2. Java
  3. Shiro的认证整合SSH

Shiro的认证整合SSH

xiaoxiao2025-08-04  28

完整项目代码:https://download.csdn.net/download/zeal9s/10744751

1.新建或者导入一个SSH项目 项目模块图如下 2.导入shiro依赖到pom.xml pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>SSH_02</groupId> <artifactId>SSH_02</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>SSH_02 Maven Webapp</name> <url>http://maven.apache.org</url> <properties> <spring.version>4.3.10.RELEASE</spring.version> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> <!--引入servlet依赖:解决jsp页面报错 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>4.0.0-b07</version> <scope>provided</scope> </dependency> <!-- 引入struts2依赖 --> <dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.33</version> </dependency> <!-- 引入Spring核心库 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> <!--引入struts2整合Spring的依赖 --> <dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-spring-plugin</artifactId> <version>2.5.12</version> </dependency> <!--引入log4j的依赖:如果没有这个包apache启动就会报错 --> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.8.2</version> </dependency> <!-- 加入hibernate核心库 --> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-core</artifactId> <version>5.2.10.Final</version> </dependency> <!-- MySQL --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.43</version> </dependency> <!-- 引入c3p0数据库连接池依赖 --> <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> <version>0.9.5.2</version> </dependency> <!--引入Spring整合Hibernate依赖 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> <version>${spring.version}</version> </dependency> <!--引入 spring 的AspectJ依赖:解析事务切点 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>${spring.version}</version> </dependency> <!--引入shiro的核心依赖 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <!--引入shiro的web依赖 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency> <!--引入shiro整合spring --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.3.2</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> </dependencies> <build> <finalName>SSH_02</finalName> </build> </project>

3.新建shiro包和MyRealm类 MyRealm.java

package com.zs.shiro; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; public class MyRealm extends AuthorizingRealm { // 授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub return null; } // 认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // 创建认证的令牌 UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; // 用户名输入的名称和密码 String uname = usernamePasswordToken.getUsername(); String pwd = new String(usernamePasswordToken.getPassword()); // 数据库查询出的用户名密码 String dbpwd = "1234"; System.out.println("用户名输入的名称和密码\t" + uname + "\t" + pwd); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(uname, dbpwd, getName()); return info; } }

4.新建applicationContext-shiro.xml

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> <!--shiro的过滤器 --> <bean id="shiroFilterFactoryBean" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!--配置shiro过滤器的安全管理工厂 --> <property name="securityManager" ref="securityManager"></property> <!--配置登录的页面,此页面不需要认证 --> <property name="loginUrl" value="/login.jsp"></property> <!--认证成功之后才能进入的页面 --> <property name="successUrl" value="/success.jsp"></property> <!--过滤器继续自行的操作 --> <property name="filterChainDefinitions"> <value> <!--配置匿名用户才能访问的页面 --> /login.jsp=anon <!--配置认证完成的用户才能访问的页面 --> /success.jsp=authc </value> </property> </bean> <!--Spring产生安全管理者对象 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm"></property> </bean> <!--spring产生MyRealm对象 --> <bean id="myRealm" class="com.zs.shiro.MyRealm"></bean> </beans>

5.在web.xml添加shiro在spring的过滤器

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" > <web-app> <display-name>Archetype Created Web Application</display-name> <!--struts2和Spring整合时 运行时web容器加载applicationContext.xml --> <!--1. 启动一个WEB项目的时候,容器(如:Tomcat)会去读它的配置文件web.xml.读两个节点: <listener></listener> 和 <context-param></context-param> 2.紧接着,容器创建一个ServletContext(上下文),这个WEB项目所有部分都将共享这个上下文. 3.容器将<context-param></context-param>转化为键值对,并交给ServletContext. 4.容器创建<listener></listener>中的类实例,即创建监听. 5.在监听中会有contextInitialized(ServletContextEvent args)初始化方法,在这个方法中获得ServletContext = ServletContextEvent.getServletContext(); context-param的值 = ServletContext.getInitParameter("context-param的键"); 6.得到这个context-param的值之后,你就可以做一些操作了.注意,这个时候你的WEB项目还没有完全启动完成.这个动作会比所有的Servlet都要早. 换句话说,这个时候,你对<context-param>中的键值做的操作,将在你的WEB项目完全启动之前被执行. --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:applicationContext-*.xml</param-value> </context-param> <!--配置spring中shiro的过滤器--> <filter> <filter-name>shiroFilterFactoryBean</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <!--struts2核心的过滤器 --> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> </filter> <filter-mapping> <filter-name>shiroFilterFactoryBean</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>*.action</url-pattern> </filter-mapping> <!--web加载spring的监听器 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> </web-app>

6.新建login.jsp和success.jsp login.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="testAction_login.action" method="post"> 用户名:<input type="text" name="uname"><br> 密 码:<input type="password" name="pwd"><br> <input type="submit" value="登录"> </form> </body> </html>

success.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> 认证成功之后才能进入的页面! </body> </html>

7.新建TestAction,并且在spring注入属性和在struts里面配置action TestAction.java

package com.ssh.action; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import com.opensymphony.xwork2.ActionSupport; /** * * @ClassName: TestAction * @Description:测试页面收集的用户名和密码认证是否通过 * @author 小思 * @date 2018年8月29日 下午2:43:48 * */ public class TestAction extends ActionSupport { private SecurityManager securityManager; // 收集login.jsp页面的用户名和密码 private String uname; private String pwd; public String getUname() { return uname; } public void setUname(String uname) { this.uname = uname; } public String getPwd() { return pwd; } public void setPwd(String pwd) { this.pwd = pwd; } public SecurityManager getSecurityManager() { return securityManager; } public void setSecurityManager(SecurityManager securityManager) { this.securityManager = securityManager; } //登录 public String login() { //利用帮助类将安全管理者添加到当前的安全管理环境中 SecurityUtils.setSecurityManager(securityManager); //获取安全管理的项目 Subject subject = SecurityUtils.getSubject(); //定义返回类型 String ret="SUCCESS"; //创建保存用户用户名和密码的令牌(用户名和密码是页面收集的,是用户在页面上填写的) UsernamePasswordToken usernamePasswordToken=new UsernamePasswordToken(uname,pwd); //保存认证结果 boolean authenticated=false; try { subject.login(usernamePasswordToken); authenticated=subject.isAuthenticated(); } catch (Exception e) { //认证失败,则返回原登录页面 ret="login"; } System.out.println("认证结果:"+authenticated); return ret; } }

8.运行login.jsp在服务器 (1)认证成功:输入admin 和 1234之后认证成功,页面调转到success.jsp,服务器和浏览器不关闭,此用户就能访问success.jsp (2)认证失败:输入admin 和 123456之后认证失败,页面调转到login.jsp,没有认证成功,该用户就不能访问success.jsp页面

说在最后的话:编写实属不易,若喜欢或者对你有帮助记得点赞+关注或者收藏哦~

转载请注明原文地址: https://www.6miu.com/read-5034240.html

Java

最新回复(0)