pringmvc整合shiro權(quán)限控制的實(shí)例教程

springmvc整合shiro權(quán)限控制的實(shí)例教程一、什么是ShiroApacheShiro是一個(gè)強(qiáng)大易用的Java安全框架，提供了認(rèn)證、授權(quán)、加密和會(huì)話管理等功能：認(rèn)證-用戶身份識(shí)別，常被稱為用戶“登錄”；授權(quán)-訪問控制；密碼加密-保護(hù)或隱臧數(shù)據(jù)防止被偷窺；會(huì)話管理-每用戶相關(guān)的時(shí)間敏感的狀態(tài)。對(duì)于任何一個(gè)應(yīng)用程序，Shiro都可以提供全面的安全管理服務(wù)。并且相對(duì)于其他安全框架，Shiro要簡(jiǎn)單的多。二：springmvc整合shiro1,在web.xml中加入如下配置<!-配置Shir。過濾器，先讓Shiro過濾系統(tǒng)接收到的請(qǐng)求一〉<!—這里filter-name必須對(duì)應(yīng)applicationContext.xml中定義的<1）。@11id="shiroFilter"/>—><!一使用[/*]匹配所有請(qǐng)求，保證所有的可控請(qǐng)求都經(jīng)過Shiro的過濾~〉<!—通常會(huì)將此fiIter-mapping放置到最前面（即其他fiIter-mapping前面），以保證它是過濾器鏈中第一個(gè)起作用的-><!一targetFilterLifecycle值缺省為false,表示生命周期由SpringApp1icationContext管理，設(shè)置為true則表示由ServletContainer管理一>[html]viewplaincopy<!-shirostart安全過濾器一><filter><fi1ter-name>shiroFi1ter</fi1ter-name>

<fi1ter-class>org.springframework,web.filter.DelegatingFi1terProxy</filter-class><async-supported>true</async-supported><init-param><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter><fiIter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern><dispatcher>REQUEST</dispatcher></filter-mapping><!-shiroend—>2,配置app1icationContext.xml<!-Shiro主過濾器本身功能十分強(qiáng)大,其強(qiáng)大之處就在于它支持任何基于URL路徑表達(dá)式的、自定義的過濾器的執(zhí)行一><!—Web應(yīng)用中，Shiro可控制的Web請(qǐng)求必須經(jīng)過Shiro主過濾器的攔截,Shiro對(duì)基于Spring的Web應(yīng)用提供了完美的支持一>[html]viewplaincopy<!"緩存管理器"><beanid="cacheManager”class="com.www.admin,spring.SpringCacheManagerWrapperv><propertyname="cacheManager"ref=*springCacheManager*/></bean><!-憑證匹配器<beanid="credentialsMatcher”class=*com.www.admin,user,credentials.RetryLimitHashedCredentialsMatcher，z><constructor-argref=z,cacheManager/z/><propertyname=，zhashAlgorithmNamezzvalue="md5”/><propertyname="hashiterations“value="2"/><propertyname="zstoredCredentialsHexEncodedzzvalue="true"/)</bean><!--Realm實(shí)現(xiàn)--><beanid="userRealm"class="com?www?admin,user,realm.UserRealm，z><propertyname="credentialsMatcher”ref-^credentialsMatcher*/><propertyname-z，eachingEnabledz，value="true"/〉<propertyname=/，authenticationCachingEnabled*value="true"/〉<propertyname=z,authenticationCacheName*value=z，authenticationCache*/><propertyname=*authorizationCachingEnabled/zvalue="true"/><propertyname="authorizationCacheName”value="authorizationCache*/></bean><!一會(huì)話ID生成器一》<beanid="zsessionIdGeneratorz，class=*org.apache,shiro.session,mgt.eis.JavaUuidSessionIdGeneratorz，/><!—會(huì)話Cookie模板—><beanid=z*sessionIdCookie*class="org.apache,shiro.web.servlet.SimpleCookie，z><construetor-argvalue="sid"/><propertyname="httpOnly"value=/ztruezz/><propertyname="maxAge“value="T"/></bean><beanid=rememberMeCookie/zclass="org?apache,shiro.web.servlet.SimpleCookie”><constructor-argvalue=z/rememberMez//><propertyname="httpOnly"value="true"/〉<propertyname="maxAge"value=”2592000"/X!―30天一〉</bean><!-rememb6rMe管理器一><beanid="rememberMeManager”class="org.apache,shiro.web.mgt.CookieRememberMeManager*><!—rememberMecookie加密的密鑰建議每個(gè)項(xiàng)目都不一樣默認(rèn)AES算法密鑰長(zhǎng)度(128256512位)一><propertyname="cipherKey”value-，?#{T(org.apache,shiro.codec.Base64).decode('4AvVhmFLUsOKTA3Kprsdag==,)}*/><propertyname="cookie"ref=，zrememberMeCookie*/></bean><!—會(huì)話DAO—><beanid="sessionDAO”class二〃org?apache,shiro.session,mgt.eis.EnterpriseCacheSessionDAOz/><propertyname^^activeSessionsCacheName^value="zshiro-activeSessionCachezV><propertyname=*sessionIdGenerator/zref=，zsessionIdGenerator/i，/></bean><!—會(huì)話驗(yàn)證調(diào)度器一><beanid=*sessionValidationSchedulerz/class二"org.apache,shiro.session,mgt.quartz.QuartzSessionValidationScheduler/^<propertyname="sessionVaiidationInterval^value=/，1800000”/><propertyname=，zsessionManagervref=，zsessionManagerzz/></bean><!-會(huì)話管理器~〉<beanisessionManagerclass="org?apache,shiro.web.session,mgt.Defau1tWebSessionManagerzz><propertyname=zrglobalSessionTimeout*value=”1800000'/〉<propertyname="deletelnvalidSessions"value="truo"/><propertyname=z，sessionValidationSchedulerEnab1ed"value="true"/〉<propertyname="sessionValidationSchedulerz，ref-^sessionValidationSchedulerzr/><propertynamez=，/session!)A0，zref=，zsessionDA()z//><propertyname-z，sessionIdCookieEnabled，zvalue二〃true”/><propertyname="sessionldCookie"ref=*sessionIdCookie*/></bean><!~安全管理器--〉<beanid=*securityManagerclass=z/org.apache,shiro.web.mgt.Defau11WebSecurityManagerz，><propertyname="realm〃ref=zzuserRealm，V><propertyname="sessionManager"ref="sessionManager'/)<propertyname-z，cacheManagerz，ref-z/cacheManagerz，/><propertyname=，zrememberMeManagerz，ref=，zrememberMeManagerzV></bean><!一相當(dāng)于調(diào)用SecuritylitiIs.setSecurityManager(securityManager)<beanclass二〃org,springframework.beans,factory,config.MethodInvokingFactoryBean，z><propertyname二"staticMethod”value二〃org?apache,shiro.SecurityUtils.setSecurityManager”/〉<propertyname="arguments"ref="securityManager'/></bean><!—基于Form表單的身份驗(yàn)證過濾器 一><beanid=*loginFormAuthenticationFilter//class="com.www.admin,filter,shiro.LoginFormAuthenticationFi1ter*/><beanid=*logoutFilter，zclass二〃org?apache,shiro.web.filter,authc.LogoutFi<propertyname="redirectUrl"value=*/admin/login.do*/></bean><beanid="sysUserFilter”class="com.www.admin,fiIter,shiro.SysUserFilter*/><!―Shiro的Web過濾器一><beanid="shiroFilter”class二"org?apache,shiro.spring,web.ShiroFilterFactoryBeanz，><propertyname=*securityManager，zref="securityManager'7><propertyname="loginUrl"value="/admin/login.do"/><propertyname="successUrl“value='Vadmin/index.doz//><propertyname="filters”〉<util:map><entrykey二〃authc〃value-ref=/zloginFormAuthenticationFiIter*/><entrykey二〃sysUser"value-ref="sysUserFilter”/><entrykey="logout"value-ref=<，logoutFilter*/></util:map></property><propertyname=/zfiIterChainDefinitions/z><value>/**/*.js=anon/**/*.img=anon/**/*.css=anon/**/*.png=anon/**/*.gif=anon

/**/*.jpg=/static/**=anon/admin/logout.do=logout/admin/login.do=authc/authenticated=authc/**=authc,user,sysUser</value></property></bean><!-Shiro生命周期處理器一><beanid="lifecycleBeanPostProcessor*/class=〃org?apache,shiro.spring.LifecycleBeanPostProcessorz//>securityManager：這個(gè)屬性是必須的。loginUrl：沒有登錄的用戶請(qǐng)求需要登錄的頁(yè)面時(shí)自動(dòng)跳轉(zhuǎn)到登錄頁(yè)面，不是必須的屬性，不輸入地址的話會(huì)自動(dòng)尋找項(xiàng)目web項(xiàng)目的根目錄下的"/login,jsp”頁(yè)面。successUrl：登錄成功默認(rèn)跳轉(zhuǎn)頁(yè)面，不配置則跳轉(zhuǎn)至"/"。如果登陸前點(diǎn)擊的一個(gè)需要登錄的頁(yè)面，則在登錄自動(dòng)跳轉(zhuǎn)到那個(gè)需要登錄的頁(yè)面。不跳轉(zhuǎn)到此。unauthorizedllrl：沒有權(quán)限默認(rèn)跳轉(zhuǎn)的頁(yè)面。3,自定義的Realm類[java]viewplaincopyimportjava.util.IlashSet;importjava.util.Set;

importjavax.annotation.Resource;importorg.apache,shiro.authc.AuthenticationException;importorg.apache,shiro.authc.Authenticationinfo;importorg.apache,shiro.authc.AuthenticationToken;importorg.apache,shiro.authc.LockedAccountException;importorg.apache,shiro.authc.SimpleAuthenticationlnfo;importorg.apache,shiro.authc.LnknownAccountException;importorg.apache,shiro.authz.AuthorizationInfo;importorg.apache,shiro.authz.SimpleAuthorizationinfo;importorg.apache,shiro.realm.AuthorizingRealm;importorg.apache,shiro.subject.Principalcollection;importorg.apache,shiro.util.ByteSource;publicclassUserRealmextendsAuthorizingRealm(?ResourceprivateUserServiceuserService;〃這是授權(quán)方法?OverrideprotectedAuthorizationinfodoGetAuthorizationInfo(PrincipalCollectionprincipals){Stringusername=(Sti,ing)principals.getPrimaryPrincipal();Simp1eAuthorizationInfoauthorizationInfo=newSimpleAuthorizationlnfo();Set<String>permissionsSet=nul1;Set<String>permissionsSetStr=newHashSet<String>();try{authorizationinfo.setRoles(userService.findRo1es(username))：permissionsSet=userService.findPermissions(username);for(StringperStr:permissionsSet){if(perStr.indexOf("*')<0){permissionsSetStr.add(perStr);))authorizationInfo.setStringPermissions(permissionsSetStr)}catch(Exceptione){e.printStackTrace();}returnauthorizationInfo;}〃這是認(rèn)證方法?OverrideprotectedAuthenticationInfodoGetAuthenticationinfo(AuthenticationTokentoken)throwsAuthenticationException{Stringusername=(String)token.getPrincipal();UserVouserVo=null;SimpleAuthenticationInfoauthenticationinfo=nul1;try(userVo=userService.findByUsername(username);if(userVo==null){thrownewUnknownAccountException();〃沒找到帳號(hào))if(userVo.getLocked()==0){thrownewLockedAccountException();〃帳號(hào)鎖定)〃交給AuthenticatingRealm使用CredentialsMatcher進(jìn)行密碼匹配authenticationinfo=newSimpleAuthenticationlnfo(userVo.getUsername(),〃用戶名userVo.getPassword(),〃密碼ByteSource.Util,bytes(userVo.getCredentialsSaIt()),//salt=username+saltgetName0 //realmname)；}catch(Exceptione){e.printStackTraceO;returnauthenticationinfo;?OverridepublicvoidclearCachedAuthorizationlnfo(PrincipalCollectionprincipals){super.clearCachedAuthorizationInfo(principals);}?OverridepublicvoidclearCachedAuthenticationlnfo(PrineipaICollectionprincipals){super.clearCachedAuthenticationlnfo(principals);?OverridepublicvoidclearCache(Principalcollectionprincipals){super.clearCache(principals);)publicvoidclearAHCachedAuthorizationinfo(){getAuthorizationCache().clear();publicvoidclearAlICachedAuthenticationInfo(){getAuthenticationCache().clear();JpublicvoidclearAllCache(){clearAlICachedAuthenticationlnfoO;c1earAHCachedAuthorizationlnfoO;}}controller層實(shí)例?RequiresPermissions例如：?RequiresPermissions({z，file:read/z,^writeiaFile.txt"})voidsomeMethodO;要求subject中必須同時(shí)含有file:read和writeraFile.txt的權(quán)限才能執(zhí)行方法someMethodO。否則拋出異常AuthorizationExceptiono[java]viewplaincopy?RequiresPermissions("sys:user:add")〃此處就是控制權(quán)限的注解?RequestMapping(value="/add”,method=RequestMethod.POST)publicModelAndViewaddUser(){ModelAndViewmav=newModelAn