Spring如何整合Shiro做权限控制模块
这篇文章主要介绍Spring如何整合Shiro做权限控制模块,文中介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们一定要看完!
创新互联公司专注为客户提供全方位的互联网综合服务,包含不限于成都网站制作、成都网站建设、前郭网络推广、微信小程序定制开发、前郭网络营销、前郭企业策划、前郭品牌公关、搜索引擎seo、人物专访、企业宣传片、企业代运营等,从售前售中售后,我们都将竭诚为您服务,您的肯定,是我们最大的嘉奖;创新互联公司为所有大学生创业者提供前郭建站搭建服务,24小时服务热线:18982081108,官方网址:www.cdcxhl.com
1.引入Shiro的Maven依赖
<<<<<<<<<<<<<<<<
2.web.xml中配置
<<<<<< 3. 编写自己的UserRealm类继承自Realm,主要实现认证和授权的管理操作package com.jay.demo.shiro;import java.util.HashSet;import java.util.Iterator;import java.util.Set;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.LockedAccountException;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.jay.demo.bean.Permission;import com.jay.demo.bean.Role;import com.jay.demo.bean.User;import com.jay.demo.service.UserService; public class UserRealm extends AuthorizingRealm{ @Autowired private UserService userService; /** * 授权操作 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {// String username = (String) getAvailablePrincipal(principals); String username = (String) principals.getPrimaryPrincipal(); SetroleSet = userService.findUserByUsername(username).getRoleSet(); //角色名的集合 Set roles = new HashSet (); //权限名的集合 Set permissions = new HashSet (); Iterator it = roleSet.iterator(); while(it.hasNext()){ roles.add(it.next().getName()); for(Permission per:it.next().getPermissionSet()){ permissions.add(per.getName()); } } SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addRoles(roles); authorizationInfo.addStringPermissions(permissions); return authorizationInfo; } /** * 身份验证操作 */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal(); User user = userService.findUserByUsername(username); if(user==null){ //木有找到用户 throw new UnknownAccountException("没有找到该账号"); } /* if(Boolean.TRUE.equals(user.getLocked())) { throw new LockedAccountException(); //帐号锁定 } */ /** * 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配,如果觉得人家的不好可以在此判断或自定义实现 */ SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(),getName()); return info; } @Override public String getName() { return getClass().getName(); } }
4.在Spring的applicationContext.xml中进行Shiro的相关配置
1、添加shiroFilter定义
Xml代码
< bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean" >
< property name = "securityManager" ref = "securityManager" />
< property name = "loginUrl" value = "/login" />
< property name = "successUrl" value = "/user/list" />
< property name = "unauthorizedUrl" value = "/login" />
< property name = "filterChainDefinitions" >
< value >
/ login = anon
/user/** = authc
/role/edit/* = perms[role:edit]
/role/ save = perms [role:edit]
/role/ list = perms [role:view]
/** = authc
value >
property >
bean >
2、添加securityManager定义
Xml代码
< bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager" >
< property name = "realm" ref = "myRealm" />
bean >
3、添加realm定义
Xml代码
< bean id = " myRealm" class = "com.jay.demo.shiro.
UserRealm" />
4、配置EhCache
< bean id = "cacheManager" class = "org.apache.shiro.cache.ehcache.EhCacheManager" />
5、 保证实现了Shiro内部lifecycle函数的bean执行
特别注意:
如果使用Shiro相关的注解,需要在springmvc-servlet.xml中配置一下信息
<"org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <"securityManager" "securityManager"/>
以上是“Spring如何整合Shiro做权限控制模块”这篇文章的所有内容,感谢各位的阅读!希望分享的内容对大家有帮助,更多相关知识,欢迎关注创新互联行业资讯频道!
分享名称:Spring如何整合Shiro做权限控制模块
本文来源:http://scyanting.com/article/iegpee.html