推荐先看--跟我学Shiro
级客学院
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.3.2</version>
</dependency>
1.
2.
image
image
image
image
image
image
image
image
image
image
@Controller
public class HomeController {
@RequestMapping(value = "/",method = RequestMethod.GET)
public String login() {
return "login";
}
@RequestMapping(method = RequestMethod.POST,value = "/")
public String login(String userName, String password, RedirectAttributes redirectAttributes) {
//Shiro方式登录
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(userName, password));
return "redirect:/home";
} catch (AuthenticationException ex) {
ex.printStackTrace();
redirectAttributes.addFlashAttribute("message","账号或密码错误");
return "redirect:/";
}
}
@RequestMapping(value = "/logout",method = RequestMethod.GET)
public String logout(RedirectAttributes redirectAttributes) {
//安全退出
SecurityUtils.getSubject().logout();
redirectAttributes.addFlashAttribute("message","你已安全退出");
return "redirect:/";
}
@RequestMapping(value = "/home",method = RequestMethod.GET)
public String home() {
return "home";
}
@RequestMapping("/403")
public String error403() {
return "403";
}
}
@Component
public class ShrioDbRealm extends AuthorizingRealm {
@Autowired
private UserMapper userMapper;
@Autowired
private RoleMapper roleMapper;
/**
* 权限认证
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//返回当前登录的对象
User user = (User) principalCollection.getPrimaryPrincipal();
//获取当前对象拥有的角色
List<Role> roleList = roleMapper.findByUserId(user.getId());
if(!roleList.isEmpty()) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
for(Role role : roleList) {
authorizationInfo.addRole(role.getRoleName());
}
return authorizationInfo;
}
return null;
}
/**
* 登录认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
// 获取当前用户名
String userName = usernamePasswordToken.getUsername();
// n拿着用户名去数据库找
User user = userMapper.findByUserName(userName);
if(user != null) {
return new SimpleAuthenticationInfo(user,user.getPassword(),getName());
}
// 一旦return null; 登录controller就会跑异常就会踢回去
return null;
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shrioDbRealm"/>
<property name="cacheManager" ref="cacheManager"/>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!--登录地址-->
<property name="loginUrl" value="/"/>
<!--登录成功后的地址-->
<property name="successUrl" value="/home"/>
<!--没有权限给用户提示的页面-->
<property name="unauthorizedUrl" value="/403"/>
<!--权限配置-->
<property name="filterChainDefinitions">
<value>
/static/** = anon
/wx/** = anon
/user = roles[role_admin]
/setting/** = roles[role_admin]
/** = authc
</value>
</property>
</bean>
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<!--字符集过滤器-->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceRequestEncoding</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>forceResponseEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--ShiroFilter-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--Spring 中央控制器-->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!--druid-->
<servlet>
<servlet-name>druid</servlet-name>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>druid</servlet-name>
<url-pattern>/druid/*</url-pattern>
</servlet-mapping>
<!--Spring ApplicationContext监听器-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext*.xml</param-value>
</context-param>
</web-app>
