ssm整合shiro

1.创建一个maven的web工程 2.ssm整合到web工程中。 2.1pom依赖

  
    
    
      org.springframework
      spring-webmvc
      5.2.15.RELEASE
    

    
    
      org.mybatis
      mybatis
      3.5.6
    

    
    
      org.mybatis
      mybatis-spring
      2.0.6
    

    
    
      mysql
      mysql-connector-java
      8.0.28
    

    
    
      com.alibaba
      druid
      1.2.1
    

    
    
      org.projectlombok
      lombok
      1.18.24
    
    
    
      com.fasterxml.jackson.core
      jackson-databind
      2.13.2.2
    
    
    
      javax.servlet
      javax.servlet-api
      4.0.1
    

    
    
      org.springframework
      spring-jdbc
      5.2.12.RELEASE
    
    
    
      org.mybatis.generator
      mybatis-generator-core
      1.4.0
    

    
      junit
      junit
      4.13.2

    


    
    
      com.github.pagehelper
      pagehelper
      5.1.11
    
    
    
      org.apache.shiro
      shiro-spring
      1.9.0

2.2.spring配置文件



    
    
    
    
    
    
    
    
    
        
        
        
        
        
        
        
        
        
        
        
        
        
    

    
    
        
        
        
        
            
                
                
            
        
    
    
        
        
    

    
    
        
     
    
    
        
    

    
    
        
        
    

    
    
        
        
            
                /login=anon
                /**=authc
                /login.jsp=anon

2.3web.xml文件



    
    
        shiroFilter
        org.springframework.web.filter.DelegatingFilterProxy
    
    
        shiroFilter
        /*
    

    
        spring
        org.springframework.web.servlet.DispatcherServlet
        
            contextConfigLocation
            classpath:spring.xml
        
        
        1
    

    
        spring
        /

3.整合shrio 注：上面的配置文件，依赖已经加进去了 (1)引入依赖

  
    
      org.apache.shiro
      shiro-spring
      1.9.0

（2）修改spring配置文件


    
    
          
    
    
    
           
    

    
    
          
          
    

    
    
         
         
         
         

         
               
                    /login=anon
                    /**=authc

shiro中内置很多过滤器，而每个过滤都有相应的别名.

(3) 修改web.xml文件

  
    
        shiroFilter
        org.springframework.web.filter.DelegatingFilterProxy
    
    
        shiroFilter
        /*

(4) 修改controller层

@PostMapping("/login")
    public String login(String username,String password){
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token=new UsernamePasswordToken(username,password);
        try {
            subject.login(token);
            return "redirect:/success.jsp";
        }catch (Exception e){
            return "redirect:/login.jsp";
        }
    }

(5)重写real

public class MyRealm extends AuthorizingRealm {
    @Autowired
    private UserService userService;

    @Override
    //授权功能
    //当你进行权限校验就会走该方法
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //根据用户查询该用户拥有那些权限
        System.out.println(principalCollection);
        User primaryPrincipal = (User) principalCollection.getPrimaryPrincipal();
        List list = userService.findPermissionUsername(primaryPrincipal.getUserid());
        if (list!=null&&list.size()>0){
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            info.addStringPermissions(list);
            return info;
        }
        return null;
    }

    @Override
    //认证功能
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //1.根据token获取账号
        String username = (String) authenticationToken.getPrincipal();
        User user = userService.findByUsername(username);
        if (user!=null){
            ByteSource source = ByteSource.Util.bytes(user.getSalt());
            SimpleAuthenticationInfo info= new SimpleAuthenticationInfo(user,user.getUserpwd(),source,this.getName());
            return info;
        }
        return null;
    }

}

4.进入主页后，不同的用户可以看到不同的内容。

<%--
  Created by IntelliJ IDEA.
  User: 17162
  Date: 2022/8/5
  Time: 21:31
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>


    Title


欢迎来到主页
查询用户
修改用户
删除用户
添加用户
导出用户

可以在jsp中获取当前登录者的账号

上面只是在网页中根据不同用户显示不同的菜单，这种方式只能防君子不能防小人。

拦截器---获取请求路径然后根据你的路径判断当前用户是否具有该权限。

spring整合shiro时提供了一个注解：可以加载相应方法上。

@RestController
@RequestMapping("user")
public class UserController {
    @GetMapping("query")
    @RequiresPermissions(value = "user:query")
    public String query(){
        return "user:query";
    }
    @GetMapping("insert")
    @RequiresPermissions(value = "user:insert")
    public String isnert(){
        return "user:insert";
    }

    @GetMapping("delete")
    @RequiresPermissions(value = "user:delete")
    public String delete(){
        return "user:delete";
    }
    @GetMapping("select")
    @RequiresPermissions(value = "user:select")
    public String select(){
        return "user:select";
    }
    @GetMapping("export")
    @RequiresPermissions(value = "user:export")
    public String export(){
        return "user:export";
    }

}

使用全局异常处理：

ssm整合shiro

Java相关栏目本月热门文章