服务器之家:专注于服务器技术及软件下载分享
分类导航

PHP教程|ASP.NET教程|Java教程|ASP教程|编程技术|正则表达式|C/C++|IOS|C#|Swift|Android|VB|R语言|JavaScript|易语言|vb.net|

服务器之家 - 编程语言 - Java教程 - spring+shiro 整合实例代码详解

spring+shiro 整合实例代码详解

2021-06-08 14:11木土mango Java教程

本文通过实例代码给大家介绍spring+shiro 整合的过程,非常不错,具有一定的参考借鉴价值,需要的朋友可以参考下

一、添加相关依赖

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-core</artifactid>
   <version>1.2.1</version>
  </dependency>
  <dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-web</artifactid>
   <version>1.2.1</version>
  </dependency>
  <dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-ehcache</artifactid>
   <version>1.2.1</version>
  </dependency>
  <dependency>
   <groupid>org.apache.shiro</groupid>
   <artifactid>shiro-spring</artifactid>
   <version>1.2.1</version>
  </dependency>
  <dependency>
   <groupid>commons-logging</groupid>
   <artifactid>commons-logging</artifactid>
   <version>1.2</version>
  </dependency>

二、编写代码

1、自定义realm

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
public class commonrealm extends authorizingrealm {
 @autowired
 private userloginservice userloginservice;
 @override
 public string getname() {
  return "commonrealm";
 }
 //授权
 @override
 protected authorizationinfo dogetauthorizationinfo(principalcollection principals) {
  string usernmae = (string) principals.getprimaryprincipal();
  list<string> permissions = new arraylist<string>();
  if ("admin".equals(usernmae)) {
   permissions.add("admin:ee");
  }
  simpleauthorizationinfo info = new simpleauthorizationinfo();
  info.addstringpermissions(permissions);
  return info;
 }
 //身份认证
 @override
 protected authenticationinfo dogetauthenticationinfo(authenticationtoken token) throws authenticationexception {
  string username = (string) token.getprincipal();
  user user = userloginservice.getuser(username);
  if (user == null) {
   return null;
  }
  simpleauthenticationinfo info = new simpleauthenticationinfo(username, user.getpassword(), getname());
  return info;
 }
}

2、login controller

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
@controller
public class useraction {
 @autowired
 private userloginservice userloginservice;
 @requestmapping("/login.do")
 public string userlogin(httpservletrequest request, string username, string password) throws exception {
  // 如果登陆失败从request中获取异常信息,shirologinfailure就是shiro异常类的全限定名
  string exceptionclassname = (string) request.getattribute("shirologinfailure");
  if (exceptionclassname != null) {
   if (unknownaccountexception.class.getname().equals(exceptionclassname)) {
    // 最终会抛给异常处理器
    throw new xxxexception("用户名不存在");
   } else if (incorrectcredentialsexception.class.getname().equals(exceptionclassname)) {
    throw new xxxexception("用户名/密码错误");
   } else {
    throw new exception();// 最终在异常处理器生成未知错误
   }
  }
  // 如果登录成功的话不走此方法,shiro认证成功会自动跳转到上一个请求路径,配的的successurl没效果,后边会说
  // 登陆失败走此方法,捕获异常,然后 return ~ ,还到login页面
  return "login.jsp";
 }
}

3、检测权限 controller

?
1
2
3
4
5
6
//此方法为了验证权限是否生效
@requestmapping("/findall.do")
@requirespermissions("admin:ee")
public modelandview list(httpservletrequest request){
 .......
}

三、常见问题

因为有一些特别常见的问题,需要修改xml配置,所以现在先手问题,把xml配置放在后边,直接就配置完善好的xml

问题一:登陆成功后shiro默认跳到上一次请求,没有上一次请求默认跳到/  ,那我们就想控制调到自己定义的路径咋办呢?

解决方案:

步骤一:继承formauthenticationfilter类,重写onloginsuccess方法,这里可以自定义路径,因为这里自定义了成功跳转的路径,所以配置里的successurl不用配置,赔了也没效果。。

?
1
2
3
4
5
6
7
8
public class loginsuccesstofilter extends formauthenticationfilter {
 @override
 protected boolean onloginsuccess(authenticationtoken token, subject subject, servletrequest request, servletresponse response) throws exception {
  webutils.getandclearsavedrequest(request);
  webutils.redirecttosavedrequest(request,response,"/findall.do");
  return false;
 }
}

步骤二:

在shiro的xml配置文件中配置

?
1
<bean id="myfilter" class="com.xxx.realm.loginsuccesstofilter"></bean>

在 shirofilter配置中引入,完整xml在后边

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<bean id="shirofilter" class="org.apache.shiro.spring.web.shirofilterfactorybean">
  <property name="filters">
   <map>
    <entry key="authc" value-ref="myfilter"></entry>
   </map>
  </property>
</bean>
<bean id="shirofilter" class="org.apache.shiro.spring.web.shirofilterfactorybean">
  <property name="filters">
   <map>
    <entry key="authc" value-ref="myfilter"></entry>
   </map>
  </property>
</bean>

四、xml配置

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
applicationcontext-shiro.xml
<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:p="http://www.springframework.org/schema/p"
  xmlns:context="http://www.springframework.org/schema/context"
  xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jee="http://www.springframework.org/schema/jee"
  xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:util="http://www.springframework.org/schema/util"
  xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
   http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
   http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
   http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
   http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
 <bean id="shirofilter" class="org.apache.shiro.spring.web.shirofilterfactorybean">
  <!-- 管理器,必须设置 -->
  <property name="securitymanager" ref="securitymanager"/>
  <property name="filters">
   <map>
    <entry key="authc" value-ref="myfilter"></entry>
   </map>
  </property>
  <!-- 拦截到,跳转到的地址,通过此地址去认证 -->
  <property name="loginurl" value="/login.do"/>
  <!-- 认证成功统一跳转到/admin/index.do,建议不配置,shiro认证成功自动到上一个请求路径 -->
  <!--<property name="successurl" value="/findall.do"/>-->
  <!-- 通过unauthorizedurl指定没有权限操作时跳转页面 -->
  <property name="unauthorizedurl" value="/refuse.jsp"/>
  <!-- 自定义filter,可用来更改默认的表单名称配置 -->
  <!--<property name="filters">-->
  <!--<map>-->
  <!--<!– 将自定义 的formauthenticationfilter注入shirofilter中 –>-->
  <!--<entry key="authc" value-ref="formauthenticationfilter" />-->
  <!--</map>-->
  <!--</property>-->
  <property name="filterchaindefinitions">
   <value>
    <!-- 对静态资源设置匿名访问 -->
    /image/** = anon
    /css/** = anon
    /js/** = anon
    /logout.do = logout
    /** = authc
   </value>
  </property>
 </bean>
 <bean id="lifecyclebeanpostprocessor" class="org.apache.shiro.spring.lifecyclebeanpostprocessor"/>
 <!-- securitymanager安全管理器 -->
 <bean id="securitymanager" class="org.apache.shiro.web.mgt.defaultwebsecuritymanager">
  <property name="realm" ref="customrealm"/>
  <!-- 注入缓存管理器 -->
  <!--<property name="cachemanager" ref="cachemanager" />-->
  <!-- 注入session管理器 -->
  <!-- <property name="sessionmanager" ref="sessionmanager" /> -->
  <!-- 记住我 -->
  <!--<property name="remembermemanager" ref="remembermemanager" />-->
 </bean>
 <!-- 自定义realm -->
 <bean id="customrealm" class="com.dhl.realm.commonrealm"></bean>
 <bean id="myfilter" class="com.dhl.realm.loginsuccesstofilter"></bean>
 <!-- 凭证匹配器 -->
 <!--<bean id="credentialsmatcher"-->
   <!--class="org.apache.shiro.authc.credential.hashedcredentialsmatcher">-->
  <!--<!– 选用md5散列算法 –>-->
  <!--<property name="hashalgorithmname" value="md5"/>-->
  <!--<!– 进行一次加密 –>-->
  <!--<property name="hashiterations" value="1"/>-->
 <!--</bean>-->
</beans>

springmvc的配置

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"
  xmlns:aop="http://www.springframework.org/schema/aop"
  xmlns:tx="http://www.springframework.org/schema/tx"
  xmlns:context="http://www.springframework.org/schema/context"
  xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
  xsi:schemalocation="http://www.springframework.org/schema/beans
  http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/aop
  http://www.springframework.org/schema/aop/spring-aop.xsd
  http://www.springframework.org/schema/tx
  http://www.springframework.org/schema/tx/spring-tx.xsd
  http://www.springframework.org/schema/context
  http://www.springframework.org/schema/context/spring-context.xsd
  http://www.springframework.org/schema/mvc
  http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd">
 <context:component-scan base-package="com.dhl.controller"></context:component-scan>
 <mvc:annotation-driven></mvc:annotation-driven>
 <bean class="org.springframework.web.servlet.view.internalresourceviewresolver"></bean>
 <!-- 开启shiro注解的配置移动到这儿 -->
 <bean class="org.springframework.aop.framework.autoproxy.defaultadvisorautoproxycreator" depends-on="lifecyclebeanpostprocessor">
  <property name="proxytargetclass" value="true" />
 </bean>
 <bean class="org.apache.shiro.spring.security.interceptor.authorizationattributesourceadvisor">
  <property name="securitymanager" ref="securitymanager"/>
 </bean>
</beans>

以上就是一个大概的整合和遇到的两个问题,博主也是查阅了很多的博客得到的较优答案,整理出来,已备后续参考,遇到一样问题的同学可以看看

原文链接:https://www.cnblogs.com/mutumango/p/9848128.html

延伸 · 阅读

精彩推荐