码迷,mamicode.com
首页 > 其他好文 > 详细

shiro框架的学习

时间:2015-04-18 14:32:06      阅读:107      评论:0      收藏:0      [点我收藏+]

标签:

1shiro框架是什么:是一个权限控制的框架
2shiro框架有什么作用:权限管理,管理那些资源是否需要登录才能访问、控制某些资源需要那些权限才能访问
3shiro框架怎样使用:

          1在web.xml配置shiro的Filter,拦截指定的URL(注意只有被shiroFilter拦截到的URL才能被shiro管理)

  <!-- Shiro filter-->   
    <filter>   
        <filter-name>shiroFilter</filter-name>   
        <filter-class>   
            org.springframework.web.filter.DelegatingFilterProxy   
        </filter-class>   
            <init-param>
      <param-name>targetFilterLifecycle</param-name>
      <param-value>true</param-value>
    </init-param>
    </filter>   
    <filter-mapping>   
        <filter-name>shiroFilter</filter-name>   
        <url-pattern>/*</url-pattern>   
    </filter-mapping> 

       2在shiro的配置文件里配置shiroFilter:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:task="http://www.springframework.org/schema/task"
    default-lazy-init="true"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
        http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
        http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache-3.2.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
    <!-- shiro配置begin -->
    <!-- Shiro Filter -->
    <bean id="shiroFilter"
        class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/admin/login.jsp" />
        <property name="successUrl" value="/index.jsp" />
        <property name="unauthorizedUrl" value="/error.jsp" />
        <property name="filterChainDefinitions">
            <value>
            /admin/login.jsp = authc
            /admin/* = authc
            /validateCode = anon
            /* =anon
            </value>
        </property>
    </bean>
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="shiroDbRealm" />
    </bean>
    <!-- 項目自定义的Realm -->
    <bean id="shiroDbRealm" class="com.framework.authority.realm.MyRealm" >
        <property name="authorizationCacheName" value="authorization" />
    </bean>


    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" />
        <property name="arguments" ref="securityManager" />
    </bean>

    
</beans>

  3自定义Realm:
  

package com.framework.authority.realm;

import javax.security.auth.Subject;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class MyRealm extends AuthorizingRealm  {
    public MyRealm() {
        super();    //To change body of overridden methods use File | Settings | File Templates.
    }
    //验证用户的准确性--验证登录
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
       //获取登录信息    
        System.out.println("-------------------验证用户的准确性-----------------------");
        UsernamePasswordToken userToken = (UsernamePasswordToken) authcToken;
        String userName=String.valueOf(userToken.getUsername());
        String password=String.copyValueOf(userToken.getPassword());
        System.out.println("用户名:---->"+userName);
        System.out.println("密码:-------------->"+password);
        userToken.setRememberMe(true);
        if(userName.equals("jeremy")&&password.equals("123")){
            //这个是什么来的???--验证登录信息对象
            SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(userName,password,getName());
            System.out.println("getName:-------------->"+getName());
            return info;
        }
        return null;
    }
    //为用户添加角色和权限---验证权限,
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("----------------验证用户的角色与权限--------------------");
        String userName=principals.asList().get(0).toString();
        if(userName.equals("jeremy")){
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        info.addRole("youke");
        return info;
        }
        return null;
        
    }

}

4登录测试(登录提交的页面不用交给任何控制器处理,让shiroFilter来调用Realm来处理)

<%@ page language="java" contentType="text/html; charset=utf-8"
    pageEncoding="utf-8"%>
 <%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
    <form action="login.jsp"  method="POST">
    userName:<input id="username" name="username"><br>
    password:<input id="password" name="password"><br>
    <input type="submit" id="submit" value="submit">
    </form>
</body>
</html>

shiro框架的运行流程:
request(url)---->shiroFilter是否是shiroURL--是-->FormAuthenticationFilter判断是当前URL的权限----没有权限-->longinURL--登录-->FormAuthenticationFilter(调用executeLogin()方法)---ModularRealmAuthenticator.doAuthenticate()---调用自定义的Realm---->doAuthenticationInfo()---->doAuthorizationInfo()--->????
以上流程纯属个人猜测---》》

shiro框架的学习

标签:

原文地址:http://www.cnblogs.com/jeremy-blog/p/4437283.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!