POM:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <parent> <artifactId>imooc_shiro</artifactId> <groupId>com.pk</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>shiro_web</artifactId> <packaging>war</packaging> <name>shiro_web Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>4.2.4.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.2.4.RELEASE</version> </dependency> <!--shiro--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.4.0</version> </dependency> <!--mysql--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.32</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.0.9</version> </dependency>
<dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>4.2.4.RELEASE</version> </dependency> </dependencies> <build> <finalName>shiro_web</finalName> <plugins> <plugin> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat7-maven-plugin</artifactId> <version>2.1</version> <configuration> <uriEncoding>UTF-8</uriEncoding> <port>8090</port> <path>/</path> </configuration> </plugin> </plugins> </build> </project>
数据库
spring.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <import resource="spring-dao.xml"/> <context:component-scan base-package="dao"/> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="login.html"/> <property name="filterChainDefinitions"> <!--有顺序从上往下--> <value> /login.html=anon /subLogin=anon /*=authc </value> </property> </bean> <!--创建securityManager对象--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="realm"/> </bean> <bean id="realm" class="dao.realm.CustomRealm" > <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5" /> <property name="hashIterations" value="1"/> </bean> </beans>
springmvc.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> <context:component-scan base-package="com.pk.controller"/> <mvc:annotation-driven/> <!--排除静态文件--> <mvc:resources mapping="/*" location="/"/> </beans>
spring-dao.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"> <property name="url" value="jdbc:mysql://localhost:3306/test2"/> <property name="username" value="root"/> <property name="password" value="accp"/> </bean> <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate"> <property name="dataSource" ref="dataSource"/> </bean> </beans>
web.xml
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" > <web-app> <display-name>Archetype Created Web Application</display-name> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>DispatcherServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/springmvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> <async-supported>true</async-supported> </servlet> <servlet-mapping> <servlet-name>DispatcherServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- 注册spring提供的针对POST请求的中文乱码问题 --> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
User:
package dao.entity; /** * Created by Administrator on 2018/4/24 0024. */ public class User { private String username; private String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Override public String toString() { return "User{" + "username='" + username + '\'' + ", password='" + password + '\'' + '}'; } }
UserDao:
package dao; import dao.entity.User; import java.util.List; /** * Created by Administrator on 2018/4/25 0025. */ public interface UserDao { User getUserByUserName(String userName); List<String> queryRolesByUserName(String userName); }
UserDaoImpl:
package dao.impl; import dao.UserDao; import dao.entity.User; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.RowMapper; import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; import javax.annotation.Resource; import java.sql.ResultSet; import java.sql.SQLException; import java.util.ArrayList; import java.util.List; /** * Created by Administrator on 2018/4/25 0025. */ @Component public class UserDaoImpl implements UserDao { @Resource private JdbcTemplate jdbcTemplate; public User getUserByUserName(String userName) { String sql=" select username,password from users where username=? "; List<User> list=jdbcTemplate.query(sql,new String[]{userName}, new RowMapper<User>() { public User mapRow(ResultSet resultSet, int i) throws SQLException { User user=new User(); user.setUsername(resultSet.getString("username")); user.setPassword(resultSet.getString("password")); return user; } }); if (CollectionUtils.isEmpty(list)){ return null; } return list.get(0); } public List<String> queryRolesByUserName(String userName) { String sql="select role_name from user_roles where username=?" ; List<String> roles=jdbcTemplate.query(sql,new String[]{userName}, new RowMapper<String>() { public String mapRow(ResultSet resultSet, int i) throws SQLException { return resultSet.getString("role_name"); } }); return roles; } }
CustomRealm: 自定义realm
package dao.realm; import dao.UserDao; import dao.entity.User; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.crypto.hash.Md5Hash; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import javax.annotation.Resource; import java.util.*; /** * Created by Administrator on 2018/4/19 0019. */ public class CustomRealm extends AuthorizingRealm { @Resource private UserDao userDao; //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String userName=(String)principalCollection.getPrimaryPrincipal(); //模拟重数据库或者缓存中获取数据 Set<String> roles=getRolesByUserName(userName); Set<String> permissions=getPermissionsByUserName(userName); SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo(); simpleAuthorizationInfo.addStringPermissions(permissions); simpleAuthorizationInfo.setRoles(roles); return simpleAuthorizationInfo; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //重主题传过来的认证信息中,获得用户名 String userName=(String)authenticationToken.getPrincipal(); //t通过用户名到数据库中获取凭证 String password=getPasswordByUserName(userName); if(password==null){ return null; } SimpleAuthenticationInfo authenticationInfo=new SimpleAuthenticationInfo(userName,password,"customRealm"); //这是md5加密的,Mark加严(这里应该用随机数) authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(userName)); return authenticationInfo; } private String getPasswordByUserName(String userName){ User user=userDao.getUserByUserName(userName); return user.getPassword(); } private Set<String> getRolesByUserName(String userName){ //实际从数据库里面查询角色 List<String> list=userDao.queryRolesByUserName(userName); System.out.println(list); Set<String> sets=new HashSet<String>(list); return sets; } private Set<String> getPermissionsByUserName(String userName){ //模拟数据库 Set<String> sets=new HashSet<String>(); sets.add("user:delete"); sets.add("user:add"); return sets; } //看看md5加密123456是多少 public static void main(String[] args) { System.out.println("111"); Md5Hash md5Hash=new Md5Hash("123456","Mark"); System.out.println(md5Hash); } }
UserController:
package com.pk.controller; import dao.entity.User; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; /** * Created by Administrator on 2018/4/24 0024. */ @Controller public class UserController { @RequestMapping(value ="/subLogin",method = RequestMethod.POST, produces = "application/json;charset=utf-8") @ResponseBody public String subLogin(User user){ Subject subject= SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken(user.getUsername(), user.getPassword()); try { subject.login(token); }catch (AuthenticationException e){ return e.getMessage(); } if (subject.hasRole("admin")){ return "有admin权限"; } return "登录成功"; } }
login.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h2>登录</h2> <form action="subLogin" method="post"> 用户名<input type="text" name="username"/><br> 密码<input type="text" name="password"/><br> <input type="submit" value="提交"/> </form> </body> </html>
小白,简单的整合,希望能帮到正在学习的你...........如果不懂可以到慕课网看视频..本博客也是从那边自己跟着敲出来的