这里我给出配置shiro的所以步骤
如果用的是Maven,关于所有shiro需要的jar包的pom.xml就是
????????
4.3.8.Final
4.1.4.RELEASE
UTF-8
1.2.3 ??
????org.apache.shiro
????shiro-ehcache
????1.3.2
org.apache.shiro
shiro-core
${shiro.version}
org.apache.shiro
shiro-web
${shiro.version}
org.apache.shiro
shiro-spring
${shiro.version}
加载完Maven install后正式开始配置项目
在项目的web.xml下增加以下内容,Shiro的过滤器配置(如果没有这个,Shiro是不会处理请求的)
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
targetFilterLifecycle
true
shiroFilter
/*
创建spring-shiro.xml,内容为
spring-shiro.xml
shiro的安全配置
/Slogin.action = anon
/userlogout!logout.action = logout
/O_*=user
/A_* = authc,roles[admin]
我自己的项目(com.usersAc.realm)的包下创建自定义的Realm—MyRealm.java,最后路径一定要和
是一致的,不然找不到你的Realm
MyRealm.java
package com.usersAc.realm;
import java.security.MessageDigest;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.codec.Hex;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import com.usersAc.entity.SirenesUser;
import com.usersAc.service.UserService;
/*AuthorizingRealm*/
/*FormAuthenticationFilter*/
/*ModularRealmAuthenticator
*
* // 判断getRealms()是否返回为空
* assertRealmsConfigured();
* */
public class MyRealm extends AuthorizingRealm{
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {//权限验证方法
// TODO Auto-generated method stub
System.out.println("进入权限验证");
String username=arg0.getPrimaryPrincipal().toString();
Set roles=userService.findRoleByName(username);
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(roles);
System.out.println("验证中");
/*
* 此处从Service获取数据库关于此用户的角色
*/
//info.setRoles(roles);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {//身份验证方法
// TODO Auto-generated method stub
System.out.println("进入登录认证");
UsernamePasswordToken token=(UsernamePasswordToken) arg0;
String username=token.getUsername();
String password=new String(token.getPassword());
SirenesUser user=userService.findUserByName(username);/*从数据库以用户名为参数取出User对象*/
?????????????if(password!=null&&!"".equals(password)){
if(password.equals(user.getPassword())){ /*user.getPassword()获取这个用户的密码*/
???? System.out.println("验证成功");
AuthenticationInfo authInfo=new SimpleAuthenticationInfo(user.getUserName(),password,"user");
return authInfo;
}
}
/*需要加个盐值加密的话,改为*//*if(user!=null){String salt=user.getPSalt();salt=md5Hex(salt+user.getUserId());String hexpassword=md5Hex(password+salt);System.out.println(“加密后密码:”+hexpassword);if(password!=null&&!“”.equals(password)){if(hexpassword.equals(user.getPassword())){System.out.println(“验证成功”);AuthenticationInfo authInfo=new SimpleAuthenticationInfo(user.getUserName(),password,ByteSource.Util.bytes(salt),“user”);return authInfo;}}}*///throw new ShiroException(“用户名和密码不存在”);//return null;throw new UnknownAccountException();}public static String md5Hex(String src) { try { MessageDigest md5 = MessageDigest.getInstance(“MD5”); byte[] bs = md5.digest(src.getBytes()); return new String(new Hex().encode(bs)); } catch (Exception e) { return null; } } }
如果我们要使用Realm,则在Action定义一个方法
@Action(value="Slogin",results={
@Result(name=SUCCESS,location="Jump",type="chain"),
@Result(name=ERROR,location="userrelog",type="chain")
})
public String loginByShiro(){ /*这里我用了注解的方式去配置struts,Action名为Slogin*/
ActionContext actionContext=ActionContext.getContext();
System.out.println("使用shiro");
String usern = map.get("username"); /*这里是从前台发过来的请求中获取Username和Password,可以自定义*/
String passd = map.get("password");
Subject subject=SecurityUtils.getSubject(); /*创建subject*/
UsernamePasswordToken token=new UsernamePasswordToken(usern,passd);/*创建一个token*/
try{
//token.setRememberMe(true);
subject.login(token); /*subject调用login后会到MyRealm验证*/
this.loginMessage(actionContext, usern);
return SUCCESS;
}catch(UnknownAccountException e){
System.out.println("用户名或密码错误");
addActionMessage("用户名或密码错误");
return ERROR;
}
/*String exceptionClassName = (String) request.get("shiroLoginFailure");
//根据Shiro返回的异常类信息判断,抛出并处理这个异常信息
if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
error = "用户不存在,请核对用户名";//如果UnknownAccountException抛出这个异常,表示账号不存在
} else if (IncorrectCredentialsException.class.getName().equals(
exceptionClassName)) {
error = "用户名/密码错误";
} else if (exceptionClassName != null) {
error = "其他错误:" + exceptionClassName;
} */
}
好了,现在基本配置完成,可以测试登录了
这个只是基本配置,如果要使用EhCache缓存还可以用
spring-shiro.xml
shiro-ehcache.xml