`
itoracja
  • 浏览: 136549 次
  • 性别: Icon_minigender_1
  • 来自: 广州
社区版块
存档分类
最新评论

Shiro权限框架

Shiro权限框架java工作
阅读更多


Shiro权限框架

Shiro权限框架开发系统中,少不了权限,目前java里的权限框架有SpringSecurity和Shiro(以前叫做jsecurity),对于SpringSecurity:功能太过强大以至于功能比较分散,使用起来也比较复杂,跟Spring结合的比较好。对于初学Spring Security者来说,曲线还是较大,需要深入学习其源码和框架,配置起来也需要费比较大的力气,扩展性也不是特别强。对于新秀Shiro来说,好评还是比较多的,使用起来比较简单,功能也足够强大,扩展性也较好。听说连Spring的官方都不用Spring Security,用的是Shiro,足见Shiro的优秀。网上找到两篇介绍:http://www.infoq.com/cn/articles/apache-shiro http://www.ibm.com/developerworks/cn/opensource/os-cn-shiro/,官网http://shiro.apache.org/ ,使用和配置起来还是比较简单。下面只是简单介绍下我们是如何配置和使用Shiro的(暂时只用到了Shiro的一部分,没有配置shiro.ini文件)。首先是添加过滤器,在web.xml中:<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param>           <param-name>targetFilterLifecycle</param-name>           <param-value>true</param-value>    </init-param> </filter>    <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>权限的认证类:public class ShiroDbRealm extends AuthorizingRealm {    &#64;Inject    private UserService userService ;        /** * 认证回调函数,登录时调用. */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; User user= userService.getUserByUserId(token.getUsername()); if (user!= null) {     return new SimpleAuthenticationInfo(user.getUserId(), user.getUserId(), getName()); } else { return null; } } /** * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String loginName = (String) principals.fromRealm(getName()).iterator().next(); User user= userService.getUserByUserId(loginName); if (user != null) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.addStringPermission("common-user"); return info; } else { return null; } }}Spring的配置文件:<?xml version="1.0" encoding="UTF-8"?><beans > <description>Shiro Configuration</description> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"/> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="shiroDbRealm" /> </bean> <bean id="shiroDbRealm" class="com.company.service.common.shiro.ShiroDbRealm" />    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">        <property name="securityManager" ref="securityManager"/>        <property name="loginUrl" value="/common/security/login" />        <property name="successUrl" value="/common/security/welcome" />        <property name="unauthorizedUrl" value="/common/security/unauthorized"/>        <property name="filterChainDefinitions">            <value>                /resources/** = anon                /manageUsers = perms[user:manage]                /** = authc            </value>        </property>    </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />     <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">        <property name="securityManager" ref="securityManager"/>    </bean></beans>登录的Controller:&#64;Controller&#64;RequestMapping(value = "/common/security/*")public class SecurityController {    &#64;Inject    private UserService userService;    &#64;RequestMapping(value = "/login")    public String login(String loginName, String password,HttpServletResponse response, HttpServletRequest request) throws Exception {        User user = userService.getUserByLogin(loginName);            if (null != user) {                setLogin(loginInfoVO.getUserId(), loginInfoVO.getUserId());                return "redirect:/common/security/welcome";            } else {                return "redirect:/common/path?path=showLogin";            }    };    public static final void setLogin(String userId, String password) {        Subject currentUser = SecurityUtils.getSubject();        if (!currentUser.isAuthenticated()) {            //collect user principals and credentials in a gui specific manner             //such as username/password html form, X509 certificate, OpenID, etc.            //We'll use the username/password example here since it is the most common.            //(do you know what movie this is from? ;)            UsernamePasswordToken token = new UsernamePasswordToken(userId, password);            //this is all you have to do to support 'remember me' (no config - built in!):            token.setRememberMe(true);            currentUser.login(token);        }    };        &#64;RequestMapping(value="/logout")    &#64;ResponseBody    public void logout(HttpServletRequest request){        Subject subject = SecurityUtils.getSubject();        if (subject != null) {                       subject.logout();        }        request.getSession().invalidate();    };}注册和获取当前登录用户:    public static final void setCurrentUser(User user) {        Subject currentUser = SecurityUtils.getSubject();        if (null != currentUser) {            Session session = currentUser.getSession();            if (null != session) {                session.setAttribute(Constants.CURRENT_USER, user);            }        }    };    public static final User getCurrentUser() {        Subject currentUser = SecurityUtils.getSubject();        if (null != currentUser) {            Session session = currentUser.getSession();            if (null != session) {                User user = (User) session.getAttribute(Constants.CURRENT_USER);                if(null != user){                    return user;                } } }    };需要的jar包有3个:shiro-core.jar,shiro-spring.jar,shiro-web.jar。感觉shiro用起来比SpringSecurity简单很多。QQ:24889356

0
3
分享到:
| c# winform 只运行一个程序实例
评论
3 楼 amcucn 2011-12-05  
这排版看得
2 楼 WAMING5 2011-12-05  
这也太紧凑了,眼看花了
1 楼 longzhun 2011-12-05  
大虾 ,看得出你很懒啊!发个贴 这样子怎么看!!!
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics