Spring integrates Shiro for detailed case analysis of permission control module, shiro permission Control

Spring integrates Shiro for detailed case analysis of permission control module, shiro permission Control
1. Introduce Shiro's Maven dependency

<! -- Integrate the dependencies required by Shiro in Spring --> <dependency> <groupId> org. apache. shiro </groupId> <artifactId> shiro-core </artifactId> <version> 1.2.1 </version> </dependency> <groupId> org. apache. shiro </groupId> <artifactId> shiro-web </artifactId> <version> 1.2.1 </version> </dependency> <groupId> org. apache. shiro </groupId> <artifactId> shiro-ehcache </artifactId> <version> 1.2.1 </version> </dependency> <gro UpId> org. apache. shiro </groupId> <artifactId> shiro-spring </artifactId> <version> 1.2.1 </version> </dependency> <! -- In addition to some things can not be less spring, spring-mvc, ibatis spring.3.1.2 spring-mvc.3.1.2 ibatis.2.3.4 cglib.2.2 -->

2. Configure in web. xml

<! -- Configure shiro's core interceptor --> <filter-name> shiroFilter </filter-name> <filter-class> org. springframework. web. filter. delegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name> shiroFilter </filter-name> <url-pattern>/* </url-pattern> </filter-mapping>

3. Write your own UserRealm class inherited from Realm, mainly to manage authentication and authorization

Package com. jay. demo. shiro; import java. util. hashSet; import java. util. iterator; import java. util. set; import org. apache. shiro. authc. authenticationException; import org. apache. shiro. authc. authenticationInfo; import org. apache. shiro. authc. authenticationToken; import org. apache. shiro. authc. lockedAccountException; import org. apache. shiro. authc. simpleAuthenticationInfo; import org. apache. shiro. authc. unknownAccountException; import org. apache. shiro. authz. authorizationInfo; import org. apache. shiro. authz. simpleAuthorizationInfo; import org. apache. shiro. realm. authorizingRealm; import org. apache. shiro. subject. principalCollection; import org. springframework. beans. factory. annotation. autowired; import com. jay. demo. bean. permission; import com. jay. demo. bean. role; import com. jay. demo. bean. user; import com. jay. demo. service. userService; public class UserRealm extends AuthorizingRealm {@ Autowiredprivate UserService userService;/*** authorized operation */@ Overrideprotected AuthorizationInfo doGetAuthorizationInfo (PrincipalCollection principals) {/String username = (String) getAvailablePrincipal (principals); String username = (String) principals. getPrimaryPrincipal (); Set <Role> roleSet = userService. findUserByUsername (username ). getRoleSet (); // Set of role names <String> roles = new HashSet <String> (); // Set <String> permissions = new HashSet <String> (); Iterator <Role> it = roleSet. iterator (); while (it. hasNext () {roles. add (it. next (). getName (); for (Permission per: it. next (). getPermissionSet () {permissions. add (per. getName () ;}} SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo (); authorizationInfo. addRoles (roles); authorizationInfo. addStringPermissions (permissions); return authorizationInfo;}/*** authentication operation */@ brief AuthenticationInfo doGetAuthenticationInfo (AuthenticationToken token) throws AuthenticationException {String username = (String) token. getPrincipal (); User user = userService. findUserByUsername (username); if (user = null) {// The user throw new UnknownAccountException ("this account is not found");}/* if (Boolean. TRUE. equals (user. getLocked () {throw new LockedAccountException (); // account lock} * // *** to AuthenticatingRealm and use CredentialsMatcher to match the password, if you think someone else is not good, you can determine here or customize the implementation */SimpleAuthenticationInfo info = new SimpleAuthenticationInfo (user. getUsername (), user. getPassword (), getName (); return info ;}@ Overridepublic String getName () {return getClass (). getName ();}}

4. Configure Shiro in Spring applicationContext. xml

1. Add the shiroFilter Definition

Xml Code

2. Add a securityManager Definition

Xml Code

3. Add realm Definition

Xml Code

4. Configure EhCache

<Bean id = "cacheManager" class = "org. apache. shiro. cache. ehcache. EhCacheManager"/>

5. Implement the bean execution of the lifecycle function in Shiro.

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

Note:

If you use Shiro-related annotations, You need to configure the information in the springmvc-servlet.xml

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/><bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">    <property name="securityManager" ref="securityManager"/></bean>

Note: Filter explanation of Shiro permission management:

Default filter (10) anon -- org. apache. shiro. web. filter. authc. anonymousFilterauthc -- org. apache. shiro. web. filter. authc. formAuthenticationFilterauthcBasic -- org. apache. shiro. web. filter. authc. basicHttpAuthenticationFilterperms -- org. apache. shiro. web. filter. authz. permissionsAuthorizationFilterport -- org. apache. shiro. web. filter. authz. portFilterrest -- org. apache. shiro. web. filter. authz. httpMethodPermissionFi Lterroles -- org. apache. shiro. web. filter. authz. rolesAuthorizationFilterssl -- org. apache. shiro. web. filter. authz. sslFilteruser -- org. apache. shiro. web. filter. authc. userFilterlogout -- org. apache. shiro. web. filter. authc. logoutFilteranon: The Example/admins/** = anon has no parameter, indicating that it can be used anonymously. Authc: for example,/admins/user/** = authc indicates that you need to authenticate (Log On) for use. No parameter roles: Example/admins/user/** = roles [admin], multiple parameters can be written. When multiple parameters are entered, quotation marks must be added and the parameters are separated by commas. When multiple parameters exist, for example, admins/user/** = roles ["admin, guest "]. Each passing parameter is passed, which is equivalent to the hasAllRoles () method. Perms: Example/admins/user/** = perms [user: add: *]. You can write multiple parameters. If there are multiple parameters, quotation marks must be added and the parameters are separated by commas, for example,/admins/user/** = perms ["user: add: *, user: modify: *"]. When multiple parameters exist, each parameter must pass, the isPermitedAll () method. Rest: Example/admins/user/** = rest [user]. According to the request method, it is equivalent to/admins/user/** = perms [user: method]. the method is post, get, and delete. Port: Example/admins/user/** = port [8081]. When the request url port is not 8081, It is redirected to schemal: // serverName: 8081? QueryString, where schmal is the protocol http or https, serverName is the host you visit, 8081 is the port in the url configuration, and queryString is in the url you visit? Parameters. AuthcBasic: for example,/admins/user/** = authcBasic No parameter indicates httpBasic-certified ssl: Example/admins/user/** = ssl No parameter indicates a secure url request, the Protocol is https user: for example,/admins/user/** = user. No parameter indicates that a user must exist. No check is performed during login.

For more details, click the Source Code address.:Mingli

If you are interested, you can go to the ball ~ Sharing learning technologies: 2042849237