Shiro的原理及Web搭建
<h1 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;"><span style="color: black;">Shiro(Java安全框架)</span></strong></h1>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">以下都是综合之前的人加上自己的<span style="color: black;">有些</span>小总结~</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、<span style="color: black;">秘码</span>学和会话管理。<span style="color: black;">运用</span>Shiro的易于理解的API,您<span style="color: black;">能够</span>快速、<span style="color: black;">容易</span>地<span style="color: black;">得到</span>任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Shiro <span style="color: black;">重点</span>分为来个部分<span style="color: black;">便是</span>认证和授权,在个人感觉来看<span style="color: black;">便是</span><span style="color: black;">查找</span>数据库做相应的判断<span style="color: black;">罢了</span>,Shiro只是一个框架<span style="color: black;">罢了</span>,其中的内容需要自己的去构建,前后是自己的,中间是Shiro帮<span style="color: black;">咱们</span>去搭建和配置好的</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">个人认为需要看一下其中的<span style="color: black;">有些</span>源码,更有<span style="color: black;">帮忙</span>的深入的去<span style="color: black;">认识</span>Shiro的原理。</p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">Shiro的<span style="color: black;">重点</span>框架图如下:</strong></span></h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/QCu849YTaIPpQEdKn8NCCqMGOY3jfpPbkkWe4g2OSAMFNX7jobYGTHHiaZd9b3RRArWT0RwCAtVpiaqBq9CZCPkw/640?tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">办法</span>类的走向:</strong></span></h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/QCu849YTaIPpQEdKn8NCCqMGOY3jfpPbicNicYb3wavIo9k5K9vIFruia0IRC0lqiaYrIoLMHIso9PzLNanl0XEzcA/640?tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;">对<span style="color: black;">有些</span>其中的<span style="color: black;">办法</span>的简单说明:</h3>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">Subject</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Subject即主体,<span style="color: black;">外边</span>应用与subject进行交互,subject记录了当前操<span style="color: black;">功效</span>户,将用户的概念理解为当前操作的主体,可能是一个<span style="color: black;">经过</span>浏览器请求的用户,<span style="color: black;">亦</span>可能是一个运行的程序。 Subject在shiro中是一个接口,接口中定义了<span style="color: black;">非常多</span>认证授<span style="color: black;">关联</span>的<span style="color: black;">办法</span>,<span style="color: black;">外边</span>程序<span style="color: black;">经过</span>subject进行认证授,而subject是<span style="color: black;">经过</span>SecurityManager安全管理器进行认证授权</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">SecurityManager</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">SecurityManager即安全管理器,对<span style="color: black;">所有</span>的subject进行安全管理,它是shiro的核心,负责对所有的subject进行安全管理。<span style="color: black;">经过</span>SecurityManager<span style="color: black;">能够</span>完成subject的认证、授权等,实质上SecurityManager是<span style="color: black;">经过</span>Authenticator进行认证,<span style="color: black;">经过</span>Authorizer进行授权,<span style="color: black;">经过</span>SessionManager进行会话管理等。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">SecurityManager是一个接口,继承了Authenticator, Authorizer, SessionManager这三个接口。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">Authenticator</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Authenticator即认证器,对用户身份进行认证,Authenticator是一个接口,shiro<span style="color: black;">供给</span>ModularRealmAuthenticator实现类,<span style="color: black;">经过</span>ModularRealmAuthenticator基本上<span style="color: black;">能够</span>满足大<span style="color: black;">都数</span><span style="color: black;">需要</span>,<span style="color: black;">亦</span><span style="color: black;">能够</span>自定义认证器。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">Authorizer</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Authorizer即授权器,用户<span style="color: black;">经过</span>认证器认证<span style="color: black;">经过</span>,在<span style="color: black;">拜访</span>功能时需要<span style="color: black;">经过</span>授权器判断用户<span style="color: black;">是不是</span>有此功能的操作权限。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">realm</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Realm即<span style="color: black;">行业</span>,相当于datasource数据源,securityManager进行安全认证需要<span style="color: black;">经过</span>Realm获取用户权限数据,<span style="color: black;">例如</span>:<span style="color: black;">倘若</span>用户身份数据在数据库<span style="color: black;">那样</span>realm就需要从数据库获取用户身份信息。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">重视</span>:不要把realm理解成只是从数据源取数据,在realm中还有认证授权校验的<span style="color: black;">关联</span>的代码。</span></p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">sessionManager</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">sessionManager即会话管理,shiro框架定义了一套会话管理,它不依赖web容器的session,<span style="color: black;">因此</span>shiro<span style="color: black;">能够</span><span style="color: black;">运用</span>在非web应用上,<span style="color: black;">亦</span><span style="color: black;">能够</span>将分布式应用的会话集中在一点管理,此特性可使它实现单点登录。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">SessionDAO</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">SessionDAO即会话dao,是对session会话操作的一套接口,<span style="color: black;">例如</span>要将session存储到数据库,<span style="color: black;">能够</span><span style="color: black;">经过</span>jdbc将会话存储到数据库。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">CacheManager</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">CacheManager即缓存管理,将用户权限数据存储在缓存,<span style="color: black;">这般</span><span style="color: black;">能够</span><span style="color: black;">加强</span>性能。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">Cryptography</strong></span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Cryptography即<span style="color: black;">秘码</span>管理,shiro<span style="color: black;">供给</span>了一套加密/解密的组件,方便<span style="color: black;">研发</span>。<span style="color: black;">例如</span><span style="color: black;">供给</span>常用的散列、加/解密等功能。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;"><strong style="color: blue;">Shiro认证与授权的在Web中实现</strong></span></h2>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;"><span style="color: black;">第1</span>步:添加jar包</strong></h3><span style="color: black;"><!-- shiro --></span><span style="color: black;"><<span style="color: black;">dependency</span>></span> <span style="color: black;"><<span style="color: black;">groupId</span>></span>org.apache.shiro<span style="color: black;"></<span style="color: black;">groupId</span>></span> <span style="color: black;"><<span style="color: black;">artifactId</span>></span>shiro-core<span style="color: black;"></<span style="color: black;">artifactId</span>></span> <span style="color: black;"><<span style="color: black;">version</span>></span>1.4.0<span style="color: black;"></<span style="color: black;">version</span>></span><span style="color: black;"></<span style="color: black;">dependency</span>></span><span style="color: black;"><<span style="color: black;">dependency</span>></span> <span style="color: black;"><<span style="color: black;">groupId</span>></span>org.apache.shiro<span style="color: black;"></<span style="color: black;">groupId</span>></span> <span style="color: black;"><<span style="color: black;">artifactId</span>></span>shiro-spring<span style="color: black;"></<span style="color: black;">artifactId</span>></span> <span style="color: black;"><<span style="color: black;">version</span>></span>1.4.0<span style="color: black;"></<span style="color: black;">version</span>></span><span style="color: black;"></<span style="color: black;">dependency</span>></span>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">第二步:配置web.xml</strong></h3><span style="color: black;"><!-- shiro 过滤器 start --></span> <span style="color: black;"><<span style="color: black;">filter</span>></span> <span style="color: black;"><<span style="color: black;">filter-name</span>></span>shiroFilter<span style="color: black;"></<span style="color: black;">filter-name</span>></span> <span style="color: black;"><<span style="color: black;">filter-class</span>></span>org.springframework.web.filter.DelegatingFilterProxy<span style="color: black;"></<span style="color: black;">filter-class</span>></span> <span style="color: black;"><!-- 设置true由servlet容器<span style="color: black;">掌控</span>filter的生命周期 --></span> <span style="color: black;"><<span style="color: black;">init-param</span>></span> <span style="color: black;"><<span style="color: black;">param-name</span>></span>targetFilterLifecycle<span style="color: black;"></<span style="color: black;">param-name</span>></span> <span style="color: black;"><<span style="color: black;">param-value</span>></span>true<span style="color: black;"></<span style="color: black;">param-value</span>></span> <span style="color: black;"></<span style="color: black;">init-param</span>></span> <span style="color: black;"></<span style="color: black;">filter</span>></span> <span style="color: black;"><<span style="color: black;">filter-mapping</span>></span> <span style="color: black;"><<span style="color: black;">filter-name</span>></span>shiroFilter<span style="color: black;"></<span style="color: black;">filter-name</span>></span> <span style="color: black;"><<span style="color: black;">url-pattern</span>></span>/*<span style="color: black;"></<span style="color: black;">url-pattern</span>></span> <span style="color: black;"></<span style="color: black;">filter-mapping</span>></span> <span style="color: black;"><!-- shiro 过滤器 end --></span>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">第三步:</strong></h3>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">自定义Realm </strong></h3>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">继承 AuthorizingRealm </strong></h3>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">重写 AuthorizationInfo(授权) </strong></h3>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">重写</strong><strong style="color: blue;">AuthenticationInfo(认证)</strong></h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">以下只是简单的测试</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">以下都是<span style="color: black;">按照</span>个人的设置和<span style="color: black;">需要</span>改变的。<span style="color: black;">此刻</span>数据是死的,运用的时候需要从数据库中得到</p><span style="color: black;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">/**</p> * <span style="color: black;">@author</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> zhouguanglin</p> * <span style="color: black;">@date</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> 2018/2/26 14:05</p> */
</span><span style="color: black;">public</span> <span style="color: black;"><span style="color: black;">class</span> <span style="color: black;">CustomRealm</span> <span style="color: black;">extends</span> <span style="color: black;">AuthorizingRealm</span> </span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">{</p> <span style="color: black;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">/**</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> * 授权</p> * <span style="color: black;">@param</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> principalCollection</p> * <span style="color: black;">@return</span> */
</span> <span style="color: black;">@Override</span> <span style="color: black;"><span style="color: black;">protected</span> AuthorizationInfo <span style="color: black;">doGetAuthorizationInfo</span><span style="color: black;">(PrincipalCollection principalCollection)</span> </span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">{</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> String userName = (String) principalCollection.getPrimaryPrincipal();</p> List<String> permissionList=<span style="color: black;">new</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> ArrayList();
</p> permissionList.add(<span style="color: black;">"user:add"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">);</p>permissionList.add(<span style="color: black;">"user:delete"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">);</p> <span style="color: black;">if</span> (userName.equals(<span style="color: black;">"zhou"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">)) {</p> permissionList.add(<span style="color: black;">"user:query"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">);</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> }</p> SimpleAuthorizationInfo info=<span style="color: black;">new</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">SimpleAuthorizationInfo();</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> info.addStringPermissions(permissionList);</p> info.addRole(<span style="color: black;">"admin"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">);</p> <span style="color: black;">return</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> info;</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> }</p> <span style="color: black;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">/**</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> * 认证</p> * <span style="color: black;">@param</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> authenticationToken</p> * <span style="color: black;">@return</span> * <span style="color: black;">@throws</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> AuthenticationException</p>*/
</span> <span style="color: black;">@Override</span> <span style="color: black;"><span style="color: black;">protected</span> AuthenticationInfo <span style="color: black;">doGetAuthenticationInfo</span><span style="color: black;">(AuthenticationToken authenticationToken)</span> <span style="color: black;">throws</span> AuthenticationException </span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">{</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">String userName = (String) authenticationToken.getPrincipal();</p> <span style="color: black;">if</span> (<span style="color: black;">""</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">.equals(userName)) {</p> <span style="color: black;">return</span> <span style="color: black;">null</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">;</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> }</p> SimpleAuthenticationInfo info = <span style="color: black;">new</span> SimpleAuthenticationInfo(userName,<span style="color: black;">"123456"</span>,<span style="color: black;">this</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">.getName());</p> <span style="color: black;">return</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> info;</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> }</p>}<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">第四步:配置spring-shiro.xml</strong></h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">这儿</span>面都是<span style="color: black;">根据</span>自己的<span style="color: black;">需要</span>去配置的</p><span style="color: black;"><span style="color: black;"><?</span>xml version=<span style="color: black;">"1.0"</span> encoding=<span style="color: black;">"UTF-8"</span><span style="color: black;">?></span></span><span style="color: black;"><<span style="color: black;">beans</span> <span style="color: black;">xmlns</span>=<span style="color: black;">"http://www.springframework.org/schema/beans"</span> <span style="color: black;">xmlns:xsi</span>=<span style="color: black;">"http://www.w3.org/2001/XMLSchema-instance"</span> <span style="color: black;">xsi:schemaLocation</span>=<span style="color: black;">"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"</span>></span> <span style="color: black;"><!--开启shiro的注解--></span> <span style="color: black;"><<span style="color: black;">bean</span> <span style="color: black;">id</span>=<span style="color: black;">"advisorAutoProxyCreator"</span> <span style="color: black;">class</span>=<span style="color: black;">"org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"</span>></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"proxyTargetClass"</span> <span style="color: black;">value</span>=<span style="color: black;">"true"</span>></span><span style="color: black;"></<span style="color: black;">property</span>></span> <span style="color: black;"></<span style="color: black;">bean</span>></span> <span style="color: black;"><<span style="color: black;">bean</span> <span style="color: black;">class</span>=<span style="color: black;">"org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"</span>/></span> <span style="color: black;"><!--注入自定义的Realm--></span> <span style="color: black;"><<span style="color: black;">bean</span> <span style="color: black;">id</span>=<span style="color: black;">"customRealm"</span> <span style="color: black;">class</span>=<span style="color: black;">"com.test.realm.CustomRealm"</span>></span><span style="color: black;"></<span style="color: black;">bean</span>></span> <span style="color: black;"><<span style="color: black;">bean</span> <span style="color: black;">id</span>=<span style="color: black;">"securityManager"</span> <span style="color: black;">class</span>=<span style="color: black;">"org.apache.shiro.web.mgt.DefaultWebSecurityManager"</span>></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"realm"</span> <span style="color: black;">ref</span>=<span style="color: black;">"customRealm"</span>></span><span style="color: black;"></<span style="color: black;">property</span>></span> <span style="color: black;"></<span style="color: black;">bean</span>></span> <span style="color: black;"><!--配置ShiroFilter--></span> <span style="color: black;"><<span style="color: black;">bean</span> <span style="color: black;">id</span>=<span style="color: black;">"shiroFilter"</span> <span style="color: black;">class</span>=<span style="color: black;">"org.apache.shiro.spring.web.ShiroFilterFactoryBean"</span>></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"securityManager"</span> <span style="color: black;">ref</span>=<span style="color: black;">"securityManager"</span>></span><span style="color: black;"></<span style="color: black;">property</span>></span> <span style="color: black;"><!--登入页面--></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"loginUrl"</span> <span style="color: black;">value</span>=<span style="color: black;">"/login.jsp"</span>></span><span style="color: black;"></<span style="color: black;">property</span>></span> <span style="color: black;"><!--登入成功页面--></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"successUrl"</span> <span style="color: black;">value</span>=<span style="color: black;">"/index.jsp"</span>/></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"filters"</span>></span> <span style="color: black;"><<span style="color: black;">map</span>></span> <span style="color: black;"><!--退出过滤器--></span> <span style="color: black;"><<span style="color: black;">entry</span> <span style="color: black;">key</span>=<span style="color: black;">"logout"</span> <span style="color: black;">value-ref</span>=<span style="color: black;">"logoutFilter"</span> /></span> <span style="color: black;"></<span style="color: black;">map</span>></span> <span style="color: black;"></<span style="color: black;">property</span>></span> <span style="color: black;"><!--URL的拦截--></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"filterChainDefinitions"</span> ></span> <span style="color: black;"><<span style="color: black;">value</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> /share = authc</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> /logout = logout</p> <span style="color: black;"></<span style="color: black;">value</span>></span> <span style="color: black;"></<span style="color: black;">property</span>></span> <span style="color: black;"></<span style="color: black;">bean</span>></span> <span style="color: black;"><!--自定义退出LogoutFilter--></span> <span style="color: black;"><<span style="color: black;">bean</span> <span style="color: black;">id</span>=<span style="color: black;">"logoutFilter"</span> <span style="color: black;">class</span>=<span style="color: black;">"com.test.filter.SystemLogoutFilter"</span>></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"redirectUrl"</span> <span style="color: black;">value</span>=<span style="color: black;">"/login"</span>/></span> <span style="color: black;"></<span style="color: black;">bean</span>></span><span style="color: black;"></<span style="color: black;">beans</span>></span>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><span style="color: black;">有些</span>属性的<span style="color: black;">道理</span>:</h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">securityManager: 这个属性是必须的。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">loginUrl: <span style="color: black;">无</span>登录的用户请求需要登录的页面时自动<span style="color: black;">转</span>到登录页面,不是必须的属性,不输入<span style="color: black;">位置</span>的话会自动寻找项目web项目的根目录下的”/login.jsp”页面。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">successUrl: 登录成功默认<span style="color: black;">转</span>页面,不配置则<span style="color: black;">转</span>至”/”。<span style="color: black;">倘若</span>登陆前点击的一个需要登录的页面,则在登录自动<span style="color: black;">转</span>到那个需要登录的页面。不<span style="color: black;">转</span>到此。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">unauthorizedUrl: <span style="color: black;">无</span>权限默认<span style="color: black;">转</span>的页面。</p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">Shiro中默认的过滤器</strong></h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/QCu849YTaIPpQEdKn8NCCqMGOY3jfpPb4zwP2ogzO8b6iaicZxViardsBxH8icRp9ZBV9jnI1R5FegwgnAansYRZtg/640?tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在spring中直接引入<import resource="spring-shiro.xml"></import></p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">第五步:在spring-mvc.xml中配置权限的<span style="color: black;">掌控</span> <span style="color: black;">反常</span>的<span style="color: black;">转</span></strong></h3><span style="color: black;"><!-- 未认证或未授权时<span style="color: black;">转</span>必须在springmvc里面配,spring-shiro里的shirofilter配不生效 --></span> <span style="color: black;"><<span style="color: black;">bean</span> <span style="color: black;">class</span>=<span style="color: black;">"org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"</span>></span> <span style="color: black;"><<span style="color: black;">property</span> <span style="color: black;">name</span>=<span style="color: black;">"exceptionMappings"</span>></span> <span style="color: black;"><<span style="color: black;">props</span>></span> <span style="color: black;"><!--<span style="color: black;">暗示</span><span style="color: black;">捕捉</span>的<span style="color: black;">反常</span> --></span> <span style="color: black;"><<span style="color: black;">prop</span> <span style="color: black;">key</span>=<span style="color: black;">"org.apache.shiro.authz.UnauthorizedException"</span>></span> <span style="color: black;"><!--<span style="color: black;">捕捉</span>该<span style="color: black;">反常</span>时<span style="color: black;">转</span>的路径 --></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> /403</p> <span style="color: black;"></<span style="color: black;">prop</span>></span> <span style="color: black;"><!--<span style="color: black;">暗示</span><span style="color: black;">捕捉</span>的<span style="color: black;">反常</span> --></span> <span style="color: black;"><<span style="color: black;">prop</span> <span style="color: black;">key</span>=<span style="color: black;">"org.apache.shiro.authz.UnauthenticatedException"</span>></span> <span style="color: black;"><!--<span style="color: black;">捕捉</span>该<span style="color: black;">反常</span>时<span style="color: black;">转</span>的路径 --></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> /403</p> <span style="color: black;"></<span style="color: black;">prop</span>></span> <span style="color: black;"></<span style="color: black;">props</span>></span> <span style="color: black;"></<span style="color: black;">property</span>></span> <span style="color: black;"></<span style="color: black;">bean</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">403是错误页面</p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;">第六步:在controller中测试<span style="color: black;">运用</span>的验证登入</strong></h3><span style="color: black;">@RequestMapping</span>(value = <span style="color: black;">"/login"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">, method = RequestMethod.POST)</p> <span style="color: black;">public</span> <span style="color: black;">String</span> login(<span style="color: black;">String</span> userName, <span style="color: black;">String</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">passwd, Model model) {</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> Subject subject = SecurityUtils.getSubject();</p> UsernamePasswordToken token = <span style="color: black;">new</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> UsernamePasswordToken(userName, passwd);</p> <span style="color: black;">try</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> {</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">subject.login(token);</p> } <span style="color: black;">catch</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> (UnknownAccountException e) {</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> e.printStackTrace();</p> model.addAttribute(<span style="color: black;">"userName"</span>, <span style="color: black;">"用户名错误!"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">);</p> <span style="color: black;">return</span> <span style="color: black;">"login"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">;</p> } <span style="color: black;">catch</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(IncorrectCredentialsException e) {</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> e.printStackTrace();</p> model.addAttribute(<span style="color: black;">"passwd"</span>, <span style="color: black;">"<span style="color: black;">秘码</span>错误"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">);</p> <span style="color: black;">return</span> <span style="color: black;">"login"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">;</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> }</p> <span style="color: black;">return</span> <span style="color: black;">"index"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">;</p> }<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">之后的都是HTML页面的<span style="color: black;">转</span></p>
<h3 style="color: black; text-align: left; margin-bottom: 10px;"><strong style="color: blue;"><span style="color: black;">相关</span>HTML中的<span style="color: black;">有些</span>shiro设置:</strong></h3>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在<span style="color: black;">运用</span>Shiro标签库前,<span style="color: black;">首要</span>需要在JSP引入shiro标签:</p><span style="color: black;"><<span style="color: black;">%@</span> <span style="color: black;">taglib</span> <span style="color: black;">prefix</span>=<span style="color: black;">"shiro"</span> <span style="color: black;">uri</span>=<span style="color: black;">"http://shiro.apache.org/tags"</span> %></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1、介绍Shiro的标签guest标签 :验证当前用户<span style="color: black;">是不是</span>为“访客”,即未认证(<span style="color: black;">包括</span>未记住)的用户。</p><span style="color: black;"><<span style="color: black;">shiro:guest</span>></span>Hi there! Please <span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"login.jsp"</span>></span>Login<span style="color: black;"></<span style="color: black;">a</span>></span> or <span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"signup.jsp"</span>></span>Signup<span style="color: black;"></<span style="color: black;">a</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> today! </p><span style="color: black;"></<span style="color: black;">shiro:guest</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2、user标签 :认证<span style="color: black;">经过</span>或已记住的用户。</p><span style="color: black;"><<span style="color: black;">shiro:user</span>></span>Welcome back John! Not John? Click <span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"login.jsp"</span>></span>here<span style="color: black;"><<span style="color: black;">a</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> to login. </p><span style="color: black;"></<span style="color: black;">shiro:user</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">3、authenticated标签 :已认证<span style="color: black;">经过</span>的用户。不<span style="color: black;">包括</span>已记住的用户,这是与user标签的区别所在。</p><span style="color: black;"><<span style="color: black;">shiro:authenticated</span>></span><span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"updateAccount.jsp"</span>></span>Update your contact information<span style="color: black;"></<span style="color: black;">a</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">. </p><span style="color: black;"></<span style="color: black;">shiro:authenticated</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">4、notAuthenticated标签 :未认证<span style="color: black;">经过</span>用户,与authenticated标签相对应。与guest标签的区别是,该标签<span style="color: black;">包括</span>已记住用户。 </p><span style="color: black;"><<span style="color: black;">shiro:notAuthenticated</span>></span>Please<span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"login.jsp"</span>></span>login<span style="color: black;"></<span style="color: black;">a</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> in order to update your credit card information. </p><span style="color: black;"></<span style="color: black;">shiro:notAuthenticated</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">5、principal 标签 :输出当前用户信息,<span style="color: black;">一般</span>为登录帐号信息。 </p>Hello, <span style="color: black;"><<span style="color: black;">shiro:principal</span>/></span>, how are you today?<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">6、hasRole标签 :验证当前用户<span style="color: black;">是不是</span>属于该角色。 </p><span style="color: black;"><<span style="color: black;">shiro:hasRole</span> <span style="color: black;">name</span>=<span style="color: black;">"administrator"</span>></span><span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"admin.jsp"</span>></span>Administer the system<span style="color: black;"></<span style="color: black;">a</span>></span><span style="color: black;"></<span style="color: black;">shiro:hasRole</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">7、lacksRole标签 :与hasRole标签<span style="color: black;">规律</span>相反,当用户不属于该角色时验证<span style="color: black;">经过</span>。 </p><shiro:lacksRole name=<span style="color: black;">"administrator"</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">> </p>Sorry, you are not allowed <span style="color: black;">to</span> administer the <span style="color: black;">system</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">. </p></shiro:lacksRole><p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">8、hasAnyRole标签 :验证当前用户<span style="color: black;">是不是</span>属于以下任意一个角色。 </p><span style="color: black;"><<span style="color: black;">shiro:hasAnyRoles</span> <span style="color: black;">name</span>=<span style="color: black;">"developer, project manager, administrator"</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">You are either a developer, project manager, or administrator.</p><span style="color: black;"></<span style="color: black;">shiro:lacksRole</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">9、hasPermission标签 :验证当前用户<span style="color: black;">是不是</span><span style="color: black;">持有</span>指定权限。 </p><span style="color: black;"><<span style="color: black;">shiro:hasPermission</span> <span style="color: black;">name</span>=<span style="color: black;">"user:create"</span>></span><span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"createUser.jsp"</span>></span>Create a new User<span style="color: black;"></<span style="color: black;">a</span>></span><span style="color: black;"></<span style="color: black;">shiro:hasPermission</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">十、</span>lacksPermission标签 :与hasPermission标签<span style="color: black;">规律</span>相反,当前用户<span style="color: black;">无</span>制定权限时,验证<span style="color: black;">经过</span>。</p><span style="color: black;"><<span style="color: black;">shiro:hasPermission</span> <span style="color: black;">name</span>=<span style="color: black;">"user:create"</span>></span><span style="color: black;"><<span style="color: black;">a</span> <span style="color: black;">href</span>=<span style="color: black;">"createUser.jsp"</span>></span>Create a new User<span style="color: black;"></<span style="color: black;">a</span>></span><span style="color: black;"></<span style="color: black;">shiro:hasPermission</span>></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">PS:<span style="color: black;">倘若</span>觉得我的分享不错,欢迎<span style="color: black;">大众</span>随手点赞、转发。</span></strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">(完)</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">Java团长</span></strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">专注于Java干货分享</span></p><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">扫描上方二维码获取<span style="color: black;">更加多</span>Java干货</span></p>
谢谢、感谢、感恩、辛苦了、有你真好等。 你的见解真是独到,让我受益匪浅。 感谢楼主分享,祝愿外链论坛越办越好!
页:
[1]