shiro与spring的整合

2018-08-27

1.在项目中加入依赖包,以maven为例

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.3.2</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-web</artifactId>
    <version>1.3.2</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.3.2</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-ehcache</artifactId>
    <version>1.3.2</version>
</dependency>

2.打开web.xml，加入相应的filter

DelegatingFilterProxy 作用是自动到 spring 容器查找名字为 shiroFilter（filter-name）的 bean 并把所有 Filter 的操作委托给它。

<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

3.spring applicationContext配置

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="cacheManager" ref="cacheManager"/>
    <property name="realm" ref="realmService"/>
</bean>


<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/>
</bean>

<!-- 
自定义的realm，主要实现用户验证的过程 
继承自org.apache.shiro.realm.AuthenticatingRealm
-->
<bean id="realmService" class="org.lianglong.service.RealmService">
    <property name="credentialsMatcher">
        <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
            <property name="hashAlgorithmName" value="SHA-256"/>
            <property name="hashIterations" value="1"/>
        </bean>
    </property>
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

//自定义realm的实现类

package org.lianglong.service;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.util.ByteSource;
import org.lianglong.model.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.annotation.Resource;

public class RealmService extends AuthenticatingRealm{
    private final Logger log = LoggerFactory.getLogger(this.getClass().getName());

    private UserService userService;

    @Resource
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException{
        UsernamePasswordToken upToken = (UsernamePasswordToken)token;
        String username = upToken.getUsername();

        User user = userService.getUserByName(username);
        log.info("登录验证 username["+username+"]");

        if( user == null ){
            throw new UnknownAccountException("用户不存在["+username+"]");
        }

        if( user.getIsLocked() > 0 ){
            throw new LockedAccountException("用户已被锁定["+username+"]");
        }
        
        /*
        * 由于我们启用了盐值加密，正常来说存到数据库里面的密码也是加密后的。
        * 但这里是为了演示如何把对密码进行加密
        */
        String enPassword = new SimpleHash("SHA-256",user.getPassword(),user.getSalt(),1).toString();


        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                user.getUsername(),
                enPassword,
                ByteSource.Util.bytes(user.getSalt()),
                getName());
        return authenticationInfo;
    }
}

发表回复取消回复