内容简介:首先需要导jar包!shiroFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true targetBeanName shiroFilter shiroFilter /* DispatcherServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation classpath:springmvc.xm
首先需要导jar包!
配置你自己的web.xml
CharacterEncodingFilter org.springframework.web.filter.CharacterEncodingFilter encoding utf-8 forceEncoding true CharacterEncodingFilter /*shiroFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true targetBeanName shiroFilter shiroFilter /* DispatcherServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation classpath:springmvc.xml 1 DispatcherServlet / org.springframework.web.context.ContextLoaderListener contextConfigLocation classpath:spring.xml
接下来创建一个spring-shiro.xml,我是自己这样写的,你们写的啥自己看看
<?xml version="1.0" encoding="UTF-8"?>/user/toLogin** = anon<aop:config proxy-target-class=“true” ></aop:config>
redirect:/user/toNopermission
对了,你们springmvc.xml中还需要添加一段配置,如下:
我自己定义的realm类叫userRealm
package com.youzhong.realm;
import com.youzhong.dao.UserMapper;
import com.youzhong.entity.User;
import com.youzhong.entity.UserExample;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.ArrayList;
import java.util.List;
public class UserRealm extends AuthorizingRealm {
@Autowired
public UserMapper userMapper;
@Override
public String getName() {
return "UserRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
User user = (User) principalCollection.getPrimaryPrincipal();
ArrayList<String> permissions = new ArrayList<>();
if(user.getStatus().equals("admin")){
permissions.add("*:*");
}else if(user.getStatus().equals("error")){
permissions.add("*:select");
}else if(user.getStatus().equals("ok")){
permissions.add("*:edit");
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(permissions);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String username = (String) authenticationToken.getPrincipal();
UserExample userExample = new UserExample();
userExample.createCriteria().andUsernameEqualTo(username);
List<User> users = userMapper.selectByExample(userExample);
if(users.size()>0 ){
return new SimpleAuthenticationInfo(users.get(0),users.get(0).getPassword(),getName());
}
return null;
}
}
注意我这只是模拟,并不是企业级项目,只是搭建,这是我的ajax登陆!
package com.youzhong.controller;
import com.youzhong.entity.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
@Controller
@RequestMapping(“user”)
public class UserController {
@RequestMapping("toLogin")
public String toLogin() {
return "user/login";
}
@RequestMapping(value = "toLoginVerify")
@ResponseBody
public String login(User user, HttpServletRequest req) {
UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
} catch (UnknownAccountException ex) {
return "u1";
} catch (IncorrectCredentialsException ex) {
return "i1";
} catch (AuthenticationException e) {
return "a1";
}
return "ok";
}
@RequestMapping("logout")
public String logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "user/login";
}
@RequestMapping("toNopermission")
public String toNopermission(){
return "no/nopermission";
}
login页面,这是我写的用的easyui
<%–
Created by IntelliJ IDEA.
User: 你好!
Date: 2019/4/9
Time: 16:11
To change this template use File | Settings | File Templates.
–%>
<%@ page contentType=“text/html;charset=UTF-8” language=“java” %>
<%@ include file="/static/taglib.jsp"%>
-1
以上所述就是小编给大家介绍的《简单的SSM-Shiro安全框架搭建》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Text Processing in Python
David Mertz / Addison-Wesley Professional / 2003-6-12 / USD 54.99
Text Processing in Python describes techniques for manipulation of text using the Python programming language. At the broadest level, text processing is simply taking textual information and doing som......一起来看看 《Text Processing in Python》 这本书的介绍吧!
