配置拦截、过滤、验证请求
<!-- shiro --> <!-- 項目自定义的Realm --> <bean id="ShiroRealm" class="com.cms.shiro.ShiroRealm" ></bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="ShiroRealm" /> </bean> <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/" /> <property name="successUrl" value="/main/index" /> <property name="unauthorizedUrl" value="/toLogin" /> <property name="filterChainDefinitions"> <value> /static/login/** = anon <!-- 不用认证 --> /static/js/myjs/** = authc <!-- 需要认证 --> /static/** = anon /loginToIndex = anon /toLogin = anon /** = authc </value> </property> </bean>
ShiroRealm类代码
package com.cms.shiro; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.realm.Realm; public class ShiroRealm implements Realm{ @Override public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException { /*获取用户名*/ String username = arg0.getPrincipal().toString(); /*获取密码,由于密码是进行了加密的,所以必须转为char数组再转String * 否则无法识别*/ String password =String.valueOf((char [])arg0.getCredentials()); if(null != username && null != password){ return new SimpleAuthenticationInfo(username, password, getName()); }else{ return null; } } @Override public String getName() { // TODO Auto-generated method stub return "ShiroRealm"; } /** * 判断当前认证方式是不是用户名和密码 */ @Override public boolean supports(AuthenticationToken arg0) { // TODO Auto-generated method stub return arg0 instanceof UsernamePasswordToken; } }
登录的代码
Subject subject = SecurityUtils.getSubject(); Session session = subject.getSession(); String attribute = (String)session.getAttribute("abc"); System.out.println(attribute); try { data.put("username", "username"); data.put("password", "password"); PageData pd = userService.getUserByUsernameAndPassword(data); System.out.println(pd); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } UsernamePasswordToken token = new UsernamePasswordToken("abc", "abc"); subject.login(token);