Spring-Shrio 整合笔记

最新推荐文章于 2021-06-29 14:49:34 发布

原创最新推荐文章于 2021-06-29 14:49:34 发布 · 169 阅读

0 ·

CC 4.0 BY-SA版权

本文介绍了一种基于Shiro框架的权限认证配置方法，包括Web.XML中过滤器的配置、Spring.XML中ShiroFilterFactoryBean的配置细节以及自定义Realm的具体实现。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

1.web .Xml 配置

     //开启过滤器
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    //过滤所有
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

2.Spring.Xml配置

<!-- 配置shiro框架的过滤器工厂对象 -->  
  <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
	  <!-- 注入安全管理器对象 -->  
	  <property name="securityManager" ref="securityManager"/>  
	  <!-- 注入相关页面访问URL -->  
	  <property name="loginUrl" value="login.html"/>  
	  <property name="successUrl" value="success.html"/>  
	  <property name="unauthorizedUrl" value="403.html"/>  
	  <!--注入URL拦截规则 -->  
	  <property name="filterChainDefinitions">  
	      <value>  
	      /css/** = anon  
	      /js/** = anon  
	      /images/** = anon  
	      /validatecode.jsp* = anon  
	      /login.html = anon  
	      /user/login.html = anon  
	      /page/base/staff* = perms["staffList"]  
	      /* = authc  
	     </value>  
	  </property>  
	</bean>  
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">  
	   <property name="realm" ref="bosRealm"/>  
	</bean>  
	
	<!-- 注册realm -->  
	<bean id="bosRealm" class="com.springshirodemo.Realm.CustomRealm">
		<property name="credentialsMatcher" ref="credentialsMatcher"/>
	</bean>  
	
	<!--设置加密的算法-->
    <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"
          id="credentialsMatcher">
        <property name="hashAlgorithmName" value="md5"/>
        <property name="hashIterations" value="2"/>
    </bean>
	
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>    

	<!-- 使用annotation(注解) -->
	<context:annotation-config></context:annotation-config>

</beans>

3.SpringMVC.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/mvc
    http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
    http://www.springframework.org/schema/aop
	http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
        <context:component-scan base-package="com.springshirodemo.controller"/>
        <mvc:annotation-driven/>
        <!--排除静态文件-->
        <mvc:resources mapping="/*" location="/"/>
        
        <aop:config proxy-target-class="true"/>
        <bean  class ="org.apache.shiro.spring.LifecycleBeanPostProcessor"></bean>
        <bean  class ="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"></bean>
</beans>

4.自定义CustomRealm

package com.springshirodemo.Realm;

	import java.util.HashMap;
	import java.util.HashSet;
	import java.util.Map;
	import java.util.Set;

	import org.apache.shiro.authc.AuthenticationException;
	import org.apache.shiro.authc.AuthenticationInfo;
	import org.apache.shiro.authc.AuthenticationToken;
	import org.apache.shiro.authc.SimpleAuthenticationInfo;
	import org.apache.shiro.authz.AuthorizationInfo;
	import org.apache.shiro.authz.SimpleAuthorizationInfo;
	import org.apache.shiro.crypto.hash.Md5Hash;
	import org.apache.shiro.realm.AuthorizingRealm;
	import org.apache.shiro.subject.PrincipalCollection;
	import org.apache.shiro.util.ByteSource;

	public class CustomRealm extends AuthorizingRealm{
		Map<String, String> usesMap = new HashMap<String ,String>();
		{
			usesMap.put("mack", "3285541c519ec7cef7077b06baae58d5");
			super.setName("CustomRealm");
		}
		

		@Override
		protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
			// TODO Auto-generated method stub
			String role = (String) principals.getPrimaryPrincipal();
			
			Set<String> roles = getRolesByUserName();
			Set<String> Permissions = getPermissionsByUserName();
			
			SimpleAuthorizationInfo AuthorizationInfo = new SimpleAuthorizationInfo();
			AuthorizationInfo.setRoles(roles);
			AuthorizationInfo.setStringPermissions(Permissions);
			
			return AuthorizationInfo;
		}

		private Set<String> getPermissionsByUserName() {
			// TODO Auto-generated method stub
			 Set<String>  Permissions = new HashSet<String>();
			 Permissions.add("user:delect");
			 Permissions.add("user:update");
			 Permissions.add("user:insert");
			return Permissions;
		}

		private Set<String> getRolesByUserName() {
			// TODO Auto-generated method stub
			 Set<String>  roles = new HashSet<String>();
			 roles.add("admin");
			 roles.add("user");
			return roles;
		}

		@Override
		protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
			// TODO Auto-generated method stub
			//èŽ·å¾—ä¸»ä½“è®¤è¯ä¿¡æ¯èŽ·å¾—ç”¨æˆ·å?
			String username = (String) token.getPrincipal();
			
			/*ä»Žæ•°æ®åº“ä¸æŸ¥è¯?*/
			String password = getDateuser(username);
			
			if(password == null) {
				return null;
			}
			
			SimpleAuthenticationInfo authenticationinfo = new SimpleAuthenticationInfo("CustomRealm",password,"CustomRealm");
			authenticationinfo.setCredentialsSalt(ByteSource.Util.bytes("mark"));
			return authenticationinfo;
		}

		private String getDateuser(String username) {
			// TODO Auto-generated method stub
			return usesMap.get(username);
		}
		
		public static void main(String[] args) {		
			Md5Hash  md5 = new Md5Hash("123456","mark",2);
			System.out.println(md5);
		}

}