发布于 2016-01-13 09:08:23 | 230 次阅读 | 评论: 0 | 来源: PHPERZ

这里有新鲜出炉的精品教程,程序狗速度看过来!

Spring Framework 开源j2ee框架

Spring是什么呢?首先它是一个开源的项目,而且目前非常活跃;它是一个基于IOC和AOP的构架多层j2ee系统的框架,但它不强迫你必须在每一层 中必须使用Spring,因为它模块化的很好,允许你根据自己的需要选择使用它的某一个模块;它实现了很优雅的MVC,对不同的数据访问技术提供了统一的接口,采用IOC使得可以很容易的实现bean的装配,提供了简洁的AOP并据此实现Transcation Managment,等等


maven配置

    <!-- shiro-web -->  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-web</artifactId>  
        <version>${shiro-version}</version>  
    </dependency>  
    <!-- shiro-spring -->  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-spring</artifactId>  
        <version>${shiro-version}</version>  
    </dependency>  
    <!-- shiro-ehcache -->  
    <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-ehcache</artifactId>  
        <version>${shiro-version}</version>  
    </dependency>  
    ...
    <properties>
        <shiro-version>1.2.4</shiro-version>
    </properties>

spring配置

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>    
 
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" 
    depends-on="lifecycleBeanPostProcessor"/>  

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">  
<!-- securityManager 核心控制器 -->
    <property name="realm" ref="DefaultRealm"/>  
</bean>  

  <!-- 过滤器配置, 同时在web.xml中配置filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
    <property name="securityManager" ref="securityManager"/>  
    <property name="loginUrl" value="/account/to_login.do"/>  
    <property name="successUrl" value="/success.jsp"/>
    <property name="unauthorizedUrl" value="/noperm.jsp"/>
    <property name="filters">
        <map>
            <entry key="authc">
                <bean class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter" />
            </entry>
        </map>
    </property>  
    <property name="filterChainDefinitions">  
        <value>  
            /logout.do        = anon    <!--anon:anonymous, 匿名的, 不需要权限 -->
            /image/*.do        = authc    <!-- 需要认证通过, 即登录成功 -->
            /blog/**.do        = authc,perms[blog] <!-- 需要名称为blog的权限permission-->
            /admin/*.do        = authc,roles[admin] <!-- 需要名称为admin的角色role-->
            <!-- 说明: /*匹配的的是/abc;  /** 匹配的是多个/*, 比如/abc/def -->
        </value>  
    </property>  
</bean>  

web.xml

<filter>  
    <filter-name>shiroFilter</filter-name>  
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
    <init-param>  
        <param-name>targetFilterLifecycle</param-name>  
        <param-value>true</param-value>  
    </init-param>  
</filter>  
<filter-mapping>  
    <filter-name>shiroFilter</filter-name>  
    <url-pattern>*.do</url-pattern>  
</filter-mapping>    

<!-- sitemesh -->
<filter>
    <filter-name>sitemesh</filter-name>
    <filter-class>org.sitemesh.config.ConfigurableSiteMeshFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>sitemesh</filter-name>
    <url-pattern>*.do</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>springmvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:app-servlet.xml
        </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>springmvc</servlet-name>
    <url-pattern>*.do</url-pattern>
</servlet-mapping>

PS : shiro filter,放在mvc的filter/servlet前面,如果有sitemesh,放在sitemesh前面

Realm类

/**
 * 登录和检查授权的时候调用当前类
 */
@Component("DefaultRealm")
public class DefaultRealm extends AuthorizingRealm {

  @Resource
  private AdminDao adminDao;

  public DefaultRealm() {
    setName("DefaultRealm");// This name must match the name in the User  
  }

  //获取授权信息, 用于验证权限
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    String username = (String) principalCollection.getPrimaryPrincipal();
    AdminUser admin = adminDao.getUniqueByProperty("username", username);
    Set<Role> roleSet = admin.getRoles();
    if (roleSet != null) {
      //获取角色权限
      Set<String> roles = new HashSet<>();
      Set<String> stringPermissions = new HashSet<>();
      for (Role role : roleSet) {
        roles.add(role.getRoleName());

        //封装到验证信息
        Set<Permission> permissions = role.getPermissions();
        for (Permission permission : permissions) {
          stringPermissions.add(permission.getPermissionName());
        }
      }
      
      SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();  
      authorizationInfo.setRoles(roles);  
      authorizationInfo.setStringPermissions(stringPermissions);  
      return authorizationInfo;
    }
    return null;
  }

  //获取验证信息,用于登录验证用户名密码
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken principals)
      throws AuthenticationException {
    String username = (String) principals.getPrincipal();
    if (StringUtils.isNotEmpty(username)) {
      AdminUser admin = adminDao.getUniqueByProperty("username", username);
      SimpleAccount account = new SimpleAccount(username, admin.getPassword(), getName());
      return account;
    }
    return null;
  }

}

MVC登录验证

//在MVC的Controller中, 接收参数username和password, 装配成UsernamePasswordToken对象,
//然后用subject对象login方法进行登录.
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
Subject subject = SecurityUtils.getSubject();
subject.login(token);

User-Role-Permission实体类

@Entity
public class User {
    private String username; 
    private String password="";
    //省略getter setter
    
    private Set<Role> roles;
    
    @ManyToMany(targetEntity=Role.class)
    public Set<Role> getRoles() {
      return roles;
    }

    public void setRoles(Set<Role> roles) {
      this.roles = roles;
    }
}

@Entity
public class Role{
  private String roleName;    //省略getter setter
  private Set<Permission> permissions = new HashSet<>();
  
  @ManyToMany
  public Set<Permission> getPermissions() {
    return permissions;
  }

  public void setPermissions(Set<Permission> permissions) {
    this.permissions = permissions;
  }
}  

@Entity
public class Permission {
    private String permissionName;//省略getter setter
}


相关阅读 :
spring-shiro 基本使用
Spring Bean基本管理实例详解
Spring中WebDataBinder使用详解
基于注解的spring 在静态方法中使用注入的类
使用Java的Spring框架编写第一个程序Hellow world
基于Spring框架的Shiro配置方法
spring cloud 之 Feign 使用HTTP请求远程服务的实现方法
Spring Cloud实战技巧之使用随机端口
详解使用Spring的restTemplete进行Http请求
使用Spring的注解方式实现AOP实例
使用spring实现邮件的发送实例(含测试,源码,注释)
详解使用Spring Security进行自动登录验证
最新网友评论  共有(0)条评论 发布评论 返回顶部

Copyright © 2007-2017 PHPERZ.COM All Rights Reserved   冀ICP备14009818号  版权声明  广告服务