接下来我将为您详细讲解“springmvc+shiro+maven 实现登录认证与权限授权管理”的完整攻略。
1. 环境准备
首先需要搭建好SpringMVC和Maven的环境,可使用IDEA等开发工具自行创建空白项目。
2. pom.xml配置
为项目引入SpringMVC和Shiro的依赖包,具体如下:
<!--SpringMVC依赖包-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.3.10</version>
</dependency>
<!-- Shiro依赖包 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.7.1</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.7.1</version>
</dependency>
3.配置Shiro
在SpringMVC的Web.xml配置文件中添加Shiro的Filter:
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
然后在SpringMVC的applicationContext.xml中配置Shiro的相关bean:
<!-- Shiro的安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean>
<!-- 自定义的Realm -->
<bean id="myRealm" class="com.example.MyRealm"/>
<!-- Shiro的过滤器链 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/index"/>
<property name="unauthorizedUrl" value="/unauthorized"/>
<property name="filterChainDefinitions">
<value>
/login = anon
/static/** = anon
/** = authc
</value>
</property>
</bean>
其中,myRealm是自定义的Realm实现认证和权限授权逻辑。filterChainDefinitions定义了Shiro的URL过滤器链,其中login、static目录下的静态文件等不需要认证,其余URL都需要进行认证和权限授权。
4. 自定义Realm
自定义Realm需要继承org.apache.shiro.realm.AuthorizingRealm类,并实现doGetAuthorizationInfo和doGetAuthenticationInfo两个方法实现权限授权和认证逻辑。示例代码如下:
public class MyRealm extends AuthorizingRealm {
/**
* 授权逻辑
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
String username = (String) principalCollection.getPrimaryPrincipal();
if ("admin".equals(username)) {
authorizationInfo.addRole("admin");
authorizationInfo.addStringPermission("user:query");
authorizationInfo.addStringPermission("user:add");
authorizationInfo.addStringPermission("user:delete");
authorizationInfo.addStringPermission("user:update");
} else if ("user".equals(username)) {
authorizationInfo.addRole("user");
authorizationInfo.addStringPermission("user:query");
}
return authorizationInfo;
}
/**
* 认证逻辑
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//获取用户输入的账号和密码
String username = (String) authenticationToken.getPrincipal();
String password = new String((char[]) authenticationToken.getCredentials());
if("admin".equals(username) && "123456".equals(password)){
return new SimpleAuthenticationInfo(username, password, getName());
}else if("user".equals(username) && "123456".equals(password)){
return new SimpleAuthenticationInfo(username, password, getName());
}
throw new AuthenticationException("账号或密码错误");
}
}
5. 编写登录页面
登录页面的代码如下示例,其中包含了用户名、密码、记住我等表单元素:
<form class="form-signin" method="post" action="${pageContext.request.contextPath}/login">
<h2 class="form-signin-heading">请登录</h2>
<label for="inputEmail" class="sr-only">用户名</label>
<input type="text" id="inputEmail" name="username" class="form-control" placeholder="请输入用户名" required autofocus>
<label for="inputPassword" class="sr-only">密码</label>
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="请输入密码" required>
<div class="checkbox">
<label>
<input type="checkbox" name="rememberMe" value="true"> 记住我
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">登录</button>
</form>
6. 编写用户中心页面
用户中心页面包含了查询、添加、修改、删除等权限授权功能。示例代码如下:
<a href="${pageContext.request.contextPath}/user/query">查询用户</a>
<a href="${pageContext.request.contextPath}/user/add">添加用户</a>
<a href="${pageContext.request.contextPath}/user/update">修改用户</a>
<a href="${pageContext.request.contextPath}/user/delete">删除用户</a>
7. 编写相应的Controller
编写相应的Controller,具体的控制逻辑由Shiro和自定义的Realm来完成,Controller仅仅负责路由。示例代码如下:
@Controller
public class UserController {
@RequestMapping("/user/query")
public String query() {
return "user/query";
}
@RequestMapping("/user/add")
public String add() {
return "user/add";
}
@RequestMapping("/user/update")
public String update() {
return "user/update";
}
@RequestMapping("/user/delete")
public String delete() {
return "user/delete";
}
@RequestMapping("/login")
public String login() {
return "login";
}
@RequestMapping("/index")
public String index() {
return "index";
}
@RequestMapping("/unauthorized")
public String unauthorized() {
return "unauthorized";
}
}
以上就是整个“springmvc+shiro+maven 实现登录认证与权限授权管理”的完整攻略。如果您需要了解更多相关的内容,可以在代码中添加相应的注释,或者查看相关的官方文档和教程。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:springmvc+shiro+maven 实现登录认证与权限授权管理 - Python技术站
微信扫一扫 
支付宝扫一扫 