首页 > 代码库 > erp12---shiro框架使用
erp12---shiro框架使用
一、知识点:
1、认证:用户身份识别,常被称为用户登录,判断用户是否登录,如果未登录则拦截其请求;
授权:访问控制,当用户登录之后,判断其身份是否有权限访问相应的资源,如果没有权限则拦截
2、
认证:
anon--不认证也可以访问
authc--必须认证才可以访问
authcBasic,user
授权:
perms--指定资源需要哪些权限才可以访问
roles,sll,rest,port
authentication --认证
authorization --授权
authentication 认证
authorization 授权
二、erp整合shiro
1、pom.xml依赖
<!-- shiro -->
<!-- apache shiro dependencies -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-aspectj</artifactId>
<version>${shiro.version}</version>
</dependency>
2、web.xml配置shiro过滤器
配置在struts过滤器前面
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>*.action</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*</url-pattern>
</filter-mapping>
或者urlpattern直接:<url-pattern>/*</url-pattern>
3、添加spring配置文件
applicationContext_shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- shiro框架的中央枢纽 -->
<property name="securityManager" ref="securityManager" />
<!-- 如果访问页面或请求是没有当前登录人,会跳转到login.html中 -->
<property name="loginUrl" value="/login.html" />
<!-- 如果当前登录人访问的页面或请求没有权限时,跳转到error.html -->
<property name="unauthorizedUrl" value="/error.html" />
<property name="filterChainDefinitions">
<value>
/error.html = anon
/*.html = authc
</value>
</property>
</bean>
<!-- shiro框架的中央枢纽 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
</bean>
</beans>
其中bean对象的id要和web.xml里面的过滤器的名字要一样(shiroFilter)
三、认证:
1、用shiro框架改造登录方法:
//1、获取令牌
Md5Hash md5 = new Md5Hash(pwd, username, 2);
UsernamePasswordToken token = new UsernamePasswordToken(username,md5.toString()); //2、获取主题
Subject subject = SecurityUtils.getSubject();
//3、开始认证
try {
subject.login(token);
write(ajaxReturn(true, "登陆成功"));
} catch (AuthenticationException e) {
write(ajaxReturn(false, "登录失败,请重新登录"));
e.printStackTrace();
}
2、创建一个AuthorizingRealm的子类
private IEmpBiz empBiz;
public void setEmpBiz(IEmpBiz empBiz) {
this.empBiz = empBiz;
}
/**
* 认证
*/
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken)arg0;
String username = token.getUsername();
String pwd=new String(token.getPassword());
Emp emp = empBiz.findEmpByUsernameAndPwd(username, pwd);
if (emp!=null) {
//参数一: 主角 参数二:密码 参数三:realName
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(emp, pwd,getName());//已经放到了session中
return info;
}
return null;//如果这里return 的是null,loginAction中的checkUser里就会抛异常
} 3、配置ApplicationContext_shiro.xml添加如下代码
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="erpRealm" ></property>
</bean>
<bean id="erpRealm" class="cn.itcast.erp.realm.ErpRealm" >
<property name="empBiz" ref="empBiz" ></property>
</bean>
将数据源和登录代码连接在一起
4、shiro的session管理
取数据:
Subject subject = SecurityUtils.getSubject();
Emp emp = (Emp) subject.getPrincipal(); 销毁session数据:
Subject subject = SecurityUtils.getSubject();
subject.logout(); 四、授权
1、完整的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- 当实例化一个bean是,spring保证该Bean所依赖的其他bean已经初始化 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" depends-on="myPermsFilter">
<!-- shiro框架的中央枢纽 -->
<property name="securityManager" ref="securityManager" />
<!-- 如果访问页面或请求是没有当前登录人,会跳转到login.html中 -->
<property name="loginUrl" value="/login.html" />
<!-- 如果当前登录人访问的页面或请求没有权限时,跳转到error.html -->
<property name="unauthorizedUrl" value="/error.html" />
<property name="filters">
<map>
<entry key="perms" value-ref="myPermsFilter"></entry>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/error.html = anon
/login_*.action=anon
/emp_updatePwd.action= perms[]
/pwd.html=perms["重置密码"]
/emp_updatePwd_reset.action=perms["重置密码"]
/orders.html= perms["采购申请","采购订单查询","采购审核","采购确认","采购入库","销售订单录入","销售订单查询","销售订单出库"]
/orders_add.action= perms["采购申请","销售订单录入"]
/goods_list.action= perms["采购申请","销售订单录入","库存查询","库存变动记录"]
/supplier_list.action= perms["采购申请","销售订单录入"]
/orders_listByPage.action= perms["采购申请","采购订单查询","采购审核","采购确认","采购入库","销售订单录入","销售订单查询","销售订单出库"]
/orders_doCheck.action=perms["采购审核"]
/orders_doStart.action=perms["采购确认"]
/store_mylist.action= perms["采购入库","销售订单出库"]
/orderdetail_doInstore.action=perms["采购入库"]
/orderdetail_doOutstore.action=perms["销售订单出库"]
/storedetail.html= perms["库存查询"]
/store_*.action= perms["仓库"]
/goods_get.action= perms["库存查询","库存变动记录"]
/store_list.action= perms["库存查询","库存变动记录"]
/store_get.action= perms["库存查询","库存变动记录"]
/storedetail_listByPage.action= perms["库存查询"]
/storeoper_listByPage.action= perms["库存查询"]
/storeoper.html= perms["库存变动记录"]
/storeoper_listByPage.action= perms["库存变动记录"]
/emp_list.action= perms["库存变动记录"]
/emp_get.action= perms["库存变动记录"]
/store.html= perms["仓库"]
/orderReport.html= perms["销售统计表"]
/report_orderReport*.action= perms["销售统计表"]
/orderTrend.html= perms["销售趋势分析"]
/report_orderTrend*.action= perms["销售趋势分析"]
/roleMenuSet.html=perms["角色权限设置"]
/role_list.action=perms["角色权限设置"]
/role_readRoleMenus.action=perms["角色权限设置"]
/role_updateRoleMenus.action=perms["角色权限设置"]
/empRoleSet.html=perms["用户角色设置"]
/emp_list.action=perms["用户角色设置"]
/emp_readEmpRoles.action=perms["用户角色设置"]
/emp_updateEmpRoles.action=perms["用户角色设置"]
/role.html= perms["角色设置"]
/role_*.action= perms["角色设置"]
/goodstype.html= perms["商品类型"]
/goodstype_*.action= perms["商品类型"]
/goods.html= perms["商品"]
/goods_*.action= perms["商品"]
/supplier.html = perms["供应商","客户"]
/supplier_*.action = perms["供应商","客户"]
/emp.html= perms["员工"]
/emp_*.action= perms["员工"]
/dep_list.action=perms["员工"]
/dep.html= perms["部门"]
/dep_*.action= perms["部门"]
</value>
</property>
</bean>
<!-- shiro框架的中央枢纽 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="erpRealm"></property>
</bean>
<bean id="erpRealm" class="cn.itcast.erp.realm.ErpRealm">
<property name="empBiz" ref="empBiz"></property>
<property name="menuBiz" ref="menuBiz"></property>
</bean>
<bean id="myPermsFilter" class="cn.itcast.erp.filter.MyPermsFilter">
</bean>
</beans>
2、授权代码:
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Emp emp = (Emp) principals.getPrimaryPrincipal();
List<Menu> list = menuBiz.getMenuListByEmpuuid(emp.getUuid());
for (Menu menu : list) {
info.addStringPermission("部门");
}
return info;
}
3、自定义过滤器
package cn.itcast.myerp.filter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
public class myPermsFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws Exception {
Subject subject = getSubject(request, response);
String [] perms=(String[]) mappedValue;
if (perms!=null&&perms.length>0) {
for(int i=0;i<perms.length;i++){
if (subject.isPermitted(perms[i])) {
return true;
}
}
return false;
}else {
return false;
}
}
}
4、增加配置文件的配置
1、
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" depends-on="myPermsFilter">
<!-- 加了depends-on="myPermsFilter" -->
2、
<property name="filters">
<map>
<entry key="perms" value-ref="myPermsFilter"></entry>
</map>
</property>
3、
<bean id="myPermsFilter" class="cn.itcast.erp.filter.MyPermsFilter">
</bean>
null
erp12---shiro框架使用
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。