版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/saygood999/article/details/82080709
maven依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
/shiro.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <!--开启shiro的注解--> <bean id="advisorAutoProxyCreator" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"> <property name="proxyTargetClass" value="true"></property> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"/> <!--注入自定义的Realm--> <bean id="customRealm" class="shiro.CustomRealm"></bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="customRealm"></property> <property name="rememberMeManager" ref="rememberMeManager"/> </bean> <!--session ID 生成器--> <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/> <!-- 会话管理器 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="sessionIdUrlRewritingEnabled" value="false" /> <!-- 验证会话时会话的过期时间(毫秒) --> <property name="globalSessionTimeout" value="3600000" /> <!-- <property name="sessionFactory" ref="sessionFactory" /> <property name="sessionValidationScheduler" ref="redisValidationScheduler" /> <property name="sessionDAO" ref="sessionDAO" />--> <property name="sessionIdCookie" ref="sessionIdCookie" /> <!-- <property name="sessionListeners"> <list> <ref bean="redisSessionListener" /> </list> </property>--> </bean> <!-- rememberMe管理器 --> <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> <property name="cipherKey" value=" #{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/> <property name="cookie" ref="rememberMeCookie"/> </bean> <!-- 会话Cookie模板 --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="sid"/> <property name="httpOnly" value="true"/> <property name="maxAge" value="-1"/> <property name="name" value="JSHIROSESSIONID"></property> </bean> <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="rememberMe"/> <property name="httpOnly" value="true"/> <property name="maxAge" value="2592000"/><!-- 30天 --> </bean> <!--配置ShiroFilter--> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"></property> <!--登入页面--> <property name="loginUrl" value="/login"></property> <!--登入成功页面--> <property name="successUrl" value="/index.jsp"/> <property name="filters"> <map> <entry key="authc"> <bean class="shiro.ShiroAccessImpl"></bean>//针对未登录的用户进行拦截 </entry> <!--退出过滤器--> <!-- <entry key="logout" value-ref="logoutFilter" />--> </map> </property> <!--URL的拦截--> <property name="filterChainDefinitions" > <value> /logout = logout /index/** = authc </value> </property> </bean> <!--自定义退出LogoutFilter--> <!-- <bean id="logoutFilter" class="com.test.filter.SystemLogoutFilter"> <property name="redirectUrl" value="/login"/> </bean>--> </beans>
自定义realm
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String userName = (String)authenticationToken.getPrincipal();
if("".equals(userName)){
throw new AuthenticationException("用户为空");
}
SimpleAuthenticationInfo token = new SimpleAuthenticationInfo (userName,"123456",this.getName());
return token;
}
登录操作
@RequestMapping("/login")
public JSONObject login(){
logger.info("=============start===============");
JSONObject jsonObject = new JSONObject();
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin", "123");
try {
subject.login(token);
} catch (UnknownAccountException e) {
e.printStackTrace();
jsonObject.put("userName", "用户名错误!");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
jsonObject.put("passwd", "密码错误");
}
return jsonObject;
}
//判断是否进行登录操作 public class ShiroAccessImpl extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter { @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if(this.isLoginRequest(request, response)) { if(this.isLoginSubmission(request, response)) { return this.executeLogin(request, response); } else { return true; } } else { if(isAjax(request)){ Map<String,Object> result=new HashMap<String,Object>(); result.put("isLogin",false); response.getWriter().print(result); }else{ this.saveRequestAndRedirectToLogin(request, response); } return false; } } public static boolean isAjax(ServletRequest request){ String header = ((HttpServletRequest) request).getHeader("X-Requested-With"); if("XMLHttpRequest".equalsIgnoreCase(header)){ System.out.println( "当前请求为Ajax请求"); return Boolean.TRUE; } System.out.println( "当前请求非Ajax请求"); return Boolean.FALSE; } }