工程结构:
Jar包
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.linzx.test</groupId>
<artifactId>test-springshiro</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
<org.springframework.version>4.3.3.RELEASE</org.springframework.version>
<shiro.version>1.3.2</shiro.version>
<junit.version>4.12</junit.version>
</properties>
<dependencies>
<!-- spring mvc -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<!-- shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.5</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>4.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.7.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.2.2</version>
</plugin>
</plugins>
</build>
</project>
web.xml配置
package com.linzx.test.shiro.config;
import javax.servlet.FilterRegistration.Dynamic;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.filter.DelegatingFilterProxy;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
/**
* web.xml
* 继承AbstractAnnotationConfigDispatcherServletInitializer,会同时创建DispatcherServlet和ContextLoaderListener
*/
public class WebInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
super.onStartup(servletContext);
Dynamic characterEncoding = servletContext.addFilter("characterEncoding", CharacterEncodingFilter.class);
characterEncoding.setInitParameter("forceEncoding", "true");
characterEncoding.setInitParameter("encoding", "UTF-8");
characterEncoding.addMappingForUrlPatterns(null, true, "/*");
Dynamic shiroFilter = servletContext.addFilter("shiroFilter", DelegatingFilterProxy.class);
shiroFilter.setInitParameter("targetFilterLifecycle", "true"); // 设置true由servlet容器控制filter的生命周期
shiroFilter.addMappingForUrlPatterns(null, true, "/*");
// 静态资源处理
// servletContext.addFilter("resourceUrlEncoding", ResourceUrlEncodingFilter.class).addMappingForUrlPatterns(null, true, "/*");
}
}
spring-mvc.xml配置
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.linzx.test.shiro.controller", includeFilters = @Filter(classes = Controller.class), useDefaultFilters = false)
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Bean
public SimpleMappingExceptionResolver exceptionResolver() {
SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver();
Properties mappings = new Properties();
mappings.setProperty("org.apache.shiro.authz.UnauthorizedException", "/unauthorized");
mappings.setProperty("org.apache.shiro.authz.UnauthenticatedException", "/unauthenticated");
resolver.setExceptionMappings(mappings);
return resolver;
}
}
shiro.xml配置
package com.linzx.test.shiro.config.security;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.linzx.test.shiro.security.CustomRealm;
@Configuration
public class ShiroConfig {
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
return new AuthorizationAttributeSourceAdvisor();
}
/**
* 安全管理器
*/
@Bean
public DefaultWebSecurityManager securityManager() {
return new DefaultWebSecurityManager(customRealm());
}
/**
* 认证、授权
*/
@Bean
public CustomRealm customRealm() {
return new CustomRealm();
}
@Bean
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager());
shiroFilter.setLoginUrl("/unauthenticated"); // 未登录跳转url
// shiroFilter.setSuccessUrl("/home"); // 登录成功跳转url
shiroFilter.setUnauthorizedUrl("/unauthorized"); // 无权限跳转url
Map<String, Filter> filters = new HashMap<>();
filters.put("logout", logoutFilter()); // 退出过滤器
shiroFilter.setFilters(filters);
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); // LinkedHashMap
filterChainDefinitionMap.put("/login", "anon"); // 登录接口配置游客权限
filterChainDefinitionMap.put("/logout", "logout"); // 登出接口……
filterChainDefinitionMap.put("/*", "authc"); // 全部接口配置都需要权限
shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilter;
}
@Bean
public LogoutFilter logoutFilter() {
return new LogoutFilter();
}
}
Realm
package com.linzx.test.shiro.security;
import java.util.ArrayList;
import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
public class CustomRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userName = (String) principals.getPrimaryPrincipal();
List<String> permissionList = new ArrayList<String>();
permissionList.add("user:add");
permissionList.add("user:delete");
if (userName.equals("zhou")) {
permissionList.add("user:query");
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addStringPermissions(permissionList);
info.addRole("admin");
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String userName = (String) token.getPrincipal();
if ("".equals(userName)) {
return null;
}
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName, "123456", this.getName());
return info;
}
}
package com.linzx.test.shiro.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@RequestMapping("/hello")
public String hello() {
return "Hello World!";
}
}
package com.linzx.test.shiro.controller;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.linzx.test.shiro.dto.ResultBaseDto;
@RestController
public class LoginController {
@RequestMapping(value = "/login")
public ResultBaseDto login(@RequestParam("userName") String userName, @RequestParam("password") String password) {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
try {
subject.login(token);
} catch (UnknownAccountException e) {
e.printStackTrace();
return new ResultBaseDto("001", "用户名或密码错误");
} catch (IncorrectCredentialsException e) {
e.printStackTrace();
return new ResultBaseDto("001", "用户名或密码错误");
}
return new ResultBaseDto("000");
}
}
package com.linzx.test.shiro.controller;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.linzx.test.shiro.dto.ResultBaseDto;
@RestController
public class CommonController {
@RequestMapping("/unauthorized")
public ResultBaseDto unauthorized(HttpServletResponse resp) {
return new ResultBaseDto("401", "权限不足");
}
@RequestMapping("/unauthenticated")
public ResultBaseDto unauthenticated(HttpServletResponse resp) {
return new ResultBaseDto("403", "未登录");
}
}
效果:
1、未登录时访问的提示
登录后访问
相关推荐
《构建基于Spring MVC+MyBatis+EasyUI+UEditor+Shiro的权限管理框架系统》 在现代企业级Web应用开发中,高效、安全、易维护的框架选择至关重要。本项目采用Spring MVC、MyBatis、EasyUI、UEditor以及Shiro这五大...
Spring MVC、Shiro 和 JPA 是Java开发领域中三个非常重要的技术组件,它们分别负责不同的功能领域。在本文中,我们将深入探讨这三个技术如何协同工作,构建一个完整的权限管理示例。 **Spring MVC** Spring MVC 是 ...
【项目原型】spring+spring mvc+mybatis+shiro+maven+bootstrap+ajax+json+分页+逆向工程 包含现在最流行的技术框架,快速部署各种应用,加入shiro权限框架,安全,美观,你值得拥有
JAVA spring mvc + mybatis + shiro HTML5 bootstrap前后台框架搭建
本项目是一个基于Spring MVC、MyBatis、Bootstrap和Shiro框架整合开发的网上求职招聘系统,适用于毕业生进行毕业设计。这个系统集成了完整的前后端功能,包括用户注册、登录、职位发布、求职者投递简历等功能,同时...
基于 SpringBoot + Spring + SpringMvc + Mybatis + Shiro+ Redis 开发单点登录管理系统 基于 SpringBoot + Spring + SpringMvc + Mybatis + Shiro+ Redis 开发单点登录管理系统 基于 SpringBoot + Spring + ...
手把手教你集成spring cloud + shiro微服务框架;用最少的工作量,改造基于shiro安全框架的微服务项目,实现spring cloud + shiro 框架集成。博客地址:...
本示例项目“Spring-mvc+mybatis+shiro学习demo”提供了一个基础框架,帮助初学者了解如何整合这三个核心组件:Spring MVC(用于处理HTTP请求和控制业务逻辑)、MyBatis(一个持久层框架,简化数据库操作)以及Shiro...
spring+spring mvc+mybatis+shiro+easyui+jquery生产管理ERP系统源码,系统经多次测试,运行无误,大家放心下载
这是一个基于Spring MVC、Shiro和MyBatis的Java Web应用示例项目,旨在展示如何将这三个框架集成到一起,实现用户认证、授权以及数据库操作。下面将分别介绍这三大框架的核心功能及其在该项目中的作用。 **Spring ...
这是一个基于Spring Boot、Apache Shiro、Spring MVC、MyBatis、Quartz和Druid的数据源管理框架的示例项目,名为"renren-security"。这个DEMO提供了完整的权限管理和任务调度解决方案,下面是这些技术栈的核心知识点...
标题 "spring+mvc+jpa+shiro+hibernate+maven案例" 描述了一种集成多种技术的Web应用开发架构,其中包括Spring MVC、Spring JPA、Shiro、Hibernate以及Maven。这些技术都是Java开发中的关键组件,用于构建高效、安全...
整合spring mvc+mybatis+Shiro+dwz实现的通用后台系统。完成了权限管理,角色管理,员工管理,部门管理等常用功能。无论私单公单都可快速上手。数据库使用mysql,根据实体类建库即可。
基于springboot微服务框架的个人博客系统,技术栈SpringCloud+MyBatis+Redis+shiro+vue 基于springboot微服务框架的个人博客系统,技术栈SpringCloud+MyBatis+Redis+shiro+vue 基于springboot微服务框架的个人博客...
首先,`SpringMVC` 是 Spring 框架的一部分,它是一个模型-视图-控制器(MVC)架构的实现。SpringMVC 提供了强大的依赖注入(DI)和面向切面编程(AOP)功能,使得开发者可以轻松地构建松耦合、易于测试的Web应用。...
本系统采用了业界广泛使用的四大核心技术——Spring MVC、MyBatis、Shiro和Dubbo,构建了一个强大的分布式后台管理框架。下面将对这四大技术进行详细阐述,并探讨它们如何协同工作,以实现高效、安全的后台管理。 ...
1、主工程 BZQ-4Spring-B2B2C 工程是通过MAVEN构建,IDE是SPRINGTOOLS4,jdk1.8 商品中心模型工程 BZQ-B2B2C-WARE 包括 BZQ-B2B2C-WARE-CENTER 和 BZQ-B2B2C-WARE-API 2、application.yml springBoot2因为提倡是无...
整合spring mvc+mybatis+Shiro+dwz实现的通用后台系统。完成了权限管理,角色管理,员工管理,部门管理等常用功能。无论私单公单都可快速上手。数据库使用mysql,根据实体类建库即可。
本后台管理系统,采用流行的框架springMvc+spring+mybatis+shiro+redis+ehcache开发,实现了权限管理(菜单权限、数据权限),solr全文搜索引擎,activiti工作流程引擎,cas单点登陆等功能,完善的代码生成器 后期还...