内容简介:首先需要导jar包!shiroFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true targetBeanName shiroFilter shiroFilter /* DispatcherServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation classpath:springmvc.xm
首先需要导jar包!
配置你自己的web.xml
CharacterEncodingFilter org.springframework.web.filter.CharacterEncodingFilter encoding utf-8 forceEncoding true CharacterEncodingFilter /*shiroFilter org.springframework.web.filter.DelegatingFilterProxy targetFilterLifecycle true targetBeanName shiroFilter shiroFilter /* DispatcherServlet org.springframework.web.servlet.DispatcherServlet contextConfigLocation classpath:springmvc.xml 1 DispatcherServlet / org.springframework.web.context.ContextLoaderListener contextConfigLocation classpath:spring.xml
接下来创建一个spring-shiro.xml,我是自己这样写的,你们写的啥自己看看
<?xml version="1.0" encoding="UTF-8"?>/user/toLogin** = anon<aop:config proxy-target-class=“true” ></aop:config>
redirect:/user/toNopermission
对了,你们springmvc.xml中还需要添加一段配置,如下:
我自己定义的realm类叫userRealm
package com.youzhong.realm;
import com.youzhong.dao.UserMapper;
import com.youzhong.entity.User;
import com.youzhong.entity.UserExample;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.ArrayList;
import java.util.List;
public class UserRealm extends AuthorizingRealm {
@Autowired
public UserMapper userMapper;
@Override
public String getName() {
return "UserRealm";
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
User user = (User) principalCollection.getPrimaryPrincipal();
ArrayList<String> permissions = new ArrayList<>();
if(user.getStatus().equals("admin")){
permissions.add("*:*");
}else if(user.getStatus().equals("error")){
permissions.add("*:select");
}else if(user.getStatus().equals("ok")){
permissions.add("*:edit");
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(permissions);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String username = (String) authenticationToken.getPrincipal();
UserExample userExample = new UserExample();
userExample.createCriteria().andUsernameEqualTo(username);
List<User> users = userMapper.selectByExample(userExample);
if(users.size()>0 ){
return new SimpleAuthenticationInfo(users.get(0),users.get(0).getPassword(),getName());
}
return null;
}
}
注意我这只是模拟,并不是企业级项目,只是搭建,这是我的ajax登陆!
package com.youzhong.controller;
import com.youzhong.entity.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
@Controller
@RequestMapping(“user”)
public class UserController {
@RequestMapping("toLogin")
public String toLogin() {
return "user/login";
}
@RequestMapping(value = "toLoginVerify")
@ResponseBody
public String login(User user, HttpServletRequest req) {
UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
} catch (UnknownAccountException ex) {
return "u1";
} catch (IncorrectCredentialsException ex) {
return "i1";
} catch (AuthenticationException e) {
return "a1";
}
return "ok";
}
@RequestMapping("logout")
public String logout(){
Subject subject = SecurityUtils.getSubject();
subject.logout();
return "user/login";
}
@RequestMapping("toNopermission")
public String toNopermission(){
return "no/nopermission";
}
login页面,这是我写的用的easyui
<%–
Created by IntelliJ IDEA.
User: 你好!
Date: 2019/4/9
Time: 16:11
To change this template use File | Settings | File Templates.
–%>
<%@ page contentType=“text/html;charset=UTF-8” language=“java” %>
<%@ include file="/static/taglib.jsp"%>
-1
以上所述就是小编给大家介绍的《简单的SSM-Shiro安全框架搭建》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
啊哈C语言!逻辑的挑战(修订版)
啊哈磊 / 电子工业出版社 / 2017-1 / 49
《啊哈C语言!逻辑的挑战(修订版)》是一本非常有趣的编程启蒙书,《啊哈C语言!逻辑的挑战(修订版)》从中小学生的角度来讲述,没有生涩的内容,取而代之的是生动活泼的漫画和风趣幽默的文字。配合超萌的编程软件,《啊哈C语言!逻辑的挑战(修订版)》从开始学习与计算机对话到自己独立制作一个游戏,由浅入深地讲述编程的思维。同时,与计算机展开的逻辑较量一定会让你觉得很有意思。你可以在茶余饭后阅读《啊哈C语言!逻......一起来看看 《啊哈C语言!逻辑的挑战(修订版)》 这本书的介绍吧!
