SSM框架下的shiro配置

pom.xml中shiro相关jar

 
		
 
		    
  
   org.apache.shiro
  
		    
  
   shiro-spring
  
		    
  
   1.3.2
  
		
 
		
 
	        
  
   org.apache.shiro
  
	        
  
   shiro-web
  
	        
  
   1.3.2
  
    	
 
    	
 
            
  
   org.apache.shiro
  
            
  
   shiro-ehcache
  
            
  
   1.3.2
  
         
 
         
 

web.xml中加入shiro的filter

 
	
 
		
  
   shiroFilter
  
		
  
   org.springframework.web.filter.DelegatingFilterProxy
  
		
   
    
   
    targetFilterLifecycle
    
   
    true
    
  
	
 
	
 
		
  
   shiroFilter
  
		
  
   /*
  
	
 

spring-context-shiro.xml

 

 
                         
  
    
      
  
    
   
    
    
    
    
   
     
  
     
     
    
	
   
    
    

    
    
    
  
    
   
    
    
     
      
      
     
    
   
    
   
    
    
     
      
      
     
    
   
      

  
  
     
  
    
   
    
     
      
      
     
    
  
    
  
    
   
    
     
      
      
     
    
  
    

    
  
    
   
    
    
    
    
    
    
    
    
     
      /images/** = anon /js/** = anon /css/** = anon 
      /login.jsp = anon /user/logout =logout /user/dologin =anon /user/insertUser= anon /user/admin.jsp=roles[admin] /user/user.jsp=roles[user] /** = authc 
     
    
    

    
    
    
    

    
  
    
    
        
   
    
                    
   
                        

 

MyRealm.java 自定义的realm

package com.ssm.shiro;

import java.util.HashSet;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import com.ssm.pojo.User;
import com.ssm.service.UserService;


/**
* @author 作者 wangs 
* @version 创建时间：2017年11月8日 下午4:17:12
* 类说明 身份认证Realm 查询数据，并得到正确数据
*/

public class MyRealm extends  AuthorizingRealm{
	@Autowired
	private UserService usersvice;
	/*
	 * 1.doGetAuthorizationInfo,获取认证消息，如果数据库中没有数据，返回null,如果得到正确的用户名密码，返回指定类型对象
	 * 
	 * 2.AuthorizationInfo可以使用SimpleAuthenticationInfo实现类封装正确的用户名密码
	 * 
	 * 3.token的参数，就是我们需要认证的token
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		SimpleAuthenticationInfo info=null;
		// 1.将token转换成UserNamePasswordToken
		UsernamePasswordToken upToken=(UsernamePasswordToken)token;//前端输入的用户名密码
		//2.获取输入用户名
		String userName=upToken.getUsername();
		//3.查询数据库，是否存在指定用户名密码用户
		User user = usersvice.selectUser(userName);
		if(user!=null){
		//4.如果查询到了，封装查询结果，返回给我们调用
		Object principal=user.getName();
		Object credentials=user.getPassword();
		//得到盐
		ByteSource salt=ByteSource.Util.bytes(userName);
		String realmName=this.getName();
		//把得到的值进行 
		info=new SimpleAuthenticationInfo(principal, credentials, salt, realmName);
		}
		return info;
	}
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
		//AuthorizationInfo 返回值封装获取用户对应的所有角色，SimpleAuthorizationInfo(Set
 
  )
		//参数列表PrincipalCollection 登陆的身份，即登陆的用户名
		String name=principal.toString();
		SimpleAuthorizationInfo info=null;
		User user = usersvice.selectUser(name);
		if(user!=null){
			Set
  
    roles=new HashSet
   
    (); roles.add(user.getRoles()); info=new SimpleAuthorizationInfo(roles); }else{ //5.如果没查到，抛出异常 throw new AuthenticationException(); } return info; } }
   
  
 

shiro-ehcache.xml

LoginController.java

package com.ssm.controller;


import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

import com.ssm.pojo.User;
import com.ssm.service.UserService;

/**
* @author 作者 wangs 
* @version 创建时间：2017年11月8日 下午4:43:52
* 类说明
*/
@Controller
public class LoginController {
	@Autowired
	private UserService userService;
	Logger log=Logger.getLogger(LoginController.class);
	@RequestMapping(value = "user/dologin")  
	public String doLogin(@RequestParam("userName")String userName
			,@RequestParam("password")String password) { 
	
		/*
		 * 获取subject，判断是否登录，把账户和密码封装UsernamePassword中，subject执行登录，进入Realm判断登录信息是否正确
		 */
		Subject subject=SecurityUtils.getSubject();
		if(subject.isAuthenticated()==false){
			UsernamePasswordToken token=new UsernamePasswordToken(userName,password);
			
			try {
				subject.login(token);
			} catch(AuthenticationException e){
           	 log.info("认证异常");
           	 return "error";
            }
		
		}else{
			log.info("用户已登录");
		}
		
	 return "index";
	}
	
	
	@RequestMapping(value = "user/insertUser")
	public String insertUser(User user){
		//查询是否用户名重复
		User selectUser = userService.selectUser(user.getName());
		if(selectUser!=null){
			log.info("账户名已存在");
			return "error";	
		}
		String password = user.getPassword();
		//得到盐
		ByteSource salt=ByteSource.Util.bytes(user.getName());
		SimpleHash sh= new SimpleHash("MD5", password, salt, 1024);
		user.setPassword(sh.toString());
		userService.insertUser(user);
		log.info("用户注册成功");
		return "login";
	}
}