javashiro登录实例_springmvc集成shiro登录权限⽰例代码⼀般的登录流程会有:⽤户名不存在,密码错误,验证码错误等..
在集成shiro后,应⽤程序的外部访问权限以及访问控制交给了shiro来管理。
shiro提供了两个主要功能:认证(Authentication)和授权(Authorization);认证的作⽤是证明⾃⾝可以访问,⼀般是⽤户名加密码,授权的作⽤是谁可以访问哪些资源,通过开发者⾃⼰的⽤户⾓⾊权限系统来控制。
shiro的会话管理和缓存管理不在本⽂范围内。
下⾯通过登录失败的处理流程来介绍springmvc与shiro的集成。
项⽬依赖:
依赖名称
版本
spring
4.1.4.RELEASE
shiro
1.2.2
self4j
1.7.5
log4j
1.2.17
在l⾥配置shiro
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
targetFilterLifecycle
true
shiroFilter
/*
新建⼀个l配置shiro相关信息,使⽤spring加载
xmlns:xsi="/2001/XMLSchema-instance"
xmlns:context="/schema/context"
xsi:schemaLocation="
default-lazy-init="true">
Shiro Configuration
/sys/login = authc
/sys/logout = logout
/
sys/** = user
新建⼀个登录认证过滤器FormAuthenticationFilter.java
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.stereotype.Service;
/**
* 表单验证(包含验证码)过滤类*/
@Service
public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFi
lter { public static final String DEFAULT_CAPTCHA_PARAM = "validateCode";
private String captchaParam = DEFAULT_CAPTCHA_PARAM;
public String getCaptchaParam() {
return captchaParam;
}
protected String getCaptcha(ServletRequest request) {
CleanParam(request, getCaptchaParam());
}
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
String username = getUsername(request);
shiro权限控制String password = getPassword(request);
String locale = Parameter("locale");
if (password == null) {
password = "";
}
boolean rememberMe = isRememberMe(request);
String host = getHost(request);
String captcha = getCaptcha(request);
return new UsernamePasswordToken(username, CharArray(),locale, rememberMe, host, captcha); }
}
新建令牌类UsernamePasswordToken.java
package com.dules.sys.security;
/**
* ⽤户和密码(包含验证码)令牌类*/
public class UsernamePasswordToken extends org.apache.shiro.authc.UsernamePasswordToken {
private static final long serialVersionUID = 1L;
private String captcha;
private String locale;
public String getCaptcha() {
return captcha;
}
public void setCaptcha(String captcha) {
this.captcha = captcha;
}
public String getLocale() {
return locale;
}
public void setLocale(String locale) {
this.locale = locale;
}
public UsernamePasswordToken() {
super();
}
public UsernamePasswordToken(String username, char[] password, boolean rememberMe, String host, String captcha) {
super(username, password, rememberMe, host);
this.captcha = captcha;
}
public UsernamePasswordToken(String username, char[] password, String locale,boolean rememberMe, String host, String captcha) {
super(username, password, rememberMe, host);
this.captcha = captcha;
this.locale = locale;
}
}
最后⼀个是认证实现类SystemAuthorizationRealm:
package com.dules.sys.security;
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import com.chunhui.webservicemon.utils.EmployeeType;
import com.chunhui.webservicemon.utils.VertifyStatus;
import org.apachemons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.dential.HashedCredentialsMatcher; import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.alm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import t.annotation.DependsOn;
import org.springframework.stereotype.Service;
import com.chunhui.webservicemon.servlet.ValidateCodeServlet; import com.chunhui.webservicemon.utils.SpringContextHolder; import com.ity.Employee;
import com.ity.Menu;
import com.dules.sys.service.SystemService; import com.dules.sys.utils.SystemUtils;
import com.dules.sys.web.LoginController;
/**
* 系统安全认证实现类*/
@Service
@DependsOn({ "employeeDao", "roleDao", "menuDao" })
public class SystemAuthorizingRealm extends AuthorizingRealm { private SystemService systemService;
/**
* 认证回调函数, 登录时调⽤
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
// 判断验证码
Session session = Subject().getSession();
// 设置独⽴的session会话超时时间 session.setTimeout(60000);
String code = (String) Attribute(ValidateCodeServlet.VALIDATE_CODE);
if (Captcha() == null || !Captcha().toUpperCase().equals(code)) {
throw new CaptchaException("验证码错误!");
}
//如果帐号不存在,输出
//throw new UnknownAccountException();
//如果帐号被禁⽤,输出
//throw new DisabledAccountException();
//保存登录时选择的语⾔
try{
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(new Principal(employee), Password(), getName());
return info;
}catch (Throwable t){
t.printStackTrace();
throw new AuthenticationException();
}
}/**
* 授权查询回调函数, 进⾏鉴权但缓存中⽆⽤户的授权信息时调⽤
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Principal principal = (Principal) getAvailablePrincipal(principals);
Employee employee = getSystemService().Username());
if (employee != null) {

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。