依赖:spring-context,spring-MVC,shiro-core,shiro-spring,shiro-web

实话实说:web.xml,spring,springmvc配置文件好难

大致效果

代码结构(使用web骨架构建)

pom.xml

<dependencies>

        <dependency>

            <groupId>junit</groupId>

            <artifactId>junit</artifactId>

            <version>4.11</version>

            <scope>test</scope>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-context</artifactId>

            <version>4.2.4.RELEASE</version>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-webmvc</artifactId>

            <version>4.2.4.RELEASE</version>

        </dependency>

        <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-core</artifactId>

            <version>1.4.0</version>

        </dependency>

        <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-spring</artifactId>

            <version>1.4.0</version>

        </dependency>

        <dependency>

            <groupId>org.apache.shiro</groupId>

            <artifactId>shiro-web</artifactId>

            <version>1.4.0</version>

        </dependency>

    </dependencies>

实体类User

public class User {

    private int id;

    private String username;

    private String password;

    public User() {

    }

    public User(String username, String password) {

        this.username = username;

        this.password = password;

    }

    public User(int id, String username, String password) {

        this.id = id;

        this.username = username;

        this.password = password;

    }

    @Override

    public String toString() {

        return "User{" +

                "id=" + id +

                ", username='" + username + '\'' +

                ", password='" + password + '\'' +

                '}';

    }

    public int getId() {

        return id;

    }

    public void setId(int id) {

        this.id = id;

    }

    public String getUsername() {

        return username;

    }

    public void setUsername(String username) {

        this.username = username;

    }

    public String getPassword() {

        return password;

    }

    public void setPassword(String password) {

        this.password = password;

    }

}

自定义Realm 域  类(加盐)

public class CustomRealm extends AuthorizingRealm {    
  @Override  //授权

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        String username = (String) principals.getPrimaryPrincipal();

        //通过用户名username,获取角色

        Set<String> roles=getRolesByUsername(username);

        //通过用户名username,获取角色de权限

        Set<String> permissions=getPermissionsByUsrname(username);

        //返回AuthorizationInfo对象,先创建

        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();

        //设置授权  ---角色

        info.setRoles(roles);

        //设置授权  ---权限

        info.setStringPermissions(permissions);

        return info;

    }

    private Set<String> getPermissionsByUsrname(String username) {

        //也是从数据库去,这里写死

        Set<String> permissions=new HashSet<>();

        permissions.add("user:select");

        permissions.add("user:update");

        permissions.add("user:delete");

        permissions.add("user:insert");

        return permissions;

    }

    private Set<String> getRolesByUsername(String username) {

        //也是从数据库去,这里写死

        Set<String> roles=new HashSet<>();

        roles.add("admin");

        roles.add("user");

        return roles;

    }

    @Override  //认证

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        String username = (String) token.getPrincipal();

        System.out.println("用户名:"+username);

        String pwd=getPwdByUsername(username);

        System.out.println("密  码:"+pwd);

        if (pwd==null){

            return null;

        }

        SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,pwd,"customRealmSecret");
     info.setCredentialsSalt(ByteSource.Util.bytes("salt"));

        return info;

    }

    private String getPwdByUsername(String username) {

        Map<String,String> map=new HashMap<>();

        //加密的密码admin再加盐   --->c657540d5b315892f950ff30e1394480

        map.put("admin","c657540d5b315892f950ff30e1394480");

        super.setName("customRealmSecret");

        return map.get(username);

    }

}

控制器controller

@Controller

public class UserController {

    @ResponseBody

    @RequestMapping(value = "/subLogin",method = RequestMethod.POST,produces="application/json;charset=utf-8")

    public String subLogin(User user){

        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(),user.getPassword());

        try {

            subject.login(token);

        } catch (AuthenticationException e) {

            return e.getMessage();

        }

        return "登录成功";

    }

}

login.htnl

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <title>shiro登录页面</title>

</head>

<body>

    <form action="subLogin" method="post">

        <input type="text" name="username"/><br/>

        <input type="password" name="password"/><br/>

        <input type="submit" value="登录"/>

    </form>

</body>

</html>

重头戏:配置文件

web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xmlns="http://java.sun.com/xml/ns/javaee"

         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

         id="WebApp_ID" version="3.0">

  <context-param>

    <param-name>contextConfigLocation</param-name>

    <param-value>classpath*:spring/spring.xml</param-value>

  </context-param>

  <listener>

    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

  </listener>

  <listener>

    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>

  </listener>

  <filter>

    <filter-name>shiroFilter</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

  </filter>

  <filter-mapping>

    <filter-name>shiroFilter</filter-name>

    <url-pattern>/*</url-pattern>

  </filter-mapping>

  <!-- The front controller of this Spring Web application, responsible for handling all application requests -->

  <servlet>

    <servlet-name>springDispatcherServlet</servlet-name>

    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

    <init-param>

      <param-name>contextConfigLocation</param-name>

      <param-value>classpath*:spring/springmvc.xml</param-value>

    </init-param>

    <load-on-startup>1</load-on-startup>

  </servlet>

  <!-- Map all requests to the DispatcherServlet for handling -->

  <servlet-mapping>

    <servlet-name>springDispatcherServlet</servlet-name>

    <url-pattern>/</url-pattern>

  </servlet-mapping>

</web-app>

spring.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:mvc="http://www.springframework.org/schema/mvc"

       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

       http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

        <property name="securityManager" ref="securityManager"/>

        <property name="loginUrl" value="login.html"/>

        <property name="unauthorizedUrl" value="403.html"/>

        <!--过滤器页面-->

        <property name="filterChainDefinitions">

            <value>

                /subLogin=anon          <!--提交登录的url也不需要认证-->

                /login.html=anon         <!--不需要认证,也可以访问-->

                /*=authc                <!--需要认证,才可以访问-->

            </value>

        </property>

    </bean>

    <!--创建securityManager对象-->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <property name="realm" ref="realm"/>

    </bean>

    <bean class="com.imooc.shiro.realm.CustomRealm" id="realm">

        <property name="credentialsMatcher" ref="credentialsMatcher"/>

    </bean>

    <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"

          id="credentialsMatcher">

        <property name="hashAlgorithmName" value="md5"/>

        <property name="hashIterations" value="1"/>

    </bean>

</beans>

springmvc.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:context="http://www.springframework.org/schema/context"

       xmlns:mvc="http://www.springframework.org/schema/mvc"

       xsi:schemaLocation="

        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

<context:component-scan base-package="com.imooc.controller"/>

    <mvc:annotation-driven/>

    <!--排除静态文件-->

    <mvc:resources mapping="/*" location="/"/>

</beans>

个人总结下啦:

  难在配置,特别有个坑在spring的bean里面,要的是web的

  <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
  而我配少了个web
  <bean id="securityManager" class="org.apache.shiro.mgt.DefaultWebSecurityManager">
哎,这就搞了我一晚头大,买了个表,顶
还有就是,理解好,shiro的
shiroFilter,
DefaultWebSecurityManager,
CustomRealm(自定义的域),
HashedCredentialsMatcher(加密),
也就七七八八了

shiro学习(四、shiro集成spring+springmvc)的更多相关文章

  1. Apache Shiro学习-2-Apache Shiro Web Support

     Apache Shiro Web Support  1. 配置 将 Shiro 整合到 Web 应用中的最简单方式是在 web.xml 的 Servlet ContextListener 和 Fil ...

  2. Drools 7.4.1.Final参考手册(十四)集成Spring

    集成Spring Drools 6.0重要变更 Drools Spring集成经历了与Drools 6.0的变化完全一致的改造. 以下是一些主要的变化: T*推荐的Drools Spring的前缀已经 ...

  3. javaweb各种框架组合案例(四):maven+spring+springMVC+spring data jpa(hibernate)【失败案例】

    一.失败案例 1. 控制台报错信息 严重: Exception sending context initialized event to listener instance of class org. ...

  4. shiro与Web项目整合-Spring+SpringMVC+Mybatis+Shiro(八)

    Jar包

  5. shiro基础学习(四)—shiro与项目整合

    一.认证 1.配置web.xml   2.配置applicationContext.xml      在applicationContext.xml中配置一个bean,ID和上面的过滤器的名称一致. ...

  6. Shiro学习

    Shiro学习资源 Shiro官网,http://shiro.apache.org/index.html 学习网站链接,http://blog.java1234.com/blog/articles/4 ...

  7. Quartz学习——SSMM(Spring+SpringMVC+Mybatis+Mysql)和Quartz集成详解(四)

    当任何时候觉你得难受了,其实你的大脑是在进化,当任何时候你觉得轻松,其实都在使用以前的坏习惯. 通过前面的学习,你可能大致了解了Quartz,本篇博文为你打开学习SSMM+Quartz的旅程!欢迎上车 ...

  8. (转) Quartz学习——SSMM(Spring+SpringMVC+Mybatis+Mysql)和Quartz集成详解(四)

    http://blog.csdn.net/u010648555/article/details/60767633 当任何时候觉你得难受了,其实你的大脑是在进化,当任何时候你觉得轻松,其实都在使用以前的 ...

  9. Shiro学习(12)与Spring集成

    Shiro的组件都是JavaBean/POJO式的组件,所以非常容易使用spring进行组件管理,可以非常方便的从ini配置迁移到Spring进行管理,且支持JavaSE应用及Web应用的集成. 在示 ...

随机推荐

  1. Flume-几种拓扑结构

    一.串联 Flume Agent 连接 这种模式是将多个 flume 顺序连接起来了,从最初的 source 开始到最终 sink 传送的目的存储系统.此模式不建议桥接过多的 flume 数量,flu ...

  2. 前端知识点回顾——Javascript篇(六)

    fetch 在原生ajax+es6promise的基础上封装的一个语法糖,返回promise对象. fetch(url, initObj) .then(res=>res.json()) .the ...

  3. 【SR汇总】基于深度学习方法

    1.SRCNN.FSRCNN (Learning a Deep Convolutional Network for Image Super-Resolution, ECCV2014) (Acceler ...

  4. LC 802. Find Eventual Safe States

    In a directed graph, we start at some node and every turn, walk along a directed edge of the graph.  ...

  5. 动态库(.so)隐藏函数名

    一.偶遇 error: undefined reference to  xxx 问题 尝试封装通用的接口到一个private.so,然后供客户端使用,private.so编译出来后由sample.cp ...

  6. js对象和jQuery对象的区别

    (1)js对象的三种基本定位方式 (A)通过ID属性:document.getElementById() (B)通过NAME属性:document.getElementsByName() (C)通过标 ...

  7. python写入csv方法总结

    最常用的一种方法,利用pandas包 import pandas as pd #任意的多组列表 a = [1,2,3] b = [4,5,6] #字典中的key值即为csv中列名 dataframe ...

  8. 为什么HashMap继承了AbstractMap还要实现Map?

    前言 之前看源码一直忽略了这个现象,按理说HashMap的父类AbstractMap已经实现了Map,它为什么还要实现一次呢?遂上网查了一下,背后原因让人大跌眼镜. 原因 这是类库设计者的拼写错误,其 ...

  9. 转 MySQL: Starting MySQL….. ERROR! The server quit without updating PID file解决办法

    http://blog.sina.com.cn/s/blog_637e04c9010117ri.html 1 问题 [root@localhost mysql]# /etc/rc.d/init.d/m ...

  10. router-link跳转页面传递参数及页面刷新方法

    使用router-link传参: 第一种: 路径:http://localhost:8080/goodListP?id=2 跳转的页面获取参数: this.$route.query.id 第二种: 路 ...