1.添加依赖 (mysql连接jar包、druid连接池、spring jdbc)
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.41</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.28</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
2.数据访问层接口
package com.springshirodemo.dao;
import java.util.List;
import com.springshirodemo.demo.User;
/**
* Created by zhengjunhang on 2018/5/3.
*/
public interface UserDao {
User getUserByUserName(String userName); //通过用户名获得user实体
List<String> queryRolesByUserName(String userName); //通过用户名 获得角色集
List<String> queryPermissionByUserName(String userName); //通过用户名获得 权限集
}
3.数据访问层接口实现
package com.springshirodemo.dao.impl;
import org.apache.shiro.util.CollectionUtils;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.stereotype.Component;
import com.springshirodemo.dao.UserDao;
import com.springshirodemo.demo.User;
import javax.annotation.Resource;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.List;
@Component
public class userDaoImpl implements UserDao {
@Resource
private JdbcTemplate jdbcTemplate;
public User getUserByUserName(String username) {
// TODO Auto-generated method stub
String sql = "select username,password from users where username = ?";
List<User> list = jdbcTemplate.query(sql, new String[]{username},new RowMapper<User>(){
public User mapRow(ResultSet rs, int rowNum) throws SQLException {
// TODO Auto-generated method stub
User user = new User();
user.setPassword(rs.getString("password"));
user.setUsername(rs.getString("Username"));
return user;
}
});
if(CollectionUtils.isEmpty(list)) {
return null;
}
return list.get(0);
}
@Override
public List<String> queryRolesByUserName(String userName) {
String sql = "select role_name from spring_user_roles where username = ?";
return jdbcTemplate.query(sql, new String[]{userName}, new RowMapper<String>() {
public String mapRow(ResultSet resultSet, int i) throws SQLException {
return resultSet.getString("role_name");
}
});
}
@Override
public List<String> queryPermissionByUserName(String userName) {
String sql = "select permission from spring_roles_permissions where role_name = (select role_name from spring_user_roles where username = ?)";
return jdbcTemplate.query(sql, new String[]{userName}, new RowMapper<String>() {
public String mapRow(ResultSet resultSet, int i) throws SQLException {
return resultSet.getString("permission");
}
});
}
}
4.自定义realm
package com.springshirodemo.Realm;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import com.springshirodemo.dao.UserDao;
import com.springshirodemo.demo.User;
public class CustomRealm extends AuthorizingRealm{
@Resource
private UserDao userDao;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// TODO Auto-generated method stub
String userName = (String) principalCollection.getPrimaryPrincipal();
// 从数据库或者缓存中获取角色数据
Set<String> roles = getRolesByUserName(userName);
Set<String> Permissions = getPermissionsByUserName(userName);
SimpleAuthorizationInfo AuthorizationInfo = new SimpleAuthorizationInfo();
AuthorizationInfo.setRoles(roles);
AuthorizationInfo.setStringPermissions(Permissions);
return AuthorizationInfo;
}
private Set<String> getPermissionsByUserName(String userName) {
// TODO Auto-generated method stub
List<String> list = userDao.queryPermissionByUserName(userName);
Set<String> sets = new HashSet<String>(list);
return sets;
}
private Set<String> getRolesByUserName(String userName) {
// TODO Auto-generated method stub
System.out.println("从数据库中获取授权数据");
List<String> list = userDao.queryRolesByUserName(userName);
Set<String> sets = new HashSet<String>(list);
return sets;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// TODO Auto-generated method stub
String username = (String) token.getPrincipal();
String password = getDateuser(username);
if(password == null) {
return null;
}
SimpleAuthenticationInfo authenticationinfo = new SimpleAuthenticationInfo(username,password,"CustomRealm");
authenticationinfo.setCredentialsSalt(ByteSource.Util.bytes("mark"));
return authenticationinfo;
}
private String getDateuser(String username) {
// TODO Auto-generated method stub
User user = userDao.getUserByUserName(username);
return user.getPassword();
}
public static void main(String[] args) {
Md5Hash md5 = new Md5Hash("123456","mark",2);
System.out.println(md5);
}
}
5.jdbc的xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource">
<property name="url" value="jdbc:mysql://localhost:3306/test" />
<property name="username" value="root" />
<property name="password" value="123456" />
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource" />
</bean>
</beans>
6.spring的xml配置
<import resource="Spring-jdbc.xml"/> //引入配置