SpringMVC + Mybatis + Shiro 权限整合

pyzheng

浏览: 3420298 次
性别:
来自: 珠海

最近访客更多访客>>

kopomimi

oszerone

lindow

leisure0422

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

2016-06 ( 26)
2016-05 ( 32)
2016-04 ( 33)
更多存档...

博客分类：

详细见参考文章:
基于Spring + Spring MVC + Mybatis 高性能web构建 http://blog.csdn.net/zoutongyuan/article/details/41379851
SpringMVC整合Shiro http://blog.csdn.net/jadyer/article/details/12208847
shiro+redis+springMvc整合配置及说明 http://blog.csdn.net/siqilou/article/details/44194165
Shiro的注解授权不起作用 http://segmentfault.com/q/1010000002719527, 在servlet.xml加入

<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"/>

, 否则controller无法使用注解.
shiro安全框架扩展教程--异常退出没有清除缓存信息处理方案 http://blog.csdn.net/shadowsick/article/details/17265625
这个方法可能避免使用sessionValidationScheduler, 就是避免使用, 就能使用高版本的quartz了.

配置会话监听:

package com.pandy.core.security.session;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionListener;
public class CoreSessionListener implements SessionListener {
    ......
}

<!-- 会话管理器 -->
    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        <property name="sessionListeners">
            <list>
                <bean id="sessionListener" class="com.pandy.core.security.session.CoreSessionListener"/>
            </list>
        </property>
    </bean>

一些配置参考:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
						http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
	default-lazy-init="true">

	<description>Shiro Configuration</description>

	<!-- Shiro's main business-tier object for web-enabled applications -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="shiroDbRealm" />
		<property name="cacheManager" ref="cacheManager" />
	</bean>

	<!-- 項目自定义的Realm -->
	<bean id="shiroDbRealm" class="cn.ssms.realm.ShiroDbRealm">
		<property name="cacheManager" ref="cacheManager" />
	</bean>

	<!-- Shiro Filter -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />
		<property name="loginUrl" value="/tologin.html" />
		<property name="successUrl" value="/view/index.html" />
		<property name="unauthorizedUrl" value="/error/noperms.jsp" />
		<property name="filterChainDefinitions">
			<value>
				/index.html = authc
				/login.html = anon
				/tologin.html = anon
				/logout.html = anon
				/** = authc
			</value>
		</property>
	</bean>

	<!-- 用户授权信息Cache -->
	<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />

	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

	<!-- AOP式方法级权限检查 -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
		depends-on="lifecycleBeanPostProcessor">
		<property name="proxyTargetClass" value="true" />
	</bean>

	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
		<property name="securityManager" ref="securityManager" />
	</bean>
</beans>

Realm类:

package cn.ssms.realm;

import java.util.HashSet;
import java.util.Set;

import javax.annotation.PostConstruct;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import cn.ssms.model.User;
import cn.ssms.service.UserService;
import cn.ssms.util.CipherUtil;
import cn.ssms.util.EncryptUtils;

public class ShiroDbRealm extends AuthorizingRealm {
	private static Logger logger = LoggerFactory.getLogger(ShiroDbRealm.class);
	private static final String ALGORITHM = "MD5";
	
	@Autowired
	private UserService userService;

	public ShiroDbRealm() {
		super();
	}
	
	/**
	 * 认证回调函数, 登录时调用.
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		System.out.println(token.getUsername());
		User user = userService.findUserByLoginName(token.getUsername());
		System.out.println(user);
		if (user != null) {
			return new SimpleAuthenticationInfo(user.getName(), user.getPassword(), getName());
		}else{
			throw new AuthenticationException();
		}
	}

	/**
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		/* 这里编写授权代码 */
		Set<String> roleNames = new HashSet<String>();
	    Set<String> permissions = new HashSet<String>();
	    roleNames.add("admin");
	    roleNames.add("zhangsan");
	    permissions.add("user.do?myjsp");
	    permissions.add("login.do?main");
	    permissions.add("login.do?logout");
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
	    info.setStringPermissions(permissions);
		return info;
	}

	/**
	 * 更新用户授权信息缓存.
	 */
	public void clearCachedAuthorizationInfo(String principal) {
		SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());
		clearCachedAuthorizationInfo(principals);
	}

	/**
	 * 清除所有用户授权信息缓存.
	 */
	public void clearAllCachedAuthorizationInfo() {
		Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
		if (cache != null) {
			for (Object key : cache.keys()) {
				cache.remove(key);
			}
		}
	}

//	@PostConstruct
//	public void initCredentialsMatcher() {//MD5加密
//		HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(ALGORITHM);
//		setCredentialsMatcher(matcher);
//	}
}

UserService实现类

@Service("userService")
public class UserServiceImpl implements UserService {

	@Autowired
	private UserMapper userMapper;

	public User getUserById(int id) {
		return userMapper.selectByPrimaryKey(id);
	}

	public User findUserByLoginName(String username) {
		System.out.println("findUserByLoginName call!");
		return userMapper.findUserByLoginName(username);
	}

}

分享到：

资源: 前台美工和Bootstrap资源收集 | spring aop 如何切面到mvc 的controller, ...

2015-11-14 14:06
浏览 8744
评论(0)
分类:企业架构
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

SpringMVC + Mybatis + Shiro 权限整合

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

SpringMVC + Mybatis + Shiro 权限整合

评论

发表评论

相关推荐

分布式存储系统GlusterFS安装配置

分布式查询 presto 入门安装使用

Spring Boot 属性配置

Spring Boot 集成MyBatis

Spring MVC防重复提交

Spring容器加载完之后执行特定任务

跟我学习dubbo

JavaMelody监控web服务器

使用spring-session和shiro来代理session的配置

JSTL 的 if else : 有 c:if 没有 else 的处理

spring mvc 请求转发和重定向

freemarker使用记录

freemarker判断是否为空

ehcache 分布式支持

Intellij IDEA插件开发入门

阿里巴巴Druid数据源的配置与使用

mvc:view-controller

spring配置事物的方式:注解和aop配置

分布式任务调度组件 Uncode-Schedule

写个mybatis的拦截插件，实现将所有执行的sql写入文件里

最近访客更多访客>>