版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/saygood999/article/details/82080709
maven依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0</version>
</dependency>
/shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!--开启shiro的注解-->
<bean id="advisorAutoProxyCreator" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
<property name="proxyTargetClass" value="true"></property>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"/>
<!--注入自定义的Realm-->
<bean id="customRealm" class="shiro.CustomRealm"></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="customRealm"></property>
<property name="rememberMeManager" ref="rememberMeManager"/>
</bean>
<!--session ID 生成器-->
<bean id="sessionIdGenerator"
class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<!-- 会话管理器 -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionIdUrlRewritingEnabled" value="false" />
<!-- 验证会话时会话的过期时间(毫秒) -->
<property name="globalSessionTimeout" value="3600000" />
<!-- <property name="sessionFactory" ref="sessionFactory" />
<property name="sessionValidationScheduler" ref="redisValidationScheduler" />
<property name="sessionDAO" ref="sessionDAO" />-->
<property name="sessionIdCookie" ref="sessionIdCookie" />
<!-- <property name="sessionListeners">
<list>
<ref bean="redisSessionListener" />
</list>
</property>-->
</bean>
<!-- rememberMe管理器 -->
<bean id="rememberMeManager"
class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<property name="cipherKey" value="
#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
<property name="cookie" ref="rememberMeCookie"/>
</bean>
<!-- 会话Cookie模板 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="sid"/>
<property name="httpOnly" value="true"/>
<property name="maxAge" value="-1"/>
<property name="name" value="JSHIROSESSIONID"></property>
</bean>
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="rememberMe"/>
<property name="httpOnly" value="true"/>
<property name="maxAge" value="2592000"/><!-- 30天 -->
</bean>
<!--配置ShiroFilter-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"></property>
<!--登入页面-->
<property name="loginUrl" value="/login"></property>
<!--登入成功页面-->
<property name="successUrl" value="/index.jsp"/>
<property name="filters">
<map>
<entry key="authc">
<bean class="shiro.ShiroAccessImpl"></bean>//针对未登录的用户进行拦截
</entry>
<!--退出过滤器-->
<!-- <entry key="logout" value-ref="logoutFilter" />-->
</map>
</property>
<!--URL的拦截-->
<property name="filterChainDefinitions" >
<value>
/logout = logout
/index/** = authc
</value>
</property>
</bean>
<!--自定义退出LogoutFilter-->
<!-- <bean id="logoutFilter" class="com.test.filter.SystemLogoutFilter">
<property name="redirectUrl" value="/login"/>
</bean>-->
</beans>
自定义realm
/**
* 授权
* @param principalCollection
* @return
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String userName = (String)authenticationToken.getPrincipal();
if("".equals(userName)){
throw new AuthenticationException("用户为空");
}
SimpleAuthenticationInfo token = new SimpleAuthenticationInfo (userName,"123456",this.getName());
return token;
}登录操作
@RequestMapping("/login")
public JSONObject login(){
logger.info("=============start===============");
JSONObject jsonObject = new JSONObject();
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("admin", "123");
try {
subject.login(token);
} catch (UnknownAccountException e) {
e.printStackTrace();
jsonObject.put("userName", "用户名错误!");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
jsonObject.put("passwd", "密码错误");
}
return jsonObject;
}//判断是否进行登录操作
public class ShiroAccessImpl extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if(this.isLoginRequest(request, response)) {
if(this.isLoginSubmission(request, response)) {
return this.executeLogin(request, response);
} else {
return true;
}
} else {
if(isAjax(request)){
Map<String,Object> result=new HashMap<String,Object>();
result.put("isLogin",false);
response.getWriter().print(result);
}else{
this.saveRequestAndRedirectToLogin(request, response);
}
return false;
}
}
public static boolean isAjax(ServletRequest request){
String header = ((HttpServletRequest) request).getHeader("X-Requested-With");
if("XMLHttpRequest".equalsIgnoreCase(header)){
System.out.println( "当前请求为Ajax请求");
return Boolean.TRUE;
}
System.out.println( "当前请求非Ajax请求");
return Boolean.FALSE;
}
}