一、添加相关依赖
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
<dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-core</artifactid> <version> 1.2 . 1 </version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-web</artifactid> <version> 1.2 . 1 </version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-ehcache</artifactid> <version> 1.2 . 1 </version> </dependency> <dependency> <groupid>org.apache.shiro</groupid> <artifactid>shiro-spring</artifactid> <version> 1.2 . 1 </version> </dependency> <dependency> <groupid>commons-logging</groupid> <artifactid>commons-logging</artifactid> <version> 1.2 </version> </dependency> |
二、编写代码
1、自定义realm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
public class commonrealm extends authorizingrealm { @autowired private userloginservice userloginservice; @override public string getname() { return "commonrealm" ; } //授权 @override protected authorizationinfo dogetauthorizationinfo(principalcollection principals) { string usernmae = (string) principals.getprimaryprincipal(); list<string> permissions = new arraylist<string>(); if ( "admin" .equals(usernmae)) { permissions.add( "admin:ee" ); } simpleauthorizationinfo info = new simpleauthorizationinfo(); info.addstringpermissions(permissions); return info; } //身份认证 @override protected authenticationinfo dogetauthenticationinfo(authenticationtoken token) throws authenticationexception { string username = (string) token.getprincipal(); user user = userloginservice.getuser(username); if (user == null ) { return null ; } simpleauthenticationinfo info = new simpleauthenticationinfo(username, user.getpassword(), getname()); return info; } } |
2、login controller
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
@controller public class useraction { @autowired private userloginservice userloginservice; @requestmapping ( "/login.do" ) public string userlogin(httpservletrequest request, string username, string password) throws exception { // 如果登陆失败从request中获取异常信息,shirologinfailure就是shiro异常类的全限定名 string exceptionclassname = (string) request.getattribute( "shirologinfailure" ); if (exceptionclassname != null ) { if (unknownaccountexception. class .getname().equals(exceptionclassname)) { // 最终会抛给异常处理器 throw new xxxexception( "用户名不存在" ); } else if (incorrectcredentialsexception. class .getname().equals(exceptionclassname)) { throw new xxxexception( "用户名/密码错误" ); } else { throw new exception(); // 最终在异常处理器生成未知错误 } } // 如果登录成功的话不走此方法,shiro认证成功会自动跳转到上一个请求路径,配的的successurl没效果,后边会说 // 登陆失败走此方法,捕获异常,然后 return ~ ,还到login页面 return "login.jsp" ; } } |
3、检测权限 controller
1
2
3
4
5
6
|
//此方法为了验证权限是否生效 @requestmapping ( "/findall.do" ) @requirespermissions ( "admin:ee" ) public modelandview list(httpservletrequest request){ ....... } |
三、常见问题
因为有一些特别常见的问题,需要修改xml配置,所以现在先手问题,把xml配置放在后边,直接就配置完善好的xml
问题一:登陆成功后shiro默认跳到上一次请求,没有上一次请求默认跳到/ ,那我们就想控制调到自己定义的路径咋办呢?
解决方案:
步骤一:继承formauthenticationfilter类,重写onloginsuccess方法,这里可以自定义路径,因为这里自定义了成功跳转的路径,所以配置里的successurl不用配置,赔了也没效果。。
1
2
3
4
5
6
7
8
|
public class loginsuccesstofilter extends formauthenticationfilter { @override protected boolean onloginsuccess(authenticationtoken token, subject subject, servletrequest request, servletresponse response) throws exception { webutils.getandclearsavedrequest(request); webutils.redirecttosavedrequest(request,response, "/findall.do" ); return false ; } } |
步骤二:
在shiro的xml配置文件中配置
1
|
<bean id= "myfilter" class = "com.xxx.realm.loginsuccesstofilter" ></bean> |
在 shirofilter配置中引入,完整xml在后边
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
<bean id= "shirofilter" class = "org.apache.shiro.spring.web.shirofilterfactorybean" > <property name= "filters" > <map> <entry key= "authc" value-ref= "myfilter" ></entry> </map> </property> </bean> <bean id= "shirofilter" class = "org.apache.shiro.spring.web.shirofilterfactorybean" > <property name= "filters" > <map> <entry key= "authc" value-ref= "myfilter" ></entry> </map> </property> </bean> |
四、xml配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
applicationcontext-shiro.xml <?xml version= "1.0" encoding= "utf-8" ?> <beans xmlns= "http://www.springframework.org/schema/beans" xmlns:xsi= "http://www.w3.org/2001/xmlschema-instance" xmlns:p= "http://www.springframework.org/schema/p" xmlns:context= "http://www.springframework.org/schema/context" xmlns:aop= "http://www.springframework.org/schema/aop" xmlns:jee= "http://www.springframework.org/schema/jee" xmlns:mvc= "http://www.springframework.org/schema/mvc" xmlns:util= "http://www.springframework.org/schema/util" xsi:schemalocation="http: //www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http: //www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http: //www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd http: //www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http: //www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id= "shirofilter" class = "org.apache.shiro.spring.web.shirofilterfactorybean" > <!-- 管理器,必须设置 --> <property name= "securitymanager" ref= "securitymanager" /> <property name= "filters" > <map> <entry key= "authc" value-ref= "myfilter" ></entry> </map> </property> <!-- 拦截到,跳转到的地址,通过此地址去认证 --> <property name= "loginurl" value= "/login.do" /> <!-- 认证成功统一跳转到/admin/index. do ,建议不配置,shiro认证成功自动到上一个请求路径 --> <!--<property name= "successurl" value= "/findall.do" />--> <!-- 通过unauthorizedurl指定没有权限操作时跳转页面 --> <property name= "unauthorizedurl" value= "/refuse.jsp" /> <!-- 自定义filter,可用来更改默认的表单名称配置 --> <!--<property name= "filters" >--> <!--<map>--> <!--<!– 将自定义 的formauthenticationfilter注入shirofilter中 –>--> <!--<entry key= "authc" value-ref= "formauthenticationfilter" />--> <!--</map>--> <!--</property>--> <property name= "filterchaindefinitions" > <value> <!-- 对静态资源设置匿名访问 --> /image/** = anon /css/** = anon /js/** = anon /logout. do = logout /** = authc </value> </property> </bean> <bean id= "lifecyclebeanpostprocessor" class = "org.apache.shiro.spring.lifecyclebeanpostprocessor" /> <!-- securitymanager安全管理器 --> <bean id= "securitymanager" class = "org.apache.shiro.web.mgt.defaultwebsecuritymanager" > <property name= "realm" ref= "customrealm" /> <!-- 注入缓存管理器 --> <!--<property name= "cachemanager" ref= "cachemanager" />--> <!-- 注入session管理器 --> <!-- <property name= "sessionmanager" ref= "sessionmanager" /> --> <!-- 记住我 --> <!--<property name= "remembermemanager" ref= "remembermemanager" />--> </bean> <!-- 自定义realm --> <bean id= "customrealm" class = "com.dhl.realm.commonrealm" ></bean> <bean id= "myfilter" class = "com.dhl.realm.loginsuccesstofilter" ></bean> <!-- 凭证匹配器 --> <!--<bean id= "credentialsmatcher" --> <!-- class = "org.apache.shiro.authc.credential.hashedcredentialsmatcher" >--> <!--<!– 选用md5散列算法 –>--> <!--<property name= "hashalgorithmname" value= "md5" />--> <!--<!– 进行一次加密 –>--> <!--<property name= "hashiterations" value= "1" />--> <!--</bean>--> </beans> |
springmvc的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
<?xml version= "1.0" encoding= "utf-8" ?> <beans xmlns= "http://www.springframework.org/schema/beans" xmlns:xsi= "http://www.w3.org/2001/xmlschema-instance" xmlns:aop= "http://www.springframework.org/schema/aop" xmlns:tx= "http://www.springframework.org/schema/tx" xmlns:context= "http://www.springframework.org/schema/context" xmlns:mvc= "http://www.springframework.org/schema/mvc" xmlns:jdbc= "http://www.springframework.org/schema/jdbc" xsi:schemalocation="http: //www.springframework.org/schema/beans http: //www.springframework.org/schema/beans/spring-beans.xsd http: //www.springframework.org/schema/aop http: //www.springframework.org/schema/aop/spring-aop.xsd http: //www.springframework.org/schema/tx http: //www.springframework.org/schema/tx/spring-tx.xsd http: //www.springframework.org/schema/context http: //www.springframework.org/schema/context/spring-context.xsd http: //www.springframework.org/schema/mvc http: //www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd"> <context:component-scan base- package = "com.dhl.controller" ></context:component-scan> <mvc:annotation-driven></mvc:annotation-driven> <bean class = "org.springframework.web.servlet.view.internalresourceviewresolver" ></bean> <!-- 开启shiro注解的配置移动到这儿 --> <bean class = "org.springframework.aop.framework.autoproxy.defaultadvisorautoproxycreator" depends-on= "lifecyclebeanpostprocessor" > <property name= "proxytargetclass" value= "true" /> </bean> <bean class = "org.apache.shiro.spring.security.interceptor.authorizationattributesourceadvisor" > <property name= "securitymanager" ref= "securitymanager" /> </bean> </beans> |
以上就是一个大概的整合和遇到的两个问题,博主也是查阅了很多的博客得到的较优答案,整理出来,已备后续参考,遇到一样问题的同学可以看看
原文链接:https://www.cnblogs.com/mutumango/p/9848128.html