简单的shirod例子
Posted sh-0131
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了简单的shirod例子相关的知识,希望对你有一定的参考价值。
有几种方式其他的记不住了,这里把我常用的一种介绍一下。
shiro这个功能对应五张数据库表
一个人可以有多个角色,一个角色可以有多个权限
先写一个配置文件
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <!-- 配置自定的Realm类 --> <bean id="myRealm" class="com.zhiyou.shiro.realm.MyRealm"/> <!-- 配置SecurityManager的bean --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm"/> </bean> <!-- 请求过滤器 id必须与web.xml文件中的过滤器名称相同 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 如果你的请求未login.html那么放行 --> <property name="loginUrl" value="/login.html"></property> <!-- 该过滤器与SecurityManager关联再一起 --> <property name="securityManager" ref="securityManager"></property> <!-- 如果没有权限则跳转到该页面 --> <property name="unauthorizedUrl" value="/403.html"></property> <!--设置规则 anno:允许匿名访问 authc: 需要认证才可以访问 --> <property name="filterChainDefinitions"> <value> /css/** = anon /images/** = anon /js/** = anon /user/login= anon /login.jsp=anon /**=authc </value> </property> </bean> </beans>
web.xml里面写一个过滤
<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
jar包
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version> </dependency>
封装一个验证权限的类
package com.zhiyou.shiro.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.zhiyou.bean.User; public class MyRealm extends AuthorizingRealm{ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = token.getPrincipal().toString(); System.out.println("开始认正用户:"+username); //根据此账户查信息 User user=new User(1,"ss","123456"); SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username,user.getPassword(),getName()); return info; } }
有权限的功能的例子
package com.zhiyou.shiro.realm; import java.util.Arrays; import java.util.List; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.zhiyou100.sh.bean.User; import com.zhiyou100.sh.bean.role; import com.zhiyou100.sh.dao.UserDao; public class MyRealm extends AuthorizingRealm{ UserDao userDao=new UserDao(); @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("开始授权"); String username = principals.toString(); System.out.println("要授权的姓名:"+username); //根据用户查询该用户具有的角色 List<role> list = userDao.findByname(username); System.out.println(list); if(list.size()==0) { return null;//该角色没有任何权限 } SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); for(role l:list) { System.out.println(l.getRname()+"dd"); info.addRole(l.getRname());//角色名添加到info里 //根据该角色查询相应的权限 if(l.getRname().equals("admin")) { info.addStringPermissions(Arrays.asList("user:create","user:delete")); } if(l.getRname().equals("manage")) { info.addStringPermissions(Arrays.asList("cc:create","user:delete")); } } return info; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("开始执行认证功能"); //获取你输入的账号 String username=(String) token.getPrincipal(); //根据该账号查询数据库。 User user = userDao.selectByname(username); if(user==null) { return null; //该账号对应的用户不存在。 } //principal账号 你输入的账号 //credentials:根据账号查询的密码 //realmName:随便给 但是再企业中习惯用 getName() //info:对象会帮你比较 密码是否一致 SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username, user.getPassword(), getName()); return info; } }
可以看看大佬的shiro的介绍
https://www.cnblogs.com/tony-hyn/p/11593241.html
以上是关于简单的shirod例子的主要内容,如果未能解决你的问题,请参考以下文章