springmvc+shiro | 易学教程

shiro.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">



    <!--注入自定义的Realm-->
    <bean id="customRealm" class="com.yeki.core.shiro.CustomRealm"></bean>

    <!-- CAS认证过滤器 -->
    <bean id="casFilter" class="org.apache.shiro.cas.CasFilter">
        <property name="failureUrl" value="/login"/>
    </bean>


    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login"/>
        <property name="successUrl" value="/login"/>
        <property name="filters">
            <map>
                <entry key="cas" value-ref="casFilter"/>
            </map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /user=authc
                /role=logout
                /login**=anon
                /static/**=anon
            </value>
        </property>
    </bean>

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="customRealm"></property>
    </bean>


    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

    <!--开启shiro的注解-->
    <bean id="advisorAutoProxyCreator" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
        <property name="proxyTargetClass" value="true"></property>
    </bean>

    <!-- Shiro生命周期处理器 -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

</beans>

package com.yeki.core.shiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import java.util.ArrayList;
import java.util.List;

/**
 * shiro  重写realm
 */
public class CustomRealm extends AuthorizingRealm {
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String userName = (String) principalCollection.getPrimaryPrincipal();
        List<String> permissionList=new ArrayList<String>();
        permissionList.add("user:add");
        permissionList.add("user:delete");
        if (userName.equals("zhou")) {
            permissionList.add("user:list");
        }
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        info.addStringPermissions(permissionList);
        info.addRole("admin");
        return info;

    }

    /**
     * 注意，登录页面输入的密码必须为123456
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //处理逻辑，这里只根据登录名查询用户信息，获取username和password
        //当用户不存在时返回null,用户存在时new SimpleAuthenticationInfo(username,password,this.getName())
        //在controller里面新建一个loginController接收username和password。判断是否与数据库中数据一致
        String userName = (String) authenticationToken.getPrincipal();
        if ("11".equals(userName)) {
            return  null;
        }
        SimpleAuthenticationInfo info = null;
        try {
            info = new SimpleAuthenticationInfo(userName,"123456",this.getName());
        } catch (Exception e) {
            System.out.println("用户名密码错误");
            e.printStackTrace();
        }
        return info;

    }
}

web.xml中

<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

package com.yeki.modules.user.controller;

import com.yeki.modules.user.entity.UserEntity;
import com.yeki.modules.user.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.List;

@Controller
@RequestMapping(value = "user")
public class UserController {

    @Autowired
    private UserService userService;

    @ResponseBody
    @RequestMapping(value="getUser")
    @RequiresPermissions("user:list")
    public List<UserEntity> getUser(){
        return userService.getList();
    }

    @RequestMapping(value="login")
    public String login(String userName,String password){
        Subject subject=SecurityUtils.getSubject();
        UsernamePasswordToken token=new UsernamePasswordToken(userName,password);
        try {
            subject.login(token);
        } catch (AuthenticationException e) {
           return "user/login";
        }
        return "user/list";
    }

    @RequestMapping(value="toLogin")
    public String toLogin(){
        return "user/login";
    }

    @RequestMapping(value="list")
    public String getList(){
        return "user/list";
    }

}

<%--
  Created by IntelliJ IDEA.
  User: Administrator
  Date: 2019/8/7
  Time: 16:03
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<html>
<head>
    <title>列表</title>
</head>
<body>


<shiro:hasPermission name="user:list">
    <button>查询</button>
</shiro:hasPermission>

</body>
</html>

<%--
  Created by IntelliJ IDEA.
  User: Administrator
  Date: 2019/8/7
  Time: 16:03
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>登录</title>
</head>
<body>

<form action="/user/login">
    <input name="userName">
    <input name="password">
    <input type="submit">
</form>

</body>
</html>

注意：

将spring中注册的filter并入到shiroFilterFactoryBean的filters中，直接将整个filterChain代理，先执行完自己的filter才会考虑servlet的。

authc：
（1）登录拦截，判断当前路径是否为loginUrl,若不是进行拦截，检查当前用户是否已登录

（2）自动登录，若当前路径为loginUrl执行登录操作，验证用户名密码

user:若设置为rememberMe则不需要再次登录了

来源：https://blog.csdn.net/u010924720/article/details/98765854

标签

string

shiro

bean