //記住密碼的操做
        if (rememberMe.equals("1") && rememberMe != null) {
            token.setRememberMe(true);

        }
        try {
            subject.login(token);
            //獲取對象信息
            users = (Users) subject.getPrincipal();
            //根據用戶查詢模塊
            List<Module> modules = usersService.queryModule(users);
            model.addAttribute("module", modules);
            return "index";
        } catch (AuthenticationException e) {
            model.addAttribute("error", "帳號或密碼錯誤");
            return "login";
        }


    }

    @RequestMapping("/tologin")
    public  String toLogin(){
        return "login";
    }


    /**
     * 查詢全部用戶信息
     * @param model
     * @return
     */
    @RequestMapping("/list")
    public  String list(Model model){
        List<Users> users = usersService.listAll();
        model.addAttribute("users",users );
        return "list";
    }

    /**
     * 退出
     * @return
     */
    @RequestMapping("/logout")
    public  String logout(){
        return "redirect:/login.jsp";
    }

}
UserController 控制器類
package com.aaa.ssm.dao;

import com.aaa.ssm.entity.Module;
import com.aaa.ssm.entity.Users;
import org.apache.ibatis.annotations.Param;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.List;

/**
 * 用戶管理dao接口
 */
public interface UsersDao {


    /**
     * 用戶登陸
     * @param users
     * @return
     */
    Users login(Users users);


    /**
     * shiro框架驗證
     * @param username
     * @return
     */
    Users findByUsername(String username);


    /**
     * 查詢全部用戶
     * @return
     */
    List<Users> listAll();

    /**
     * 權限查詢 一級菜單
     * @return
     */
    List<Module> listOneModule(Users users);
    /**
     * 權限查詢 二級菜單
     * @return
     */
    List<Module> listTwoModule(@Param("users") Users users, @Param("parent") Module parent);
}
用戶管理dao接口(注:此接口和業務邏輯層的Userservice大體同樣 參考下)
用戶實體類要想實現rememberMe 記住個人功能 須要實現序列化接口(Serializable)
package com.aaa.ssm.entity;

import java.io.Serializable;

/**
 * Serializable 爲了實現存儲Cookie 對象要實現實例化接口
 */
public class Users  implements Serializable {

    private Integer id;
    private String username;
    private  String password;
    private  String address;

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getAddress() {
        return address;
    }

    public void setAddress(String address) {
        this.address = address;
    }

    @Override
    public String toString() {
        return "Users{" +
                "id=" + id +
                ", username='" + username + '\'' +
                ", password='" + password + '\'' +
                ", address='" + address + '\'' +
                '}';
    }
}
用戶實體類
package com.aaa.ssm.service.impl;

import com.aaa.ssm.dao.UsersDao;
import com.aaa.ssm.entity.Module;
import com.aaa.ssm.entity.Users;
import com.aaa.ssm.service.UsersService;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import java.util.ArrayList;
import java.util.List;

@Service
@Transactional
public class UsersServiceImpl implements UsersService {
    @Autowired
    private UsersDao usersDao;
    @Override
    public Users login(Users users) {
        return usersDao.login(users);
    }

    @Override
    public Users findByUsername(String username) {
        return usersDao.findByUsername(username);
    }

    @Override
    public List<Users> listAll() {
        return usersDao.listAll();
    }

    @Override
    public List<Module> queryModule(Users users) {
        //先查詢一級菜單
        List<Module> oneModule = usersDao.listOneModule(users);

        for (Module module:oneModule){
            //查詢二級菜單
            List<Module> modules = usersDao.listTwoModule(users,module);
                module.setChildern(modules);
        }
        return oneModule;
    }



    @Override
    public List<String> queryUrls(List<Module> modules) {
        List<String> str=new ArrayList<String>();

        for (Module oneModule: modules){
            List<Module> childern = oneModule.getChildern();
            for (Module s:childern){
                String url = s.getUrl();
                //截取字符串
                str.add(url.substring(0,url.indexOf("/")));
            }

        }


        return str;
    }


}
業務邏輯實現接口
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.aaa.ssm.dao.UsersDao">
    <select id="login" resultType="com.aaa.ssm.entity.Users">

        select * from users where username=#{username} and password=#{password}
    </select>

    <select id="listAll" resultType="com.aaa.ssm.entity.Users">

        select * from Users
    </select>

    <select id="listOneModule" resultType="com.aaa.ssm.entity.Module">

        select distinct m.*  from users u inner join  user_role ur on u.id=ur.u_id
                                  inner join role r on r.id=ur.r_id
                                  inner join role_module rm on r.id=rm.r_id
                                  inner join module m on m.id=rm.m_id
                                  where u.id=#{id} and m.level_=1

    </select>

    <select id="listTwoModule" resultType="com.aaa.ssm.entity.Module">

        select distinct m.*  from users u inner join  user_role ur on u.id=ur.u_id
                                  inner join role r on r.id=ur.r_id
                                  inner join role_module rm on r.id=rm.r_id
                                  inner join module m on m.id=rm.m_id
                                  where u.id=#{users.id} and m.level_=2  and m.pid=#{parent.id}

    </select>

    <select id="findByUsername" resultType="com.aaa.ssm.entity.Users">
        select  * from users where username=#{username}

    </select>
</mapper>
dao接口的mapper映射文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">

    <context:component-scan base-package="com.aaa.ssm.service"></context:component-scan>
    <context:property-placeholder location="classpath:oracle.properties"></context:property-placeholder>
    <bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource">
        <property name="driverClassName" value="${driver}"></property>
        <property name="url" value="${url}"></property>
        <property name="username" value="${user}"></property>
        <property name="password" value="${password}"></property>
    </bean>

    <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
        <property name="dataSource" ref="dataSource"></property>
        <property name="mapperLocations" value="classpath:mapper/*.xml"></property>
        <property name="configLocation" value="classpath:mybatis.xml"></property>
    </bean>
    <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
        <property name="basePackage" value="com.aaa.ssm.dao"></property>
    </bean>
    <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
        <property name="dataSource" ref="dataSource"></property>
    </bean>
    <tx:annotation-driven transaction-manager="transactionManager"/>

    <!--spring導入shiro框架-->
    <import resource="classpath:sping-shiro.xml"></import>
</beans>
spring的主配置文件
<?xml version="1.0" encoding="UTF-8"?>
<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd">
<!--<diskStore path="D:/ehcache"></diskStore>-->
    <!--
    eternal:緩存中對象是否爲永久的,若是是,超時設置將被忽略,對象從不過時。
    maxElementsInMemory:緩存中容許建立的最大對象數
    overflowToDisk:內存不足時,是否啓用磁盤緩存。
    timeToIdleSeconds:緩存數據的鈍化時間,也就是在一個元素消亡以前,  兩次訪問時間的最大時間間隔值,這隻能在元素不是永久駐留時有效,若是該值是 0 就意味着元素能夠停頓無窮長的時間。
    timeToLiveSeconds:緩存數據的生存時間,也就是一個元素從構建到消亡的最大時間間隔值,這隻能在元素不是永久駐留時有效,若是該值是0就意味着元素能夠停頓無窮長的時間。
    memoryStoreEvictionPolicy:緩存滿了以後的淘汰算法。
    diskPersistent:設定在虛擬機重啓時是否進行磁盤存儲,默認爲false
    diskExpiryThreadIntervalSeconds: 屬性能夠設置該線程執行的間隔時間(默認是120秒,不能過小
    1 FIFO,先進先出
    2 LFU,最少被使用,緩存的元素有一個hit屬性,hit值最小的將會被清出緩存。
    3 LRU,最近最少使用的,緩存的元素有一個時間戳,當緩存容量滿了,而又須要騰出地方來緩存新的元素的時候,那麼現有緩存元素中時間戳離當前時間最遠的元素將被清出緩存。
    -->
<defaultCache
    maxElementsInMemory="1000"
    maxElementsOnDisk="10000000"
    eternal="false"
    overflowToDisk="false"
    diskPersistent="false"
    timeToIdleSeconds="120"
    timeToLiveSeconds="120"
    diskExpiryThreadIntervalSeconds="120"
    memoryStoreEvictionPolicy="LRU">

</defaultCache>
</ehcache>
配置shiro的緩存
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
        PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>

    <settings>
        <setting name="logImpl" value="STDOUT_LOGGING"/>
    </settings>
</configuration>
mybatis的主配置文件 爲了實現控制檯打印SQL語句
driver=oracle.jdbc.OracleDriver
url=jdbc:oracle:thin:@localhost:1521:orcl
user=scott
password=tiger
配置數據庫的properties文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
   <!--建立自定義域對象-->
    <bean id="myRealm" class="com.aaa.ssm.realm.MyRealm">
        <property name="credentialsMatcher" ref="credentialsMatcher"></property>
    </bean>
   <!--聲明cookie對象-->
    <bean id="cookie" class="org.apache.shiro.web.servlet.SimpleCookie">
        <constructor-arg value="rememberMe"></constructor-arg>
        <property name="httpOnly" value="true"></property>
        <property name="maxAge" value="2592000"></property>
    </bean>
  <!--聲明rememberMe對象-->
    <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
      <property name="cookie" ref="cookie"></property>
    </bean>
    <!--建立回話管理器-->
    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        <!--設置全局session的超時時間-->
        <property name="globalSessionTimeout" value="180000"></property>
        </bean>
    <!--配置shiro的緩存管理-->
    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">

        <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"></property>
    </bean>
    <!--建立安全管理器-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="myRealm"></property>
        <property name="rememberMeManager" ref="rememberMeManager"></property>
        <property name="sessionManager" ref="sessionManager"></property>
        <property name="cacheManager" ref="cacheManager"></property>
    </bean>
    <!--加密方式-->
    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <property name="hashIterations" value="5"></property>
        <property name="hashAlgorithmName" value="md5"></property>
    </bean>
    <!--過濾器-->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"></property>
        <property name="unauthorizedUrl" value="/error.jsp"></property>
        <!--/user/login.do-->
        <property name="loginUrl" value="/user/tologin.do"></property>
        <property name="filterChainDefinitions">
            <value>
                <!--對靜態資源不攔截  anon指的是匿名-->
                /static/*=anon
                /user/tologin.do=anon
                /user/login.do=anon

                /user/list.do=perms[user]
                <!--配置退出登陸的請求 logout是shiro自帶的一個退出登陸的過濾器-->
                /user/logout.do=logout
                <!--authc是指必須通過認證-->
                /**=user
               <!-- /*=authc
                /*/*=authc-->
            </value>
        </property>
    </bean>


</beans>
shiro的主配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">

    <context:component-scan base-package="com.aaa.ssm.controller"></context:component-scan>

    <mvc:annotation-driven></mvc:annotation-driven>
    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/jsp/"></property>
        <property name="suffix" value=".jsp"></property>
    </bean>


    <!--配置以註解的方式聲明shiro-->
    <aop:config proxy-target-class="true"></aop:config>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"></property>
    </bean>

    <!--spring統一異常處理機制-->
    <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
        <property name="defaultErrorView" value="../../error"></property>
    </bean>
</beans>
springmvc的主配置文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
         version="4.0">

    <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:applicationContext.xml</param-value>
        </context-param>

        <servlet>
            <servlet-name>springmvc</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <init-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>classpath:springmvc.xml</param-value>
            </init-param>
        </servlet>
        <servlet-mapping>
            <servlet-name>springmvc</servlet-name>
            <url-pattern>*.do</url-pattern>
        </servlet-mapping>
      <!--解決中文亂碼-->
          <filter>
              <filter-name>CharacterEncodingFilter</filter-name>
              <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
              <init-param>
                  <param-name>encoding</param-name>
                  <param-value>utf-8</param-value>
              </init-param>
          </filter>
          <filter-mapping>
          <filter-name>CharacterEncodingFilter</filter-name>
          <url-pattern>/*</url-pattern>
          </filter-mapping>

    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>/user/tologin.do</welcome-file>
    </welcome-file-list>
</web-app>
web.xml的配置信息
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>aaa</groupId>
    <artifactId>maven_meun</artifactId>
    <version>1.0-SNAPSHOT</version>

        <properties>
                <spring.version>4.3.18.RELEASE</spring.version>
            </properties>

            <dependencies>

                <dependency>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-context</artifactId>
                    <version>${spring.version}</version>
                </dependency>
                <dependency>

                    <groupId>org.mybatis</groupId>
                    <artifactId>mybatis</artifactId>
                    <version>3.4.6</version>
                </dependency>

                <dependency>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-webmvc</artifactId>
                    <version>${spring.version}</version>
                </dependency>
                <dependency>
                    <groupId>org.mybatis</groupId>
                    <artifactId>mybatis-spring</artifactId>
                    <version>1.3.2</version>
                </dependency>
                <dependency>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-jdbc</artifactId>
                    <version>${spring.version}</version>
                </dependency>
                <dependency>
                    <groupId>javax.servlet</groupId>
                    <artifactId>jstl</artifactId>
                    <version>1.2</version>
                </dependency>
                <dependency>
                    <groupId>taglibs</groupId>
                    <artifactId>standard</artifactId>
                    <version>1.1.2</version>
                </dependency>
                <dependency>
                    <groupId>org.apache.shiro</groupId>
                    <artifactId>shiro-spring</artifactId>
                    <version>1.3.2</version>
                </dependency>
                <dependency>
                    <groupId>org.apache.shiro</groupId>
                    <artifactId>shiro-web</artifactId>
                    <version>1.3.2</version>
                </dependency>


                <dependency>
                    <groupId>org.apache.commons</groupId>
                    <artifactId>commons-dbcp2</artifactId>
                    <version>2.1.1</version>
                </dependency>

                <dependency>
                    <groupId>javax.servlet</groupId>
                    <artifactId>servlet-api</artifactId>
                    <version>2.5</version>
                </dependency>

                <dependency>
                    <groupId>com.oracle</groupId>
                    <artifactId>ojdbc6</artifactId>
                    <version>6</version>

                </dependency>
                <dependency>
                    <groupId>org.apache.shiro</groupId>
                    <artifactId>shiro-core</artifactId>
                    <version>1.3.2</version>
                </dependency>

                <dependency>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-web</artifactId>
                    <version>4.3.18.RELEASE</version>
                </dependency>
                <dependency>
                    <groupId>mysql</groupId>
                    <artifactId>mysql-connector-java</artifactId>
                    <version>5.1.46</version>
                </dependency>


                <!--json轉化-->
                <dependency>
                    <groupId>com.fasterxml.jackson.core</groupId>
                    <artifactId>jackson-core</artifactId>
                    <version>2.9.8</version>
                </dependency>

                <dependency>

                <groupId>com.fasterxml.jackson.core</groupId>
                <artifactId>jackson-databind</artifactId>
                <version>2.9.8</version>
            </dependency>

                <dependency>
                    <groupId>com.fasterxml.jackson.core</groupId>
                    <artifactId>jackson-annotations</artifactId>
                    <version>2.9.8</version>
                </dependency>
                <dependency>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-aop</artifactId>
                    <version>${spring.version}</version>
                </dependency>
                <!-- aspectj相關jar包-->
                <dependency>
                    <groupId>org.aspectj</groupId>
                    <artifactId>aspectjrt</artifactId>
                    <version>1.7.4</version>

                </dependency>
                <dependency>
                    <groupId>org.aspectj</groupId>
                    <artifactId>aspectjweaver</artifactId>
                    <version>1.7.4</version>
                </dependency>
                <dependency>
                    <groupId>org.apache.shiro</groupId>
                    <artifactId>shiro-ehcache</artifactId>
                    <version>1.4.0</version>
                </dependency>
                <dependency>
                    <groupId>net.sf.ehcache</groupId>
                    <artifactId>ehcache-core</artifactId>
                    <version>2.5.0</version>
                </dependency>

        </dependencies>

        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
                    <configuration>
                        <source>8</source>
                        <target>8</target>
                    </configuration>
                </plugin>
            </plugins>
            <resources>
                <resource>
                    <directory>src/main/java</directory>
                    <includes>
                        <include>**/*.xml</include>
                    </includes>
                </resource>
            </resources>
        </build>


</project>
pom的配置信息
相關文章
相關標籤/搜索