完整项目代码:https://download.csdn.net/download/zeal9s/10744751 1.新建或者导入一个SSH项目 项目模块图如下
2.导入shiro依赖到pom.xml pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>SSH_02</groupId> <artifactId>SSH_02</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>SSH_02 Maven Webapp</name> <url>http://maven.apache.org</url> <properties> <spring.version>4.3.10.RELEASE</spring.version> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> <!--引入servlet依赖:解决jsp页面报错 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>4.0.0-b07</version> <scope>provided</scope> </dependency> <!-- 引入struts2依赖 --> <dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.33</version> </dependency> <!-- 引入Spring核心库 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> <!--引入struts2整合Spring的依赖 --> <dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-spring-plugin</artifactId> <version>2.5.12</version> </dependency> <!--引入log4j的依赖:如果没有这个包apache启动就会报错 --> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.8.2</version> </dependency> <!-- 加入hibernate核心库 --> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-core</artifactId> <version>5.2.10.Final</version> </dependency> <!-- MySQL --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.43</version> </dependency> <!-- 引入c3p0数据库连接池依赖 --> <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> <version>0.9.5.2</version> </dependency> <!--引入Spring整合Hibernate依赖 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> <version>${spring.version}</version> </dependency> <!--引入 spring 的AspectJ依赖:解析事务切点 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>${spring.version}</version> </dependency> <!--引入shiro的核心依赖 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <!--引入shiro的web依赖 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency> <!--引入shiro整合spring --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.3.2</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> </dependencies> <build> <finalName>SSH_02</finalName> </build> </project>3.新建shiro包和MyRealm类 MyRealm.java
package com.zs.shiro; import java.util.ArrayList; import java.util.List; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; public class MyRealm extends AuthorizingRealm { // 授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { //获取认证完成之后的用户名 String uname=(String) principals.getPrimaryPrincipal(); //模拟通过用户名查询的角色 List<String> roles=new ArrayList<String>(); roles.add("son"); //模拟通过角色查询角色所拥有的权限 List<String> behaves=new ArrayList<String>(); behaves.add("add"); //认证成功之后才能进行授权 SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); //将查询到的角色赋予用户 info.addRoles(roles); //将查询到的权限赋予给角色 info.addStringPermissions(behaves); //将授权信息返回给测试类TestShiro return info; } // 认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { // 创建认证的令牌 UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; // 用户名输入的名称和密码 String uname = usernamePasswordToken.getUsername(); String pwd = new String(usernamePasswordToken.getPassword()); // 数据库查询出的用户名密码 String dbpwd = "1234"; System.out.println("用户名输入的名称和密码\t" + uname + "\t" + pwd); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(uname, dbpwd, getName()); return info; } }4.新建applicationContext-shiro.xml applicationContext-shiro.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> <!--shiro的过滤器 --> <bean id="shiroFilterFactoryBean" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!--配置shiro过滤器的安全管理工厂 --> <property name="securityManager" ref="securityManager"></property> <!--配置登录的页面,此页面不需要认证 --> <property name="loginUrl" value="/login.jsp"></property> <!--认证成功之后才能进入的页面 --> <property name="successUrl" value="/success.jsp"></property> <!--过滤器继续自行的操作 --> <property name="filterChainDefinitions"> <value> <!--配置匿名用户才能访问的页面 --> /login.jsp*=anon <!--配置认证完成的用户才能访问的页面 --> /success.jsp*=authc <!--配置拥有某个角色才能进入的页面 --> /father.jsp*=roles[father] /son.jsp*=roles[son] </value> </property> <!--配置没有角色访问时跳转的页面 --> <property name="unauthorizedUrl" value="/nopremission.jsp"></property> </bean> <!--Spring产生安全管理者对象 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm"></property> </bean> <!--spring产生MyRealm对象 --> <bean id="myRealm" class="com.zs.shiro.MyRealm"></bean> </beans>5.在web.xml添加shiro在spring的过滤器 web.xml
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" > <web-app> <display-name>Archetype Created Web Application</display-name> <!--struts2和Spring整合时 运行时web容器加载applicationContext.xml --> <!--1. 启动一个WEB项目的时候,容器(如:Tomcat)会去读它的配置文件web.xml.读两个节点: <listener></listener> 和 <context-param></context-param> 2.紧接着,容器创建一个ServletContext(上下文),这个WEB项目所有部分都将共享这个上下文. 3.容器将<context-param></context-param>转化为键值对,并交给ServletContext. 4.容器创建<listener></listener>中的类实例,即创建监听. 5.在监听中会有contextInitialized(ServletContextEvent args)初始化方法,在这个方法中获得ServletContext = ServletContextEvent.getServletContext(); context-param的值 = ServletContext.getInitParameter("context-param的键"); 6.得到这个context-param的值之后,你就可以做一些操作了.注意,这个时候你的WEB项目还没有完全启动完成.这个动作会比所有的Servlet都要早. 换句话说,这个时候,你对<context-param>中的键值做的操作,将在你的WEB项目完全启动之前被执行. --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:applicationContext-*.xml</param-value> </context-param> <!--配置spring中shiro的过滤器--> <filter> <filter-name>shiroFilterFactoryBean</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <!--struts2核心的过滤器 --> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> </filter> <filter-mapping> <filter-name>shiroFilterFactoryBean</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>*.action</url-pattern> </filter-mapping> <!--web加载spring的监听器 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> </web-app>6.新建login.jsp和success.jsp、father.jsp、son.jsp、nopremission.jsp login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="testAction_login.action" method="post"> 用户名:<input type="text" name="uname"><br> 密 码:<input type="password" name="pwd"><br> <input type="submit" value="登录"> </form> </body> </html>success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib uri="http://shiro.apache.org/tags" prefix="shiro"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> 认证成功之后才能进入的页面! <p> <!--查看登录名 --> 欢迎<shiro:principal></shiro:principal>登录! <p> <!--谁拥有哪个角色,下面的页面就显示哪些 --> <shiro:hasRole name="son"> <a href="son.jsp">son拥有的页面</a> </shiro:hasRole> <shiro:hasRole name="father"> <a href="father.jsp">father拥有的页面</a> </shiro:hasRole> </body> </html>son.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> 拥有son角色才能进入的页面!!!! </body> </html>father.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> 拥有father角色才能进入的页面!!!! </body> </html>7.新建TestAction,并且在spring注入属性和在struts里面配置action TestAction
package com.ssh.action; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import com.opensymphony.xwork2.ActionSupport; /** * * @ClassName: TestAction * @Description:测试页面收集的用户名和密码认证是否通过 * @author 小思 * @date 2018年8月29日 下午2:43:48 * */ public class TestAction extends ActionSupport { private SecurityManager securityManager; // 收集login.jsp页面的用户名和密码 private String uname; private String pwd; public String getUname() { return uname; } public void setUname(String uname) { this.uname = uname; } public String getPwd() { return pwd; } public void setPwd(String pwd) { this.pwd = pwd; } public SecurityManager getSecurityManager() { return securityManager; } public void setSecurityManager(SecurityManager securityManager) { this.securityManager = securityManager; } // 登录 public String login() { // 利用帮助类将安全管理者添加到当前的安全管理环境中 SecurityUtils.setSecurityManager(securityManager); // 获取安全管理的项目 Subject subject = SecurityUtils.getSubject(); // 定义返回类型 String ret = "SUCCESS"; // 创建保存用户用户名和密码的令牌(用户名和密码是页面收集的,是用户在页面上填写的) UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(uname, pwd); // 保存认证结果 boolean authenticated = false; try { subject.login(usernamePasswordToken); authenticated = subject.isAuthenticated(); } catch (Exception e) { // 认证失败,则返回原登录页面 ret = "login"; } System.out.println("认证结果:" + authenticated); // 授权过程之后的使用 // 判断用户是否具有某个角色 boolean role = subject.hasRole("son"); System.out.println("用户具有son角色吗?" + role); // 角色是否拥有某个权限 boolean behave = subject.isPermitted("add"); System.out.println("son具有add权限吗?" + behave); // 角色是否拥有某个权限 boolean behaves = subject.isPermittedAll("update", "query"); System.out.println("son具有update、query权限吗?" + behaves); return ret; } }8.运行结果 运行login.jsp (1)使用admin,1234登录,则是跳转到success.jsp,此页面显示son该有的页面 (2)使用admin登录之后,强行访问father.jsp则会跳转到nopremission.jsp (3)不登录,直接访问其他页面则是跳转到login.jsp
备注:(1)整个项目需要在有网的情况运行,不然会报错 (2)如果要精确到权限,则在success.jsp添加shiro的自定义标签中的
说在最后的话:编写实属不易,若喜欢或者对你有帮助记得点赞+关注或者收藏哦~
