erp12---shiro框架使用
阿新 • • 發佈:2017-06-11
.org print tid 令牌 rim 整合 one 初始化 session管理
2、認證:anon--不認證也可以訪問authc--必須認證才可以訪問authcBasic,user
授權:perms--指定資源需要哪些權限才可以訪問roles,sll,rest,portauthentication --認證authorization --授權 authentication 認證authorization 授權
//1、獲取令牌 Md5Hash md5 = new Md5Hash(pwd, username, 2); UsernamePasswordToken token = new UsernamePasswordToken(username,md5.toString());
//2、獲取主題 Subject subject = SecurityUtils.getSubject(); //3、開始認證 try { subject.login(token); write(ajaxReturn(true, "登陸成功")); } catch (AuthenticationException e) { write(ajaxReturn(false, "登錄失敗,請重新登錄")); e.printStackTrace(); }
private IEmpBiz empBiz; public void setEmpBiz(IEmpBiz empBiz) { this.empBiz = empBiz; } /** * 認證 */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken)arg0; String username = token.getUsername(); String pwd=new String(token.getPassword()); Emp emp = empBiz.findEmpByUsernameAndPwd(username, pwd); if (emp!=null) { //參數一: 主角 參數二:密碼 參數三:realName SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(emp, pwd,getName());//已經放到了session中 return info; } return null;//如果這裏return 的是null,loginAction中的checkUser裏就會拋異常 }
銷毀session數據:
Subject subject = SecurityUtils.getSubject(); subject.logout();
1、<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" depends-on="myPermsFilter"><!-- 加了depends-on="myPermsFilter" -->
2、<property name="filters"> <map> <entry key="perms" value-ref="myPermsFilter"></entry> </map></property>
3、<bean id="myPermsFilter" class="cn.itcast.erp.filter.MyPermsFilter"> </bean>
null
一、知識點:
1、認證:用戶身份識別,常被稱為用戶登錄,判斷用戶是否登錄,如果未登錄則攔截其請求;授權:訪問控制,當用戶登錄之後,判斷其身份是否有權限訪問相應的資源,如果沒有權限則攔截2、認證:anon--不認證也可以訪問authc--必須認證才可以訪問authcBasic,user
授權:perms--指定資源需要哪些權限才可以訪問roles,sll,rest,portauthentication --認證authorization --授權 authentication 認證authorization 授權
二、erp整合shiro
1、pom.xml依賴
<!-- shiro -->
<!-- apache shiro dependencies -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>
shiro-spring</artifactId><version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-aspectj</artifactId>
<version>${shiro.version}</version>
</dependency>
2、web.xml配置shiro過濾器
配置在struts過濾器前面或者urlpattern直接:<url-pattern>/*</url-pattern>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>*.action</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*</url-pattern>
</filter-mapping>
3、添加spring配置文件
applicationContext_shiro.xml其中bean對象的id要和web.xml裏面的過濾器的名字要一樣(shiroFilter)<!-- shiro框架的中央樞紐 -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- shiro框架的中央樞紐 -->
<property name="securityManager" ref="securityManager" />
<!-- 如果訪問頁面或請求是沒有當前登錄人,會跳轉到login.html中 -->
<property name="loginUrl" value="/login.html" />
<!-- 如果當前登錄人訪問的頁面或請求沒有權限時,跳轉到error.html -->
<property name="unauthorizedUrl" value="/error.html" />
<property name="filterChainDefinitions">
<value>
/error.html = anon
/*.html = authc
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
</bean>
</beans>
三、認證:
1、用shiro框架改造登錄方法:
//1、獲取令牌 Md5Hash md5 = new Md5Hash(pwd, username, 2); UsernamePasswordToken token = new UsernamePasswordToken(username,md5.toString());
//2、獲取主題 Subject subject = SecurityUtils.getSubject(); //3、開始認證 try { subject.login(token); write(ajaxReturn(true, "登陸成功")); } catch (AuthenticationException e) { write(ajaxReturn(false, "登錄失敗,請重新登錄")); e.printStackTrace(); }
2、創建一個AuthorizingRealm的子類
private IEmpBiz empBiz; public void setEmpBiz(IEmpBiz empBiz) { this.empBiz = empBiz; } /** * 認證 */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken)arg0; String username = token.getUsername(); String pwd=new String(token.getPassword()); Emp emp = empBiz.findEmpByUsernameAndPwd(username, pwd); if (emp!=null) { //參數一: 主角 參數二:密碼 參數三:realName SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(emp, pwd,getName());//已經放到了session中 return info; } return null;//如果這裏return 的是null,loginAction中的checkUser裏就會拋異常 }
3、配置ApplicationContext_shiro.xml添加如下代碼
將數據源和登錄代碼連接在一起
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="erpRealm" ></property>
</bean>
<bean id="erpRealm" class="cn.itcast.erp.realm.ErpRealm" >
<property name="empBiz" ref="empBiz" ></property>
</bean>
4、shiro的session管理
取數據: Subject subject = SecurityUtils.getSubject(); Emp emp = (Emp) subject.getPrincipal();銷毀session數據:
Subject subject = SecurityUtils.getSubject(); subject.logout();
四、授權
1、完整的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- 當實例化一個bean是,spring保證該Bean所依賴的其他bean已經初始化 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" depends-on="myPermsFilter">
<!-- shiro框架的中央樞紐 -->
<property name="securityManager" ref="securityManager" />
<!-- 如果訪問頁面或請求是沒有當前登錄人,會跳轉到login.html中 -->
<property name="loginUrl" value="/login.html" />
<!-- 如果當前登錄人訪問的頁面或請求沒有權限時,跳轉到error.html -->
<property name="unauthorizedUrl" value="/error.html" />
<property name="filters">
<map>
<entry key="perms" value-ref="myPermsFilter"></entry>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/error.html = anon
/login_*.action=anon
/emp_updatePwd.action= perms[]
/pwd.html=perms["重置密碼"]
/emp_updatePwd_reset.action=perms["重置密碼"]
/orders.html= perms["采購申請","采購訂單查詢","采購審核","采購確認","采購入庫","銷售訂單錄入","銷售訂單查詢","銷售訂單出庫"]
/orders_add.action= perms["采購申請","銷售訂單錄入"]
/goods_list.action= perms["采購申請","銷售訂單錄入","庫存查詢","庫存變動記錄"]
/supplier_list.action= perms["采購申請","銷售訂單錄入"]
/orders_listByPage.action= perms["采購申請","采購訂單查詢","采購審核","采購確認","采購入庫","銷售訂單錄入","銷售訂單查詢","銷售訂單出庫"]
/orders_doCheck.action=perms["采購審核"]
/orders_doStart.action=perms["采購確認"]
/store_mylist.action= perms["采購入庫","銷售訂單出庫"]
/orderdetail_doInstore.action=perms["采購入庫"]
/orderdetail_doOutstore.action=perms["銷售訂單出庫"]
/storedetail.html= perms["庫存查詢"]
/store_*.action= perms["倉庫"]
/goods_get.action= perms["庫存查詢","庫存變動記錄"]
/store_list.action= perms["庫存查詢","庫存變動記錄"]
/store_get.action= perms["庫存查詢","庫存變動記錄"]
/storedetail_listByPage.action= perms["庫存查詢"]
/storeoper_listByPage.action= perms["庫存查詢"]
/storeoper.html= perms["庫存變動記錄"]
/storeoper_listByPage.action= perms["庫存變動記錄"]
/emp_list.action= perms["庫存變動記錄"]
/emp_get.action= perms["庫存變動記錄"]
/store.html= perms["倉庫"]
/orderReport.html= perms["銷售統計表"]
/report_orderReport*.action= perms["銷售統計表"]
/orderTrend.html= perms["銷售趨勢分析"]
/report_orderTrend*.action= perms["銷售趨勢分析"]
/roleMenuSet.html=perms["角色權限設置"]
/role_list.action=perms["角色權限設置"]
/role_readRoleMenus.action=perms["角色權限設置"]
/role_updateRoleMenus.action=perms["角色權限設置"]
/empRoleSet.html=perms["用戶角色設置"]
/emp_list.action=perms["用戶角色設置"]
/emp_readEmpRoles.action=perms["用戶角色設置"]
/emp_updateEmpRoles.action=perms["用戶角色設置"]
/role.html= perms["角色設置"]
/role_*.action= perms["角色設置"]
/goodstype.html= perms["商品類型"]
/goodstype_*.action= perms["商品類型"]
/goods.html= perms["商品"]
/goods_*.action= perms["商品"]
/supplier.html = perms["供應商","客戶"]
/supplier_*.action = perms["供應商","客戶"]
/emp.html= perms["員工"]
/emp_*.action= perms["員工"]
/dep_list.action=perms["員工"]
/dep.html= perms["部門"]
/dep_*.action= perms["部門"]
</value>
</property>
</bean>
<!-- shiro框架的中央樞紐 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="erpRealm"></property>
</bean>
<bean id="erpRealm" class="cn.itcast.erp.realm.ErpRealm">
<property name="empBiz" ref="empBiz"></property>
<property name="menuBiz" ref="menuBiz"></property>
</bean>
<bean id="myPermsFilter" class="cn.itcast.erp.filter.MyPermsFilter">
</bean>
</beans>
2、授權代碼:
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Emp emp = (Emp) principals.getPrimaryPrincipal();
List<Menu> list = menuBiz.getMenuListByEmpuuid(emp.getUuid());
for (Menu menu : list) {
info.addStringPermission("部門");
}
return info;
}
3、自定義過濾器
package cn.itcast.myerp.filter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
public class myPermsFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
throws Exception {
Subject subject = getSubject(request, response);
String [] perms=(String[]) mappedValue;
if (perms!=null&&perms.length>0) {
for(int i=0;i<perms.length;i++){
if (subject.isPermitted(perms[i])) {
return true;
}
}
return false;
}else {
return false;
}
}
}
4、增加配置文件的配置
1、<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" depends-on="myPermsFilter"><!-- 加了depends-on="myPermsFilter" -->
2、<property name="filters"> <map> <entry key="perms" value-ref="myPermsFilter"></entry> </map></property>
3、<bean id="myPermsFilter" class="cn.itcast.erp.filter.MyPermsFilter"> </bean>
null
erp12---shiro框架使用