Apache shiro (2)-first Demo (web + spring + shiro), apacheshiro

Apache shiro (2)-first Demo (web + spring + shiro), apacheshiro

The previous blog briefly listed the structure of shiro's framework, which is actually a mix of faces. I am not going to talk about this blog in detail. Let's first use a complete example to understand how to use it. Then, we should be able to have a rough idea of shiro based on actual usage. Started ......

JAR package

• Shiro-all: this JAR contains all the JAR files. Currently, the shiro JAR packages are separated. You can select some of them based on the functions used. Here, our primary goal is to understand the functions, so I want to avoid some problems as much as possible, so I chose Shiro-all.
• Conmons-beanutils, commons-logging: These two packages must be introduced.
• Aopalliance: this package is about Aop. This package must be introduced when annotations are enabled.
• Ehcache-core: This is the cached JAR package, which needs to be introduced when cache is used. Of course, other cache products can be used here, And ehcache is only one of them.
• Mysql-connector-java: mysql startup package
• Spring-*: the package to be introduced by spring

Web. xml

 

<Span style = "font-size: 18px;"> <! -- Default Page --> <welcome-file-list> <welcome-file>/Page/login. jsp </welcome-file> </welcome-file-list> <! -- Shiro configuration file location, here, both spring and shiro are configured on a file --> <context-param> <param-name> contextConfigLocation </param-name> <param-value> classpath: spring-shiro.xml </param-value> </context-param> <! -- Automatically assemble the configuration information of ApplicationContext when starting the Web container. The configuration file here is the shiro configuration file --> <listener-class> org. springframework. web. context. contextLoaderListener </listener-class> </listener> <! -- Shiro's main filter --> <filter-name> shiroSecurityFilter </filter-name> <filter-class> org. springframework. web. filter. delegatingFilterProxy </filter-class> <init-param> <param-name> targetFilterLifecycle </param-name> <param-value> true </param-value> </init- param> </filter> <filter-mapping> <filter-name> shiroSecurityFilter </filter-name> <url-pattern>/* </url-pattern> </filter- mapping> <! -- The following is the servlet configuration --> <servlet-name> login </servlet-name> <servlet-class> com. tgb. shirodemo. servlet. loginServlet </servlet-class> </servlet> <servlet-mapping> <servlet-name> login </servlet-name> <url-pattern>/login </url-pattern> </servlet-mapping> <servlet-name> money </servlet-name> <servlet-class> com. tgb. shirodemo. servlet. mainServlet </servlet-class> </servlet> <servlet-mapping> <servlet-name> money </servlet-name> <url-pattern>/money </url-pattern> </servlet-mapping> </span>

Spring-shiro.xml

 

<Span style = "font-size: 18px;"> <! -- This is the two beans that I need to inject into ealm for database access. --> <beanid = "userMgr" class = "com. tgb. shirodemo. manager. userManager "> </bean> <beanid =" permissionMgr "class =" com. tgb. shirodemo. manager. permissionManager "> </bean> <! -- Shiro serves as a bridge between the database and DAO --> <beanid = "shiroRealm" class = "com. tgb. shirodemo. shiro. myShiroRealm "> <property name =" usermgr "ref =" userMgr "> </property> <property name =" permgr "ref =" permissionMgr "> </property> </bean> <! -- Cache manager --> <beanid = "shiroEhcacheManager" class = "org. apache. shiro. cache. ehcache. ehCacheManager "> <propertyname =" cacheManagerConfigFile "value =" classpath: ehcache-shiro.xml "/> </bean> <! -- Security Manager: As shown in the previous blog, it is a global component --> <beanid = "securityManager" class = "org. apache. shiro. web. mgt. defaultWebSecurityManager "> <! -- Integration Realm --> <property name = "realm" ref = "shiroRealm"> </property> <! -- Integrated cache manager --> <property name = "cacheManager" ref = "shiroEhcacheManager"> </property> </bean> <! -- Ensure that the bean in the shiro internal lifecycle is executed --> <beanid = "lifecycleBeanPostProcessor" class = "org. apache. shiro. spring. LifecycleBeanPostProcessor"/> <! -- The following two configurations about enabling annotation --> <beanclass = "org. springframework. aop. framework. autoproxy. defaultAdvisorAutoProxyCreator "depends-on =" lifecycleBeanPostProcessor "> </bean> <beanclass =" org. apache. shiro. spring. security. interceptor. authorizationAttributeSourceAdvisor "> <propertyname =" securityManager "ref =" securityManager "/> </bean> <! -- Configure the shiro main filter. The name here corresponds to the name on the web --> <bean id = "shiroSecurityFilter" class = "org. apache. shiro. spring. web. shiroFilterFactoryBean "> <! -- Integrated Security Manager --> <propertyname = "securityManager" ref = "securityManager"> </property> <property name = "loginUrl" value = "/Page/login. jsp "> </property> <property name =" successUrl "value ="/Page/main. jsp "> </property> <propertyname =" unauthorizedUrl "value ="/Page/second. jsp "> </property> <! -- Filter chain, configure filter rules for URLs --> <propertyname = "filterChainDefinitions"> <value>/= anon/login = anon/** = authc </value> </property> </bean> </beans> </span>

Cached XML

<span style="font-size:18px;"><ehcacheupdateCheck="false" name="shiroCache">     <defaultCache           maxElementsInMemory="10000"            eternal="false"            timeToIdleSeconds="120"            timeToLiveSeconds="120"            overflowToDisk="false"            diskPersistent="false"           diskExpiryThreadIntervalSeconds="120"            /></ehcache></span>

Realm

The configuration file is like this. Next we need to talk about some key classes. The Realm class needs to be implemented by ourselves. It is the only source of verification information required by the shiro framework. The class that was previously configured in the spring-shiro.xml is this implementation. If it is too troublesome, you can directly write the dead verification information.

<Span style = "font-size: 18px;"> public classMyShiroRealm extends AuthorizingRealm {// injection class, which truly accesses the database private UserManager usermgr; private PermissionManager permgr; // query the user's permission information @ OverrideprotectedAuthorizationInfo doGetAuthorizationInfo (PrincipalCollectionprincipals) {ShiroUseruser = (ShiroUser) principals. fromRealm (getName ()). iterator (). next (); Collection <Permission> cper = permgr. getPermission (user); SimpleAuthorizationInfoinfo = new SimpleAuthorizationInfo (); Iterator <Permission> it = cper. iterator (); while (it. hasNext () {info. addStringPermission (it. next (). getPermissionName ();} returninfo;} // query the user's identity information @ OverrideprotectedAuthenticationInfo doGetAuthenticationInfo (AuthenticationTokentoken) throws AuthenticationException {ShiroUseruser = usermgr. getUserByName (token. getPrincipal (). toString (); if (user = null) {thrownew UnknownAccountException ();} else {returnnew SimpleAuthenticationInfo (user, user. getPassWord (), getName () ;}} publicUserManager getUsermgr () {returnusermgr;} publicvoid setUsermgr (UserManager usermgr) {this. usermgr = usermgr;} publicPermissionManager getPermgr () {returnpermgr;} publicvoid setPermgr (PermissionManager permgr) {this. permgr = permgr ;}}</span>

Basically, there are so many things to do. Other classes in my example are basic spring things. Not all are posted. Here is the complete download link.