shiro的使用1 简单的认证

首页 > 代码库 > shiro的使用1 简单的认证

2024-07-09 22:46:47 222人阅读

最近在重构，有空学了一个简单的安全框架shiro，资料比较少，在百度和google上能搜到的中文我看过了，剩下的时间有空会研究下官网的文章和查看下源码，

简单的分享一些学习过程；

1，简单的一些概念上的认知

2，使用认证的基本流程

3，shiro集成spring完成简单的认证流程，已实现

建一个maven的web项目,引入依赖
  springmvc的的依赖
<dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>3.2.0.RELEASE</version>
        </dependency>
shiro跟spring集成的插件

<dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.2.3</version>
        </dependency>

配置web.xml
指出spring容器的配置文件位置
<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath*:context_config.xml</param-value>
    </context-param>
指出spring在web容器中的代号
    <context-param>
        <param-name>webAppRootKey</param-name>
        <param-value>wechatSystem</param-value>
    </context-param>
初始化spring的容器
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
spring mvc的分发器
    <servlet>
          <servlet-name>admin</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath*:admin-dispatcher-servlet.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
     </servlet>
     <servlet-mapping>
          <servlet-name>admin</servlet-name>
          <url-pattern>/</url-pattern>
     </servlet-mapping>
spring跟shiro集成的过滤代理
<filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/admin/*</url-pattern>
    </filter-mapping>
    
    <filter>
        <filter-name>characterEncoding</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>characterEncoding</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

配置shiroFilter实例

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="http://www.mamicode.com/admin/login" />
        <property name="successUrl" value="http://www.mamicode.com/admin/home" />
        <property name="unauthorizedUrl" value="http://www.mamicode.com/admin/login" />
        <property name="filters">
            <map>
                <entry key="anno" value-ref="anno"/>
                <entry key="authc" value-ref="authc"/>
            </map>
        </property>
        <property name="filterChainDefinitionMap">
            <map>
                <entry key="anon" value="http://www.mamicode.com/anon"/>
                <entry key="authc" value="http://www.mamicode.com/authc"/>
            </map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /admin/login=anon
                /admin/validCode=anon
                /user/**=authc
                /role/**=authc
                /permission/**=authc
                /**=authc
            </value>
        </property>
    </bean>
    <bean id="authc" class="com.util.filter.MyAccessFilter"/>
    <bean id="anno" class="org.apache.shiro.web.filter.authc.AnonymousFilter"/>
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="myRealm"/>
    </bean>
    <bean id="myRealm" class="com.util.MysqlJdbcRealM"/>

开发跟shiro交互的RealM，一般把权限信息放到db中

package com.util;

import com.domain.User;
import com.domain.UserDto;
import com.google.common.base.Strings;
import com.service.UserDtoService;
import com.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;

/**
* User： cutter.li
* Date： 2014/6/19 0019
* Time： 15:24
* 备注：自定义的mysql数据源
*/
@Component
public class MysqlJdbcRealM extends JdbcRealm {

    @Resource
    private UserService userService;

    //登录认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        String username = String.valueOf(usernamePasswordToken.getUsername());
        User user = userService.findByUserName(username);
        AuthenticationInfo authenticationInfo = null;
        if (null != user) {
            String password = new String(usernamePasswordToken.getPassword());
            if (password.equals(user.getPassword())) {
                authenticationInfo = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
            }
        }
        return authenticationInfo;
    }

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        String username = (String) principals.getPrimaryPrincipal();
        if (!Strings.isNullOrEmpty(username)) {
            SimpleAuthorizationInfo authenticationInfo = new SimpleAuthorizationInfo();
            authenticationInfo.setRoles(userService.findRolesStr(username));
            authenticationInfo.setStringPermissions(userService.findPermissionsStr(username));
            return authenticationInfo;
        }
        return null;

    }
}

简单的登录页面，功能测试

controller的实现：

@RequestMapping(value = "http://www.mamicode.com/login", method = RequestMethod.POST)
    public ResponseEntity<Message> loginSubmit(String username, String password, String vcode, HttpServletRequest request) {
        message.setSuccess();
        validateLogin(message, username, password, vcode);
        try {
//            String code = request.getSession().getAttribute(AppConstant.KAPTCHA_SESSION_KEY).toString();
//            if (!vcode.equalsIgnoreCase(code)) {
//                message.setCode(AppConstant.VALIDCODE_ERROR);
//                message.setMsg("验证码错误");
//            }
            if (message.isSuccess()) {

                Subject subject = SecurityUtils.getSubject();
                subject.login(new UsernamePasswordToken(username, password));

                if (subject.isAuthenticated()) {
                        message.setMsg("登录成功");
                } else {
                    message.setCode(AppConstant.USERNAME_NOTEXIST);
                    message.setMsg("用户名/密码错误");
                }
            }
        }catch (AuthenticationException ex){
            message.setCode(AppConstant.USERNAME_NOTEXIST);
            message.setMsg("用户名/密码错误");
            ex.printStackTrace();
        }
        finally {
            return new ResponseEntity<Message>(message, HttpStatus.OK);
        }

    }

指定认证的策略和多数据源

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="http://www.mamicode.com/admin/login" />
        <property name="successUrl" value="http://www.mamicode.com/admin/home" />
        <property name="unauthorizedUrl" value="http://www.mamicode.com/admin/login" />
        <property name="filters">
            <map>
                <entry key="anno" value-ref="anno"/>
                <entry key="authc" value-ref="authc"/>
            </map>
        </property>
        <property name="filterChainDefinitionMap">
            <map>
                <entry key="anon" value="http://www.mamicode.com/anon"/>
                <entry key="authc" value="http://www.mamicode.com/authc"/>
            </map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /admin/login=anon
                /admin/validCode=anon
                /user/**=authc
                /role/**=authc
                /permission/**=authc
                /**=authc
            </value>
        </property>
    </bean>
    <bean id="authc" class="com.util.filter.MyAccessFilter"/>
    <bean id="anno" class="org.apache.shiro.web.filter.authc.AnonymousFilter"/>
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="authenticator" ref="modelAuthricator"/>
    </bean>
    <bean id="modelAuthricator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
        <property name="authenticationStrategy" ref="firstSuccess"/>
        <property name="realms">
           <list>
             <ref local="myRealm"/>
           </list>
        </property>
    </bean>
    <bean id="firstSuccess" class="org.apache.shiro.authc.pam.FirstSuccessfulStrategy"/>
    <bean id="myRealm" class="com.util.MysqlJdbcRealM"/>

声明：以上内容来自用户投稿及互联网公开渠道收集整理发布，本网站不拥有所有权，未作人工编辑处理，也不承担相关法律责任，若内容有误或涉及侵权可进行投诉：投诉/举报工作人员会在5个工作日内联系你，一经查实，本站将立刻删除涉嫌侵权内容。

联系
我们

首页 > 代码库 > shiro的使用1 简单的认证

shiro的使用1 简单的认证

看完仍有疑问？有类似问题直接问程序猿