[個人記錄] spring+shiro 整合
阿新 • • 發佈:2018-12-17
一、新增相關依賴
1 <dependency> 2 <groupId>org.apache.shiro</groupId> 3 <artifactId>shiro-core</artifactId> 4 <version>1.2.1</version> 5 </dependency> 6 <dependency> 7 <groupId>org.apache.shiro</groupId> 8 <artifactId>shiro-web</artifactId> 9 <version>1.2.1</version> 10 </dependency> 11 <dependency> 12 <groupId>org.apache.shiro</groupId> 13 <artifactId>shiro-ehcache</artifactId> 14 <version>1.2.1</version> 15 </dependency> 16 <dependency> 17 <groupId>org.apache.shiro</groupId> 18 <artifactId>shiro-spring</artifactId> 19 <version>1.2.1</version> 20 </dependency> 21 <dependency> 22 <groupId>commons-logging</groupId> 23 <artifactId>commons-logging</artifactId> 24 <version>1.2</version> 25 </dependency>
二、編寫程式碼
1、自定義realm
1 public class CommonRealm extends AuthorizingRealm { 2 @Autowired 3 private UserLoginService userLoginService; 4 5 6 @Override 7 public String getName() { 8 return "CommonRealm"; 9 } 10 11 //授權 12 @Override 13 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { 14 String usernmae = (String) principals.getPrimaryPrincipal(); 15 16 List<String> permissions = new ArrayList<String>(); 17 if ("admin".equals(usernmae)) { 18 permissions.add("admin:ee"); 19 } 20 21 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); 22 info.addStringPermissions(permissions); 23 24 return info; 25 } 26 27 28 //身份認證 29 @Override 30 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { 31 String username = (String) token.getPrincipal(); 32 User user = userLoginService.getUser(username); 33 if (user == null) { 34 return null; 35 } 36 SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, user.getPassword(), getName()); 37 return info; 38 } 39 }
2、login controller
1 @Controller 2 public class UserAction { 3 @Autowired 4 private UserLoginService userLoginService; 5 6 @RequestMapping("/login.do") 7 public String userLogin(HttpServletRequest request, String username, String password) throws Exception { 8 // 如果登陸失敗從request中獲取異常資訊,shiroLoginFailure就是shiro異常類的全限定名 9 String exceptionClassName = (String) request.getAttribute("shiroLoginFailure"); 10 11 if (exceptionClassName != null) { 12 if (UnknownAccountException.class.getName().equals(exceptionClassName)) { 13 // 最終會拋給異常處理器 14 throw new XXXException("使用者名稱不存在"); 15 } else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) { 16 throw new XXXException("使用者名稱/密碼錯誤"); 17 } else { 18 throw new Exception();// 最終在異常處理器生成未知錯誤 19 } 20 } 21 22 // 如果登入成功的話不走此方法,shiro認證成功會自動跳轉到上一個請求路徑,配的的successUrl沒效果,後邊會說 23 // 登陸失敗走此方法,捕獲異常,然後 return ~ ,還到login頁面 24 return "login.jsp"; 25 26 } 27 }
3、檢測許可權 controller
//此方法為了驗證許可權是否生效 @RequestMapping("/findAll.do") @RequiresPermissions("admin:ee") public ModelAndView list(HttpServletRequest request){ ....... }
三、常見問題
因為有一些特別常見的問題,需要修改xml配置,所以現在先手問題,把xml配置放在後邊,直接就配置完善好的xml
問題一:登陸成功後shiro預設跳到上一次請求,沒有上一次請求預設跳到/ ,那我們就想控制調到自己定義的路徑咋辦呢?
解決方案:
步驟一:繼承FormAuthenticationFilter類,重寫onLoginSuccess方法,這裡可以自定義路徑,因為這裡自定義了成功跳轉的路徑,所以配置裡的successUrl不用配置,賠了也沒效果。。
1 public class LoginSuccessToFilter extends FormAuthenticationFilter { 2 @Override 3 protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { 4 WebUtils.getAndClearSavedRequest(request); 5 WebUtils.redirectToSavedRequest(request,response,"/findAll.do"); 6 return false; 7 } 8 }
步驟二:
在shiro的xml配置檔案中配置
1 <bean id="myfilter" class="com.xxx.realm.LoginSuccessToFilter"></bean>
在 shiroFilter配置中引入,完整xml在後邊
1 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 2 <property name="filters"> 3 <map> 4 <entry key="authc" value-ref="myfilter"></entry> 5 </map> 6 </property> 7 </bean>
問題二:在controller層加 @RequiresPermissions註解不生效
解決方案: 因為controller基本都是springmvc去掃描,所以要想讓加在controller層shiro註解生效,那就把配置shiro註解的配置放到mvc的配置檔案中,不要放在shiro的配置中
把如下配置放入 springmvc的配置檔案中。
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean>
四、Xml配置
applicationContext-shiro.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" 4 xmlns:context="http://www.springframework.org/schema/context" 5 xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jee="http://www.springframework.org/schema/jee" 6 xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:util="http://www.springframework.org/schema/util" 7 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 8 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd 9 http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd 10 http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd 11 http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> 12 13 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 14 <!-- 管理器,必須設定 --> 15 <property name="securityManager" ref="securityManager"/> 16 17 <property name="filters"> 18 <map> 19 <entry key="authc" value-ref="myfilter"></entry> 20 </map> 21 </property> 22 23 <!-- 攔截到,跳轉到的地址,通過此地址去認證 --> 24 <property name="loginUrl" value="/login.do"/> 25 <!-- 認證成功統一跳轉到/admin/index.do,建議不配置,shiro認證成功自動到上一個請求路徑 --> 26 <!--<property name="successUrl" value="/findAll.do"/>--> 27 <!-- 通過unauthorizedUrl指定沒有許可權操作時跳轉頁面 --> 28 <property name="unauthorizedUrl" value="/refuse.jsp"/> 29 <!-- 自定義filter,可用來更改預設的表單名稱配置 --> 30 <!--<property name="filters">--> 31 <!--<map>--> 32 <!--<!– 將自定義 的FormAuthenticationFilter注入shiroFilter中 –>--> 33 <!--<entry key="authc" value-ref="formAuthenticationFilter" />--> 34 <!--</map>--> 35 <!--</property>--> 36 <property name="filterChainDefinitions"> 37 <value> 38 <!-- 對靜態資源設定匿名訪問 --> 39 /image/** = anon 40 /css/** = anon 41 /js/** = anon 42 /logout.do = logout 43 /** = authc 44 </value> 45 </property> 46 </bean> 47 48 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> 49 50 51 <!-- securityManager安全管理器 --> 52 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 53 <property name="realm" ref="customRealm"/> 54 <!-- 注入快取管理器 --> 55 <!--<property name="cacheManager" ref="cacheManager" />--> 56 <!-- 注入session管理器 --> 57 <!-- <property name="sessionManager" ref="sessionManager" /> --> 58 <!-- 記住我 --> 59 <!--<property name="rememberMeManager" ref="rememberMeManager" />--> 60 </bean> 61 62 <!-- 自定義realm --> 63 <bean id="customRealm" class="com.dhl.realm.CommonRealm"></bean> 64 65 <bean id="myfilter" class="com.dhl.realm.LoginSuccessToFilter"></bean> 66 67 <!-- 憑證匹配器 --> 68 <!--<bean id="credentialsMatcher"--> 69 <!--class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">--> 70 <!--<!– 選用MD5雜湊演算法 –>--> 71 <!--<property name="hashAlgorithmName" value="md5"/>--> 72 <!--<!– 進行一次加密 –>--> 73 <!--<property name="hashIterations" value="1"/>--> 74 <!--</bean>--> 75 76 77 78 79 80 </beans>
springmvc的配置
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:aop="http://www.springframework.org/schema/aop" 5 xmlns:tx="http://www.springframework.org/schema/tx" 6 xmlns:context="http://www.springframework.org/schema/context" 7 xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jdbc="http://www.springframework.org/schema/jdbc" 8 xsi:schemaLocation="http://www.springframework.org/schema/beans 9 http://www.springframework.org/schema/beans/spring-beans.xsd 10 http://www.springframework.org/schema/aop 11 http://www.springframework.org/schema/aop/spring-aop.xsd 12 http://www.springframework.org/schema/tx 13 http://www.springframework.org/schema/tx/spring-tx.xsd 14 http://www.springframework.org/schema/context 15 http://www.springframework.org/schema/context/spring-context.xsd 16 http://www.springframework.org/schema/mvc 17 http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd"> 18 19 20 <context:component-scan base-package="com.dhl.controller"></context:component-scan> 21 <mvc:annotation-driven></mvc:annotation-driven> 22 23 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"></bean> 24 25 <!-- 開啟shiro註解的配置移動到這兒 --> 26 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> 27 <property name="proxyTargetClass" value="true" /> 28 </bean> 29 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> 30 <property name="securityManager" ref="securityManager"/> 31 </bean> 32 33 34 </beans>
以上就是一個大概的整合和遇到的兩個問題,博主也是查閱了很多的部落格得到的較優答案,整理出來,已備後續參考,遇到一樣問題的同學可以看看
侵刪致歉