spring+shiro 整合實(shí)例代碼詳解

更新時(shí)間：2018年10月25日 10:25:41 作者：木土mango

本文通過實(shí)例代碼給大家介紹spring+shiro 整合的過程，非常不錯(cuò)，具有一定的參考借鑒價(jià)值,需要的朋友可以參考下

一、添加相關(guān)依賴

<dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-core</artifactId>
   <version>1.2.1</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-web</artifactId>
   <version>1.2.1</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-ehcache</artifactId>
   <version>1.2.1</version>
  </dependency>
  <dependency>
   <groupId>org.apache.shiro</groupId>
   <artifactId>shiro-spring</artifactId>
   <version>1.2.1</version>
  </dependency> 
  <dependency>
   <groupId>commons-logging</groupId>
   <artifactId>commons-logging</artifactId>
   <version>1.2</version>
  </dependency>

二、編寫代碼

1、自定義realm

public class CommonRealm extends AuthorizingRealm {
 @Autowired
 private UserLoginService userLoginService;
 @Override
 public String getName() {
  return "CommonRealm";
 }
 //授權(quán)
 @Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
  String usernmae = (String) principals.getPrimaryPrincipal();
  List<String> permissions = new ArrayList<String>();
  if ("admin".equals(usernmae)) {
   permissions.add("admin:ee");
  }
  SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
  info.addStringPermissions(permissions);
  return info;
 }
 //身份認(rèn)證
 @Override
 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  String username = (String) token.getPrincipal();
  User user = userLoginService.getUser(username);
  if (user == null) {
   return null;
  }
  SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, user.getPassword(), getName());
  return info;
 }
}

2、login controller

@Controller
public class UserAction {
 @Autowired
 private UserLoginService userLoginService;
 @RequestMapping("/login.do")
 public String userLogin(HttpServletRequest request, String username, String password) throws Exception {
  // 如果登陸失敗從request中獲取異常信息，shiroLoginFailure就是shiro異常類的全限定名
  String exceptionClassName = (String) request.getAttribute("shiroLoginFailure");
  if (exceptionClassName != null) {
   if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
    // 最終會(huì)拋給異常處理器
    throw new XXXException("用戶名不存在");
   } else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
    throw new XXXException("用戶名/密碼錯(cuò)誤");
   } else {
    throw new Exception();// 最終在異常處理器生成未知錯(cuò)誤
   }
  }
  // 如果登錄成功的話不走此方法，shiro認(rèn)證成功會(huì)自動(dòng)跳轉(zhuǎn)到上一個(gè)請(qǐng)求路徑，配的的successUrl沒效果，后邊會(huì)說
  // 登陸失敗走此方法，捕獲異常，然后 return ~ ,還到login頁面
  return "login.jsp";
 }
}

3、檢測(cè)權(quán)限 controller

 //此方法為了驗(yàn)證權(quán)限是否生效
 @RequestMapping("/findAll.do")
 @RequiresPermissions("admin:ee")
 public ModelAndView list(HttpServletRequest request){
  ....... 
 }

三、常見問題

因?yàn)橛幸恍┨貏e常見的問題，需要修改xml配置，所以現(xiàn)在先手問題，把xml配置放在后邊，直接就配置完善好的xml

問題一：登陸成功后shiro默認(rèn)跳到上一次請(qǐng)求，沒有上一次請(qǐng)求默認(rèn)跳到/ ，那我們就想控制調(diào)到自己定義的路徑咋辦呢？

解決方案：

步驟一：繼承FormAuthenticationFilter類，重寫onLoginSuccess方法，這里可以自定義路徑，因?yàn)檫@里自定義了成功跳轉(zhuǎn)的路徑，所以配置里的successUrl不用配置，賠了也沒效果。。

public class LoginSuccessToFilter extends FormAuthenticationFilter {
 @Override
 protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
  WebUtils.getAndClearSavedRequest(request);
  WebUtils.redirectToSavedRequest(request,response,"/findAll.do");
  return false;
 }
}

步驟二：

在shiro的xml配置文件中配置

 <bean id="myfilter" class="com.xxx.realm.LoginSuccessToFilter"></bean>

在 shiroFilter配置中引入,完整xml在后邊

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  <property name="filters">
   <map>
    <entry key="authc" value-ref="myfilter"></entry>
   </map>
  </property>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  <property name="filters">
   <map>
    <entry key="authc" value-ref="myfilter"></entry>
   </map>
  </property>
</bean>

四、Xml配置

applicationContext-shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
  xmlns:context="http://www.springframework.org/schema/context"
  xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jee="http://www.springframework.org/schema/jee"
  xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:util="http://www.springframework.org/schema/util"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
   http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
   http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
   http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
   http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  <!-- 管理器，必須設(shè)置 -->
  <property name="securityManager" ref="securityManager"/>
  <property name="filters">
   <map>
    <entry key="authc" value-ref="myfilter"></entry>
   </map>
  </property>
  <!-- 攔截到，跳轉(zhuǎn)到的地址,通過此地址去認(rèn)證 -->
  <property name="loginUrl" value="/login.do"/>
  <!-- 認(rèn)證成功統(tǒng)一跳轉(zhuǎn)到/admin/index.do，建議不配置，shiro認(rèn)證成功自動(dòng)到上一個(gè)請(qǐng)求路徑 -->
  <!--<property name="successUrl" value="/findAll.do"/>-->
  <!-- 通過unauthorizedUrl指定沒有權(quán)限操作時(shí)跳轉(zhuǎn)頁面 -->
  <property name="unauthorizedUrl" value="/refuse.jsp"/>
  <!-- 自定義filter，可用來更改默認(rèn)的表單名稱配置 -->
  <!--<property name="filters">-->
  <!--<map>-->
  <!--&lt;!&ndash; 將自定義 的FormAuthenticationFilter注入shiroFilter中 &ndash;&gt;-->
  <!--<entry key="authc" value-ref="formAuthenticationFilter" />-->
  <!--</map>-->
  <!--</property>-->
  <property name="filterChainDefinitions">
   <value>
    <!-- 對(duì)靜態(tài)資源設(shè)置匿名訪問 -->
    /image/** = anon
    /css/** = anon
    /js/** = anon
    /logout.do = logout
    /** = authc
   </value>
  </property>
 </bean>
 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
 <!-- securityManager安全管理器 -->
 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
  <property name="realm" ref="customRealm"/>
  <!-- 注入緩存管理器 -->
  <!--<property name="cacheManager" ref="cacheManager" />-->
  <!-- 注入session管理器 -->
  <!-- <property name="sessionManager" ref="sessionManager" /> -->
  <!-- 記住我 -->
  <!--<property name="rememberMeManager" ref="rememberMeManager" />-->
 </bean>
 <!-- 自定義realm -->
 <bean id="customRealm" class="com.dhl.realm.CommonRealm"></bean>
 <bean id="myfilter" class="com.dhl.realm.LoginSuccessToFilter"></bean>
 <!-- 憑證匹配器 -->
 <!--<bean id="credentialsMatcher"-->
   <!--class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">-->
  <!--&lt;!&ndash; 選用MD5散列算法 &ndash;&gt;-->
  <!--<property name="hashAlgorithmName" value="md5"/>-->
  <!--&lt;!&ndash; 進(jìn)行一次加密 &ndash;&gt;-->
  <!--<property name="hashIterations" value="1"/>-->
 <!--</bean>-->
</beans>

springmvc的配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:aop="http://www.springframework.org/schema/aop"
  xmlns:tx="http://www.springframework.org/schema/tx"
  xmlns:context="http://www.springframework.org/schema/context"
  xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
  http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/aop
  http://www.springframework.org/schema/aop/spring-aop.xsd
  http://www.springframework.org/schema/tx
  http://www.springframework.org/schema/tx/spring-tx.xsd
  http://www.springframework.org/schema/context
  http://www.springframework.org/schema/context/spring-context.xsd
  http://www.springframework.org/schema/mvc
  http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd">
 <context:component-scan base-package="com.dhl.controller"></context:component-scan>
 <mvc:annotation-driven></mvc:annotation-driven>
 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"></bean>
 <!-- 開啟shiro注解的配置移動(dòng)到這兒 -->
 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
  <property name="proxyTargetClass" value="true" />
 </bean>
 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
  <property name="securityManager" ref="securityManager"/>
 </bean>
</beans>

以上就是一個(gè)大概的整合和遇到的兩個(gè)問題，博主也是查閱了很多的博客得到的較優(yōu)答案，整理出來，已備后續(xù)參考，遇到一樣問題的同學(xué)可以看看

您可能感興趣的文章: