• shiro认证-SSM


    shiro认证-SSM

     pom

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.3.2</version>
    </dependency>
    
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.3.2</version>
    </dependency>
    
    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-spring</artifactId>
        <version>1.3.2</version>
    </dependency>

    web.xml配置

     

    <!-- shiro过滤器定义 -->
    <filter>
      <filter-name>shiroFilter</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      <init-param>
        <!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>shiroFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

     

    这五张表生成对应的model、mapper

     

    applicationContext-shiro.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    
        <!--配置自定义的Realm-->
        <bean id="shiroRealm" class="com.zhuling.shiro.MyRealm">
            <property name="shiroUserService" ref="shiroUserService" />
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--注意:重要的事情说三次~~~~~~此处加密方式要与用户注册时的算法一致 -->
            <!--以下三个配置告诉shiro将如何对用户传来的明文密码进行加密-->
            <property name="credentialsMatcher">
                <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
                    <!--指定hash算法为MD5-->
                    <property name="hashAlgorithmName" value="md5"/>
                    <!--指定散列次数为1024次-->
                    <property name="hashIterations" value="1024"/>
                    <!--true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储-->
                    <property name="storedCredentialsHexEncoded" value="true"/>
                </bean>
            </property>
        </bean>
    
        <!--注册安全管理器-->
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="shiroRealm" />
        </bean>
    
        <!--Shiro核心过滤器-->
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <!-- Shiro的核心安全接口,这个属性是必须的 -->
            <property name="securityManager" ref="securityManager" />
            <!-- 身份验证失败,跳转到登录页面 -->
            <property name="loginUrl" value="/login"/>
            <!-- 身份验证成功,跳转到指定页面 -->
            <!--<property name="successUrl" value="/index.jsp"/>-->
            <!-- 权限验证失败,跳转到指定页面 -->
            <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
            <!-- Shiro连接约束配置,即过滤链的定义 -->
            <property name="filterChainDefinitions">
                <value>
                    <!--
                    注:anon,authcBasic,auchc,user是认证过滤器
                        perms,roles,ssl,rest,port是授权过滤器
                    -->
                    <!--anon 表示匿名访问,不需要认证以及授权-->
                    <!--authc表示需要认证 没有进行身份认证是不能进行访问的-->
                    <!--roles[admin]表示角色认证,必须是拥有admin角色的用户才行-->
                    /user/login=anon
                    /user/updatePwd.jsp=authc
                    /admin/*.jsp=roles[admin]
                    /user/teacher.jsp=perms["user:update"]
                    <!-- /css/**               = anon
                     /images/**            = anon
                     /js/**                = anon
                     /                     = anon
                     /user/logout          = logout
                     /user/**              = anon
                     /userInfo/**          = authc
                     /dict/**              = authc
                     /console/**           = roles[admin]
                     /**                   = anon-->
                </value>
            </property>
        </bean>
    
        <!-- Shiro生命周期,保证实现了Shiro内部lifecycle函数的bean执行 -->
        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
    </beans>

    ShiroUserService

    package com.zhuling.service;
    
    import com.zhuling.model.ShiroUser;
    
    
    
    public interface ShiroUserService {
        ShiroUser queryByName(String uname);
    
        int insert(ShiroUser record);
    }

    MyRealm

    package com.zhuling.shiro;
    
    import com.zhuling.model.ShiroUser;
    import com.zhuling.service.ShiroUserService;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.apache.shiro.util.ByteSource;
    
    
    public class MyRealm extends AuthorizingRealm {
        private ShiroUserService shiroUserService;
    
        public ShiroUserService getShiroUserService() {
            return shiroUserService;
        }
    
        public void setShiroUserService(ShiroUserService shiroUserService) {
            this.shiroUserService = shiroUserService;
        }
    
        /**
         * 授权方法
         * @param principalCollection
         * @return
         */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            return null;
        }
    
        /**
         * 身份认证方法
         * @param authenticationToken
         * @return
         * @throws AuthenticationException
         */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
          String uname=authenticationToken.getPrincipal().toString();
            String pwd=authenticationToken.getCredentials().toString();
            ShiroUser shiroUser = shiroUserService.queryByName(uname);
    
            AuthenticationInfo info=new SimpleAuthenticationInfo(
                    shiroUser.getUsername(),
                    shiroUser.getPassword(),
                    ByteSource.Util.bytes(shiroUser.getSalt()),
                    this.getName()
            );
            return info;
        }
    }

    ShiroUserController

    package com.zhuling.controller;
    import com.zhuling.model.ShiroUser;
    import com.zhuling.service.ShiroUserService;
    import com.zhuling.util.PasswordHelper;
    import jdk.nashorn.internal.ir.ReturnNode;
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.subject.Subject;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.IOException;
    
    
    @Controller
    public class ShiroUserController {
    
        @RequestMapping("/login")
        public String login(HttpServletRequest req, HttpServletResponse resp){
            Subject subject = SecurityUtils.getSubject();
            String username = req.getParameter("username");
            String password = req.getParameter("password");
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
            try {
                subject.login(usernamePasswordToken);
                req.getSession().setAttribute("username",username);
                return "main";
            } catch (Exception e) {
            req.setAttribute("message","用户名密码错误");
            return "login";
            }
        }
    
        @RequestMapping("/logout")
        public String logout(HttpServletRequest req, HttpServletResponse resp) {
            Subject subject = SecurityUtils.getSubject();
            subject.logout();
            return "redirect:/login.jsp";
        }
    
        @RequestMapping("/register")
        public String register(HttpServletRequest req, HttpServletResponse resp){
            String uname = req.getParameter("username");
            String pwd = req.getParameter("password");
            String salt = PasswordHelper.createSalt();
            String credentials = PasswordHelper.createCredentials(pwd, salt);
    
            ShiroUser shiroUser=new ShiroUser();
            shiroUser.setUsername(uname);
            shiroUser.setPassword(credentials);
            shiroUser.setSalt(salt);
            int insert = shiroUserService.insert(shiroUser);
            if(insert>0){
                req.setAttribute("message","注册成功");
                return "login";
            }
            else{
                req.setAttribute("message","注册失败");
                return "register";
            }
        }
    
    
    }

    盐加密

    盐加密工具类,在做新增用户的时候使用,将加密后的密码、及加密时候的盐放入数据库;

    本篇博客中的表数据是现成的,暂时用不上这个工具类去生成数据;

     

    PasswordHelper

    package com.zhuling.util;
    import org.apache.shiro.crypto.RandomNumberGenerator;
    import org.apache.shiro.crypto.SecureRandomNumberGenerator;
    import org.apache.shiro.crypto.hash.SimpleHash;
    
    public class PasswordHelper {
    
        /**
         * 随机数生成器
         */
        private static RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
    
        /**
         * 指定hash算法为MD5
         */
        private static final String hashAlgorithmName = "md5";
    
        /**
         * 指定散列次数为1024次,即加密1024次
         */
        private static final int hashIterations = 1024;
    
        /**
         * true指定Hash散列值使用Hex加密存. false表明hash散列值用用Base64-encoded存储
         */
        private static final boolean storedCredentialsHexEncoded = true;
    
        /**
         * 获得加密用的盐
         *
         * @return
         */
        public static String createSalt() {
            return randomNumberGenerator.nextBytes().toHex();
        }
    
        /**
         * 获得加密后的凭证
         *
         * @param credentials 凭证(即密码)
         * @param salt        盐
         * @return
         */
        public static String createCredentials(String credentials, String salt) {
            SimpleHash simpleHash = new SimpleHash(hashAlgorithmName, credentials,
                    salt, hashIterations);
            return storedCredentialsHexEncoded ? simpleHash.toHex() : simpleHash.toBase64();
        }
    
    
        /**
         * 进行密码验证
         *
         * @param credentials        未加密的密码
         * @param salt               盐
         * @param encryptCredentials 加密后的密码
         * @return
         */
        public static boolean checkCredentials(String credentials, String salt, String encryptCredentials) {
            return encryptCredentials.equals(createCredentials(credentials, salt));
        }
    
        public static void main(String[] args) {
            //
            String salt = createSalt();
            System.out.println(salt);
            System.out.println(salt.length());
            //凭证+盐加密后得到的密码
            String credentials = createCredentials("123", salt);
            System.out.println(credentials);
            System.out.println(credentials.length());
            boolean b = checkCredentials("123", salt, credentials);
            System.out.println(b);
        }
    }

     login.jsp    

    <%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <html>
    <head>
        <title>Title</title>
    </head>
    <body>
        <h1>用户登陆</h1>
        <div style="color: red">${message}</div>
        <form action="${pageContext.request.contextPath}/login" method="post">
            帐号:<input type="text" name="username"><br>
            密码:<input type="password" name="password"><br>
            <input type="submit" value="确定">
            <input type="reset" value="重置">
        </form>
    </body>
    </html>

    register.jsp

    <%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <html>
    <head>
        <title>Title</title>
    </head>
    <body>
    <h1>用户注册</h1>
    <div style="color: red">${message}</div>
    <form action="${pageContext.request.contextPath}/register" method="post">
        帐号:<input type="text" name="username"><br>
        密码:<input type="password" name="password"><br>
        <input type="submit" value="注册">
        <input type="button" οnclick="location.href='${pageContext.request.contextPath}/login.jsp'" value="返回">
    </form>
    </body>
    </html>

    main.jsp

    <%@ page contentType="text/html;charset=UTF-8" language="java" %>
    <%@taglib prefix="r" uri="http://shiro.apache.org/tags" %>
    <html>
    <head>
        <title>Title</title>
    </head>
    <body>
    <h1>主界面<%=System.currentTimeMillis()%>,欢迎您:[${sessionScope.username}]</h1>
    <ul>
        系统功能列表
        <li>
            <a href="admin/addUser.jsp">用户新增</a>
        </li>
        <li>
            <a href="admin/listUser.jsp">用户查询</a>
        </li>
        <li>
            <a href="admin/resetPwd.jsp">重置用户密码</a>
        </li>
        <li>
            <a href="admin/updateUser.jsp">用户修改</a>
        </li>
        <li>
            <a href="user/updatePwd.jsp">个人密码修改</a>
        </li>
        <li>
            <a href="user/teacher.jsp">老师简介</a>
        </li>
        <li>
            <a href="${pageContext.request.contextPath}/logout">退出系统</a>
        </li>
    </ul>
    <ul>
        shiro标签
        <li>
            <r:hasPermission name="user:create">
                <a href="admin/addUser.jsp">用户新增</a>
            </r:hasPermission>
        </li>
        <li>
            <a href="admin/listUser.jsp">用户查询</a>
        </li>
        <li>
            <a href="admin/resetPwd.jsp">重置用户密码</a>
        </li>
        <li>
            <r:hasPermission name="user:update">
                <a href="admin/updateUser.jsp">用户修改</a>
            </r:hasPermission>
        </li>
        <li>
            <a href="user/updatePwd.jsp">个人密码修改</a>
        </li>
        <li>
            <a href="${pageContext.request.contextPath}/logout">退出系统</a>
        </li>
    </ul>
    </body>
    </html>

     

     

  • 相关阅读:
    PHP 数据库 ODBC
    PHP MySQL Delete
    PHP MySQL Update
    PHP MySQL Order By 关键词
    PHP MySQL Where 子句
    01_今日介绍
    00_前情回顾
    02_cfork分叉进程
    01_c++下jni开发说明
    17_activity任务栈和启动模式
  • 原文地址:https://www.cnblogs.com/BAYOUA/p/11788921.html
Copyright © 2020-2023  润新知