shiro-认证配置
shiro--认证:
Jar包 shiro-all
在web.xml加shiro过滤器
<!--springweb过滤器代理对象,代理shiro对象-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
配置spring_shiro.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <!--配置realm实例--> <bean id="employeeRealm" class="com.ujiuye.realm.EmployeeRealm"></bean> <!--配置shiro安全管理对象--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="employeeRealm"/> </bean> <!--代理类--> <!--id取值要和web.xml中的filter-name一样,因为委派模式就是通过这个名字来关联委派给谁--> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.html"/> <property name="filterChainDefinitions"> <!--anon表示不拦截,authc表示拦截,roles要授权的角色--> <value> /login.html=anon /js/**=anon /img/**=anon /employee/loginCheck=anon /**=authc </value> </property> </bean> <!--管理过滤器生命周期--> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"> </bean> </beans>
shiro认证登录
/** * @param jobnumber shiro登录 * @param password * @return */ @Override public EmployeeResult shiroLogin(String jobnumber, String password) { //获取登录对象 EmployeeResult employeeResult = new EmployeeResult(); Subject subject = SecurityUtils.getSubject(); //用户密码存在token中 UsernamePasswordToken token=new UsernamePasswordToken(jobnumber,password); try { subject.login(token); Employee principal = (Employee) subject.getPrincipal(); //这是subject.session Session session = subject.getSession(); session.setAttribute("principal",principal); employeeResult.setSuccess(true); employeeResult.setLoginSuccess(true); employeeResult.setMessage("登录成功"); } catch (AuthenticationException e) { employeeResult.setSuccess(false); employeeResult.setLoginSuccess(false); employeeResult.setMessage("登录失败"); } return employeeResult; }
Realm配置
package com.ujiuye.realm; import com.ujiuye.bean.Employee; import com.ujiuye.bean.EmployeeExample; import com.ujiuye.dao.EmployeeMapper; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import java.util.List; public class EmployeeRealm extends AuthorizingRealm { @Autowired private EmployeeMapper employeeMapper; /** * @param principalCollection 授权 * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { return null; } /** * @param authenticationToken 认证 * @return */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //获取用户 UsernamePasswordToken token=(UsernamePasswordToken) authenticationToken; //保存数据库用户 EmployeeExample employeeExample = new EmployeeExample(); EmployeeExample.Criteria criteria = employeeExample.createCriteria(); criteria.andJobnumberEqualTo(token.getUsername()); List<Employee> employees = employeeMapper.selectByExample(employeeExample); if (employees!=null&&employees.size()>0){ Employee employee=employees.get(0); //对比simpleAuthenticationInfo,数据库用户,数据库密码,登录用户 SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(employee,employee.getPassword(),token.getUsername()); return simpleAuthenticationInfo; }else { return null; } } }
浙公网安备 33010602011771号