Shrio登陆验证实例详细解读
下面来简单说下过程吧!
准备工作:
先建表:
[sql]viewplaincopy
droptableifexistsuser;
CREATETABLE`user`(
`id`int(11)primarykeyauto_increment,
`name`varchar(20)NOTNULL,
`age`int(11)DEFAULTNULL,
`birthday`dateDEFAULTNULL,
`password`varchar(20)NOTNULL
)ENGINE=InnoDBDEFAULTCHARSET=utf8;
insertintouservalues(1,''lin'',12,''2013-12-01'',''123456'');
insertintouservalues(2,''apple'',34,''1999-12-01'',''123456'');
insertintouservalues(3,''evankaka'',23,''2017-12-01'',''123456'');
建好后,新建一个Maven的webApp的工程,记得把结构设置成上面的那样!
下面来看看一些代码和配置
1、POM文件
注意不要少导包了,如果项目出现红叉,一般都是JDK版本的设置问题,自己百度一下就可以解决
[html]viewplaincopy
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0http://maven.apache.org/maven-v4_0_0.xsd">
4.0.0
com.lin
ShiroLearn1
war
0.0.1-SNAPSHOT
ShiroLearn1MavenWebapp
http://maven.apache.org
3.2.8.RELEASE
1.6.6
1.2.12
4.10
3.2.1
org.springframework
spring-core
${spring.version}
org.springframework
spring-webmvc
${spring.version}
org.springframework
spring-context
${spring.version}
org.springframework
spring-context-support
${spring.version}
org.springframework
spring-aop
${spring.version}
org.springframework
spring-aspects
${spring.version}
org.springframework
spring-tx
${spring.version}
org.springframework
spring-jdbc
${spring.version}
org.springframework
spring-web
${spring.version}
junit
junit
${junit.version}
test
log4j
log4j
${log4j.version}
org.slf4j
slf4j-api
${slf4j.version}
org.slf4j
slf4j-log4j12
${slf4j.version}
org.springframework
spring-test
${spring.version}
test
org.mybatis
mybatis
${mybatis.version}
org.mybatis
mybatis-spring
1.2.0
mysql
mysql-connector-java
5.1.29
javax.servlet
servlet-api
3.0-alpha-1
org.apache.shiro
shiro-core
1.2.1
org.apache.shiro
shiro-web
1.2.1
org.apache.shiro
shiro-ehcache
1.2.1
org.apache.shiro
shiro-spring
1.2.1
ShiroLearn1
maven-war-plugin
2.4
org.apache.maven.plugins
maven-compiler-plugin
2.3.2
1.6
2、自定义Shiro拦截器
这里这个拦截器完成了用户名和密码的验证,验证成功后又给用赋角色和权限(注意,这里赋角色和权限我直接写进去了,没有使用数据库,一般都是要通过service层找到用户名后,再去数据库查该用户对应的角色以及权限,然后再加入到shiro中去)
代码如下:
[java]viewplaincopy
packagecom.lin.realm;
importjava.util.HashSet;
importjava.util.Set;
importorg.apache.shiro.authc.AuthenticationException;
importorg.apache.shiro.authc.AuthenticationInfo;
importorg.apache.shiro.authc.AuthenticationToken;
importorg.apache.shiro.authc.SimpleAuthenticationInfo;
importorg.apache.shiro.authc.UsernamePasswordToken;
importorg.apache.shiro.authz.AuthorizationInfo;
importorg.apache.shiro.authz.SimpleAuthorizationInfo;
importorg.apache.shiro.cache.Cache;
importorg.apache.shiro.realm.AuthorizingRealm;
importorg.apache.shiro.subject.PrincipalCollection;
importorg.apache.shiro.subject.SimplePrincipalCollection;
importorg.slf4j.Logger;
importorg.slf4j.LoggerFactory;
importorg.springframework.beans.factory.annotation.Autowired;
importcom.lin.domain.User;
importcom.lin.service.UserService;
importcom.lin.utils.CipherUtil;
publicclassShiroDbRealmextendsAuthorizingRealm{
privatestaticLoggerlogger=LoggerFactory.getLogger(ShiroDbRealm.class);
privatestaticfinalStringALGORITHM="MD5";
@Autowired
privateUserServiceuserService;
publicShiroDbRealm(){
super();
}
/
验证登陆
/
@Override
protectedAuthenticationInfodoGetAuthenticationInfo(
AuthenticationTokenauthcToken)throwsAuthenticationException{
UsernamePasswordTokentoken=(UsernamePasswordToken)authcToken;
System.out.println(token.getUsername());
Useruser=userService.findUserByLoginName(token.getUsername());
System.out.println(user);
CipherUtilcipher=newCipherUtil();//MD5加密
if(user!=null){
returnnewSimpleAuthenticationInfo(user.getName(),cipher.generatePassword(user.getPassword()),getName());
}else{
thrownewAuthenticationException();
}
}
/
登陆成功之后,进行角色和权限验证
/
@Override
protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipals){
/这里应该根据userName使用role和permission的serive层来做判断,并将对应的权限加进来,下面简化了这一步/
SetroleNames=newHashSet();
Setpermissions=newHashSet();
roleNames.add("admin");//添加角色。对应到index.jsp
roleNames.add("administrator");
permissions.add("create");//添加权限,对应到index.jsp
permissions.add("login.do?main");
permissions.add("login.do?logout");
SimpleAuthorizationInfoinfo=newSimpleAuthorizationInfo(roleNames);
info.setStringPermissions(permissions);
returninfo;
}
/
清除所有用户授权信息缓存.
/
publicvoidclearCachedAuthorizationInfo(Stringprincipal){
SimplePrincipalCollectionprincipals=newSimplePrincipalCollection(principal,getName());
clearCachedAuthorizationInfo(principals);
}
/
清除所有用户授权信息缓存.
/
publicvoidclearAllCachedAuthorizationInfo(){
Cache |
|