Apache Shiro教程(四)Spring框架集成
1、配置web.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns="http://java.sun.com/xml/ns/javaee" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 5 version="2.5"> 6 <context-param> 7 <param-name>contextConfigLocation</param-name> 8 <param-value> 9 /WEB-INF/applicationContext.xml 10 /WEB-INF/shiro-security.xml 11 </param-value> 12 </context-param> 13 <listener> 14 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 15 </listener> 16 <listener> 17 <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> 18 </listener> 19 20 <filter> 21 <filter-name>characterEncodingFilter</filter-name> 22 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 23 <init-param> 24 <param-name>encoding</param-name> 25 <param-value>UTF-8</param-value> 26 </init-param> 27 </filter> 28 <filter-mapping> 29 <filter-name>characterEncodingFilter</filter-name> 30 <url-pattern>/*</url-pattern> 31 </filter-mapping> 32 33 <filter> 34 <filter-name>shiroFilter</filter-name> 35 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 36 <init-param> 37 <param-name>targetFilterLifecycle</param-name> 38 <param-value>true</param-value> 39 </init-param> 40 </filter> 41 <filter-mapping> 42 <filter-name>shiroFilter</filter-name> 43 <url-pattern>/*</url-pattern> 44 </filter-mapping> 45 46 47 <servlet> 48 <servlet-name>dispatch</servlet-name> 49 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 50 </servlet> 51 <servlet-mapping> 52 <servlet-name>dispatch</servlet-name> 53 <url-pattern>/</url-pattern> 54 </servlet-mapping> 55 <servlet-mapping> 56 <servlet-name>default</servlet-name> 57 <url-pattern>*.css</url-pattern> 58 </servlet-mapping> 59 <servlet-mapping> 60 <servlet-name>default</servlet-name> 61 <url-pattern>*.gif</url-pattern> 62 </servlet-mapping> 63 <servlet-mapping> 64 <servlet-name>default</servlet-name> 65 <url-pattern>*.jpg</url-pattern> 66 </servlet-mapping> 67 <servlet-mapping> 68 <servlet-name>default</servlet-name> 69 <url-pattern>*.jpeg</url-pattern> 70 </servlet-mapping> 71 <servlet-mapping> 72 <servlet-name>default</servlet-name> 73 <url-pattern>*.png</url-pattern> 74 </servlet-mapping> 75 <servlet-mapping> 76 <servlet-name>default</servlet-name> 77 <url-pattern>*.js</url-pattern> 78 </servlet-mapping> 79 <servlet-mapping> 80 <servlet-name>default</servlet-name> 81 <url-pattern>*.html</url-pattern> 82 </servlet-mapping> 83 84 <welcome-file-list> 85 <welcome-file>index.html</welcome-file> 86 <welcome-file>index.htm</welcome-file> 87 <welcome-file>index.jsp</welcome-file> 88 </welcome-file-list> 89 90 </web-app>
2、配置Spring相关文件
shiro-security.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> 3 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 4 <property name="securityManager" ref="securityManager"/> 5 <property name="loginUrl" value="/app/index"/> 6 <property name="filterChainDefinitions"> 7 <value> 8 /index.jsp = anon 9 /logout = logout 10 /app/* = anon 11 /** = authc 12 </value> 13 </property> 14 </bean> 15 16 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 17 <property name="realm" ref="saltAwareIniRealm"/> 18 </bean> 19 20 <bean id="saltAwareIniRealm" class="com.cnblogs.javalouvre.shiro.realm.text.SaltAwareIniRealm"> 21 <property name="resourcePath" value="classpath:shiro.ini"/> 22 <property name="credentialsMatcher"> 23 <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> 24 <property name="hashAlgorithmName" value="SHA-512" /> 25 <property name="hashIterations" value="1024" /> 26 <property name="storedCredentialsHexEncoded" value="false" /> 27 </bean> 28 </property> 29 <property name="cacheManager"> 30 <bean class="org.apache.shiro.cache.ehcache.EhCacheManager"> 31 <property name="cacheManagerConfigFile" value="classpath:ehcache.xml" /> 32 </bean> 33 </property> 34 </bean> 35 36 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> 37 38 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> 39 40 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> 41 <property name="securityManager" ref="securityManager"/> 42 </bean> 43 </beans>
3、控制器
1 package com.cnblogs.javalouvre.controller; 2 3 import javax.servlet.http.HttpServletRequest; 4 5 import org.apache.commons.lang.StringUtils; 6 import org.apache.shiro.SecurityUtils; 7 import org.apache.shiro.authc.IncorrectCredentialsException; 8 import org.apache.shiro.authc.LockedAccountException; 9 import org.apache.shiro.authc.UnknownAccountException; 10 import org.apache.shiro.authc.UsernamePasswordToken; 11 import org.apache.shiro.subject.Subject; 12 import org.apache.shiro.web.util.WebUtils; 13 import org.slf4j.Logger; 14 import org.slf4j.LoggerFactory; 15 import org.springframework.stereotype.Controller; 16 import org.springframework.web.bind.annotation.RequestMapping; 17 18 @Controller 19 @RequestMapping("/app") 20 public class AppController { 21 22 private static final Logger logger = LoggerFactory.getLogger(AppController.class); 23 24 @RequestMapping("/index") 25 public String handleInit() { 26 return "/app/login"; 27 } 28 29 @RequestMapping("/login") 30 public String handleLogin(HttpServletRequest request) { 31 String message = ""; 32 Subject subject = SecurityUtils.getSubject(); 33 if (!subject.isAuthenticated()) { 34 String username = WebUtils.getCleanParam(request, "username"); 35 String password = WebUtils.getCleanParam(request, "password"); 36 String rememberMe = WebUtils.getCleanParam(request, "rememberMe"); 37 38 UsernamePasswordToken token = new UsernamePasswordToken(username, password); 39 if (StringUtils.isNotBlank(rememberMe)) { 40 token.setRememberMe(true); 41 } 42 try { 43 subject.login(token); 44 } catch (UnknownAccountException uae) { 45 logger.info("There is no user with username of " + token.getPrincipal()); 46 message = "用户 " + token.getPrincipal() + " 不存在!"; 47 } catch (IncorrectCredentialsException ice) { 48 logger.info("Password for account " + token.getPrincipal() + " was incorrect!"); 49 message = "用户 " + token.getPrincipal() + " 密码输入有误!"; 50 } catch (LockedAccountException lae) { 51 logger.info("The account for username " + token.getPrincipal() + " is locked. Please contact your administrator to unlock it."); 52 message = "帐号 " + token.getPrincipal() + " 已锁,请联系管理员解锁!"; 53 } 54 token.clear(); 55 56 if (StringUtils.isNotBlank(message)) { 57 request.setAttribute("username", username); 58 request.setAttribute("rememberMe", rememberMe); 59 request.setAttribute("error", message); 60 61 return "/app/login"; 62 } 63 } 64 return "/app/main"; 65 } 66 67 }
-----------------------------------------------------------------------------------------------------------
薔薇猛虎皆成個性,陽光雨露俱是天恩!
薔薇猛虎皆成個性,陽光雨露俱是天恩!
浙公网安备 33010602011771号