配置web.xml

<!-- 配置shiro的集成开始 -->

    <filter>

        <filter-name>shiroFilter</filter-name>

        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

        <init-param>

            <param-name>targetFilterLifecycle</param-name>

            <param-value>true</param-value>

        </init-param>

        <init-param>

            <!-- 这里面的shiroFilter必须和application-shiro.xml里面的

            <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" >id 一样 -->

            <param-name>targetBeanName</param-name>

            <param-value>shiroFilter</param-value>

        </init-param>

    </filter>

    <filter-mapping>

        <filter-name>shiroFilter</filter-name>

        <servlet-name>springmvc</servlet-name>

    </filter-mapping>

    <!-- 配置shiro的集成结束 -->

创建application-shiro.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:context="http://www.springframework.org/schema/context"

    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

    <!-- 声明凭证匹配器 -->

    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">

        <property name="hashAlgorithmName" value="md5"></property>

        <property name="hashIterations" value="2"></property>

    </bean>

    <!-- 声明userRealm -->

    <bean id="userRealm" class="com.sxt.realm.UserRealm">

        <!-- 注入凭证匹配器 -->

        <property name="credentialsMatcher" ref="credentialsMatcher"></property>

    </bean>

    <!-- 配置SecurityManager -->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

        <!-- 注入realm -->

        <property name="realm" ref="userRealm"></property>

    </bean>

    <!-- 配置shiro的过滤器  这里面的id必须和web.xml里面的配置一样 -->

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" >

        <!-- 注入安全管理器 -->

        <property name="securityManager" ref="securityManager"></property>

        <!-- 注入未登陆的跳转页面 默认的是webapp/login.jsp-->

        <property name="loginUrl" value="/index.jsp"></property>

        <!-- 注入未授权的访问页面 -->

        <property name="unauthorizedUrl" value="/unauthorized.jsp"></property>

        <!-- 配置过滤器链 -->

        <property name="filterChainDefinitions">

            <value>

                <!-- 放行index.jsp -->

                /index.jsp*=anon

                <!-- 放行跳转到登陆页面的路径 -->

                /login/toLogin*=anon

                <!-- 放行登陆的请求 -->

                /login/login*=anon

                <!-- 设置登出的路径 -->

                /login/logout*=logout

                <!-- 设置其它路径全部拦截 -->

                /**=authc

            </value>

        </property>

    </bean>

</beans>
com.sxt.realm.UserRealm 类
public class UserRealm extends AuthorizingRealm {

    @Autowired

    private UserService userService;

    @Autowired

    private RoleService roleService;

    @Autowired

    private PermissionService permissionService;

    @Override

    public String getName() {

        return this.getClass().getSimpleName();

    }

    /**

     * 认证

     */

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        String username = token.getPrincipal().toString();

        // 根据用户名查询用户

        User user = this.userService.queryUserByUserName(username);

        if (null != user) {

            //查询角色

            List<String> roles = this.roleService.queryRolesByUserId(user.getUserid());

            //查询权限

            List<String> permissions = this.permissionService.queryPermissionByUserId(user.getUserid());

            //构造ActiverUser

            ActivierUser activierUser=new ActivierUser(user, roles, permissions);

            //创建盐

            ByteSource credentialsSalt=ByteSource.Util.bytes(user.getUsername()+user.getAddress());

            SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(activierUser, user.getUserpwd(), credentialsSalt, this.getName());

            return info;

        } else {

            return null;

        }

    }

    /**

     * 授权

     */

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        ActivierUser activierUser = (ActivierUser) principals.getPrimaryPrincipal();

        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();

        List<String> roles = activierUser.getRoles();

        List<String> permissions = activierUser.getPermissions();

        if(null!=roles&&roles.size()>0) {

            info.addRoles(roles);

        }

        if(null!=permissions&&permissions.size()>0) {

            info.addStringPermissions(permissions);

        }

        return info;

    }

}
User权限和角色类集合
public class ActivierUser {

    private User user;

    private List<String> roles;

    private List<String> permissions;

    public ActivierUser() {

        // TODO Auto-generated constructor stub

    }

    public ActivierUser(User user, List<String> roles, List<String> permissions) {

        super();

        this.user = user;

        this.roles = roles;

        this.permissions = permissions;

    }

UserRealm 类的使用

public class UserRealm extends AuthorizingRealm {

    @Autowired

    private UserService userService;

    @Autowired

    private RoleService roleService;

    @Autowired

    private PermissionService permissionService;

    @Override

    public String getName() {

        return this.getClass().getSimpleName();

    }

    /**

     * 认证

     */

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        String username = token.getPrincipal().toString();

        System.out.println(token.getPrincipal()+"---账号名");

        System.out.println(token.getCredentials()+"--密码");

        // 根据用户名查询用户

        User user = this.userService.queryUserByUserName(username);

        if (null != user) {

            //查询角色

            List<String> roles = this.roleService.queryRolesByUserId(user.getUserid());

            //查询权限

            List<String> permissions = this.permissionService.queryPermissionByUserId(user.getUserid());

            //构造ActiverUser

            ActivierUser activierUser=new ActivierUser(user, roles, permissions);

            //创建盐

            ByteSource credentialsSalt=ByteSource.Util.bytes(user.getUsername()+user.getAddress());

            SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(activierUser, user.getUserpwd(), credentialsSalt, this.getName());

            return info;

        } else {

            return null;

        }

    }

    /**

     * 授权

     */

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        ActivierUser activierUser = (ActivierUser) principals.getPrimaryPrincipal();

        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();

        List<String> roles = activierUser.getRoles();

        List<String> permissions = activierUser.getPermissions();

        if(null!=roles&&roles.size()>0) {

            info.addRoles(roles);

        }

        if(null!=permissions&&permissions.size()>0) {

            info.addStringPermissions(permissions);

        }

        return info;

    }

}

登录请求

@RequestMapping("login")

@Controller

public class LoginController {

    /**

     * 跳转到登陆页面

     */

    @RequestMapping("toLogin")

    public String toLogin() {

        return "login";

    }

    /**

     * 做登陆

     */

    @RequestMapping("login")

    public String login(String username,String pwd,HttpSession session) {

        //得到主体

        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token=new UsernamePasswordToken(username, pwd);

        try {

            subject.login(token);

            System.out.println("登陆成功");

            ActivierUser activierUser = (ActivierUser) subject.getPrincipal();

            System.out.println(subject.getPrincipal().toString()+"222");

            session.setAttribute("user", activierUser.getUser());

            return "redirect:/user/toUserManager.action";

        } catch (AuthenticationException e) {

            e.printStackTrace();

            return "redirect:/index.jsp";

        }

    }

}

页面调用

<%@ page language="java" contentType="text/html; charset=UTF-8"

    pageEncoding="UTF-8"%>

<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>Insert title here</title>

</head>

<body>

    <shiro:hasPermission name="user:query">

        <h1><a href="user/query.action">查询用户</a></h1>

    </shiro:hasPermission>

    <shiro:hasPermission name="user:add">

    <h1><a href="user/add.action">添加用户</a></h1>

    </shiro:hasPermission>

    <shiro:hasPermission name="user:update">

    <h1><a href="user/update.action">修改用户</a></h1>

    </shiro:hasPermission>

    <shiro:hasPermission name="user:delete">

    <h1><a href="user/delete.action">删除用户</a></h1>

    </shiro:hasPermission>

    <shiro:hasPermission name="user:export">

    <h1><a href="user/export.action">导出用户</a></h1>

    </shiro:hasPermission>

</body>

</html>

详细请看git

shiro的ssm集成和简单的开发尝试的更多相关文章

  1. [Shiro] - shiro之SSM中的使用

    在学习shiro的途中,在github发现了一个开源项目,所需的控件刚好是自己要学习的方向. 虽然还要学习完ssm的shiro与springboot的shiro,以及接下来的种种控件和类库,但学习这个 ...

  2. ssm集成redis

    身在一个传统的IT公司,接触的新技术比较少,打算年后跳槽,所以抽空学了一下redis. 简单的redis测试,咱们这边就不讲了,现在主要讲讲ssm集成redis的过程,因为现在项目用的就是ssm的框架 ...

  3. 基于SSM的Java Web应用开发原理初探

    SSM开发Web的框架已经很成熟了,成熟得以至于有点落后了.虽然如今是SOA架构大行其道,微服务铺天盖地的时代,不过因为仍有大量的企业开发依赖于SSM,本文简单对基于SSM的Java开发做一快速入门, ...

  4. Java基于ssm框架的restful应用开发

    Java基于ssm框架的restful应用开发 好几年都没写过java的应用了,这里记录下使用java ssm框架.jwt如何进行rest应用开发,文中会涉及到全局异常拦截处理.jwt校验.token ...

  5. SpringMVC笔记——SSM框架搭建简单实例

    落叶枫桥 博客园 首页 新随笔 联系 订阅 管理 SpringMVC笔记——SSM框架搭建简单实例 简介 Spring+SpringMVC+MyBatis框架(SSM)是比较热门的中小型企业级项目开发 ...

  6. 【Shiro】Apache Shiro架构之集成web

    Shiro系列文章: [Shiro]Apache Shiro架构之身份认证(Authentication) [Shiro]Apache Shiro架构之权限认证(Authorization) [Shi ...

  7. Spring Boot 2.X(二):集成 MyBatis 数据层开发

    MyBatis 简介 概述 MyBatis 是一款优秀的持久层框架,支持定制化 SQL.存储过程以及高级映射.它采用面向对象编程的方式对数据库进行 CRUD 的操作,使程序中对关系数据库的操作更方便简 ...

  8. SSM集成

    SSM集成   Spring和各个框架的整合   Spring目前是JavaWeb开发中最终的框架,提供一站式服务,可以其他各个框架整合集成   Spring整合方案   SSH Ssh是早期的一种整 ...

  9. SSM集成FastJson

    FastJson Json数据格式回顾 什么是json JSON:(JavaScript Object Notation, JS 对象简谱) 是一种轻量级的数据交换格式.它基于 ECMAScript( ...

随机推荐

  1. 在okhttp的callback回调中加Toast出现Cant create handler inside hread that has not called Looper.prepare()...

    2019独角兽企业重金招聘Python工程师标准>>> 分析:callback中回调的response方法中还是在子线程中运行的,所以要调取Toast必须回到主线程中更新ui 解决方 ...

  2. pod setup命令失败解决方法

    最近运行pod setup出现以下问题: remote: Compressing objects: 100% (34/34), done.error: RPC failed; curl 56 SSLR ...

  3. C语言编程入门题目--No.11

    题目:古典问题:有一对兔子,从出生后第3个月起每个月都生一对兔子,小兔子长到第三个月 后每个月又生一对兔子,假如兔子都不死,问每个月的兔子总数为多少? 1.程序分析: 兔子的规律为数列1,1,2,3, ...

  4. python(string 模块)

    1.string 模块下关键字源码定义 whitespace = ' \t\n\r\v\f' ascii_lowercase = 'abcdefghijklmnopqrstuvwxyz' ascii_ ...

  5. SVN 部署(基于 Linux)

    1.通过 yum 命令安装 svnserve,命令如下: # 此命令会全自动安装svn服务器相关服务和依赖,安装完成会自动停止命令运行 yum -y install subversion # 若需查看 ...

  6. Prometheus monitor RabbitMQ

    Install docker-compose sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2 ...

  7. 【原创】Linux Mutex机制分析

    背景 Read the fucking source code! --By 鲁迅 A picture is worth a thousand words. --By 高尔基 说明: Kernel版本: ...

  8. centos7 源码安装nginx

    1. 安装编译所需要的工具包 yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel 2. 安装ngi ...

  9. centos7 安装高版本svn

    一.安装高版本svn 1.创建一个新的yum库文件,vim /etc/yum.repos.d/wandisco-svn.repo 内容如下 [WandiscoSVN] name=Wandisco SV ...

  10. Linux下使用Rsync进行文件同步

    数据备份方案 1.需要备份的文件目录有(原则上,只要运维人员写入或更改的数据都需要备份)./data,/etc/rc.local,/var/spool/cron/root等,根据不同都服务器做不同的调 ...