Java - 框架 - 基于SSM的Shiro使用

Java - 框架 - 基于SSM的Shiro使用
- 一、多Realm认证
- - 1. applicationContext-shiro.xml
  - 2. 自定义Realm类
  - 3.service和dao
- 二、Shiro授权操作
- - 2.1 注解授权
  - - 2.1.1 SpringMVC配置
    - 2.1.2 Controller.java
    - 2.1.3 MyRealm.java
  - 2.2 标签授权
- 三、缓存
- - 3.1 依赖文件
  - 3.2 配置文件
  - 3.3 Shiro配置
- 四、Session
- - 4.1 获取/设置 Session信息
  - 4.2 登陆成功后设置Session内容

Java - 框架 - 基于SSM的Shiro使用一、多Realm认证 1. applicationContext-shiro.xml




    
    
        
        
    
    
    
        
        
    
    
    
    
        
        
    
    
    
        
        
    

    
    
        
        
            
                
                    
                    
                
            
        
        
        
            
                
                
                
            
        
    

    
    
        
        
        
        
        
        
        
        
        
        
            
                
                /login.do=authc
                /register.do=anon
                /register.jsp=anon
                /success.jsp=authc
                /login.jsp=anon
                
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        System.out.println("MD5........................");
        String name =  token.getUsername();
        User user =iUserService.findByName(name);
        if (user==null){
            System.out.println("账号不存在");
            return null;
        }
        return new SimpleAuthenticationInfo(token.getUsername(),user.getPassword(),new SimpleByteSource("aaa"),"myRealm");

    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }
}

import com.ssm.pojo.User;
import com.ssm.service.IUserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.SimpleByteSource;
import org.springframework.beans.factory.annotation.Autowired;

public class MyRealmSha1 extends AuthorizingRealm {

    @Autowired
    private IUserService iUserService;

    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        System.out.println("Sha1........................");
        String name =  token.getUsername();
        User user =iUserService.findByNameSha1(name);
        if (user==null){
            System.out.println("账号不存在");
            return null;
        }
        return new SimpleAuthenticationInfo(token.getUsername(),user.getPassword(),new SimpleByteSource("aaa"),"myRealmSha1");

    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }
}

3.service和dao

import com.ssm.pojo.User;

public interface IUserService {

    User findByName(String name);

    User findByNameSha1(String name);

}

import com.ssm.dao.IUserDao;
import com.ssm.pojo.User;
import com.ssm.service.IUserService;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
public class UserService implements IUserService {

    @Autowired
    private IUserDao iUserDao;

    @Override
    public User findByName(String name) {
        return iUserDao.findByName(name);
    }

    @Override
    public User findByNameSha1(String name) {
        return iUserDao.findByNameSha1(name);
    }
}

import com.ssm.pojo.User;
import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Select;

public interface IUserDao {

    @Select("select * from login where name = #{name}")
    User findByName(String name);

    @Select("select * from loginsha1 where name = #{name}")
    User findByNameSha1(String name);
}

二、Shiro授权操作 2.1 注解授权

注解操作依赖AOP，需要导入AOP相关依赖


    org.springframework
    spring-aspects
    5.3.12

2.1.1 SpringMVC配置



    
    
        
    

    
    

    
    

    
        
    

    
    
        
            
                
                redirect:/user.jsp

2.1.2 Controller.java

//logical = Logical.OR表示满足一个角色就可以访问
//logical = Logical.AND表示满足所有角色才可以
@RequiresRoles(value = {"role1","role2"},logical = Logical.OR)
@RequiresPermissions({"QUERY"})
@RequestMapping("user/query")
public String query(){
    return "/index.jsp";
}

2.1.3 MyRealm.java

import com.ssm.pojo.User;
import com.ssm.service.IUserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.SimpleByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;

public class MyRealm extends AuthorizingRealm {


    @Autowired
    private IUserService iUserService;

    
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        System.out.println("MD5........................");
        String name =  token.getUsername();
        User user =iUserService.findByName(name);
        if (user==null){
            System.out.println("账号不存在");
            return null;
        }
        return new SimpleAuthenticationInfo(user,user.getPassword(),new SimpleByteSource("aaa"),"myRealm");

    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //这个的强转是上面返回内容的第一个值的类型，多个Realm需要统一
        User user = (User) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.addRole("role1");
        authorizationInfo.addStringPermission("QUERY");
        return authorizationInfo;
    }
    
}

2.2 标签授权

注解授权可以控制是否访问，标签授权可以控制页面显示、交互

引入标签库

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib uri="http://shiro.apache.org/tags" prefix="shiro" %>



    
    Insert title here


已认证

游客


用户管理!

    用户查询


    添加用户



    添加用户


    添加用户

三、缓存

通过缓存操作，可以避免每次访问jsp页面都需要的验证

3.1 依赖文件


    org.apache.shiro
    shiro-ehcache
    1.7.1

3.2 配置文件

ehcache.xml

3.3 Shiro配置




    
    
        
        
    
    
    
        
        
    

    
    
        
        
    
    
    
        
        
    

    
    
        
    


    
    
        
        
        
        
        
        
            
                
                    
                    
                
            
        
        
        
            
                
                
                
            
        
    

    
    
        
        
        
        
        
        
        
        
        
        
            
                
                /login.do=authc
                /register.do=anon
                /register.jsp=anon
                /success.jsp=authc
                /login.jsp=anon
                    @Override    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {        User user = (User) subject.getPrincipal();        System.out.println(user.getName());        Session session = subject.getSession();        session.setAttribute("loginmsg","自定义的session信息");        return super.onLoginSuccess(token, subject, request, response);    }}

配置文件设置过滤器

将自定义过滤器交给容器管理，里面的参数可以设置表单提交的内容，如下图所示

将过滤器整合到shiro中
```
    
        
        
    
```

Java - 框架 - 基于SSM的Shiro使用

Java相关栏目本月热门文章