配置拦截、过滤、验证请求
<!-- shiro -->
<!-- 項目自定义的Realm -->
<bean id="ShiroRealm" class="com.cms.shiro.ShiroRealm" ></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="ShiroRealm" />
</bean>
<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/" /> <property name="successUrl" value="/main/index" /> <property name="unauthorizedUrl" value="/toLogin" /> <property name="filterChainDefinitions">
<value>
/static/login/** = anon <!-- 不用认证 -->
/static/js/myjs/** = authc <!-- 需要认证 -->
/static/** = anon
/loginToIndex = anon
/toLogin = anon
/** = authc </value>
</property>
</bean>
ShiroRealm类代码
package com.cms.shiro; import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.realm.Realm; public class ShiroRealm implements Realm{ @Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
/*获取用户名*/
String username = arg0.getPrincipal().toString();
/*获取密码,由于密码是进行了加密的,所以必须转为char数组再转String
* 否则无法识别*/
String password =String.valueOf((char [])arg0.getCredentials());
if(null != username && null != password){
return new SimpleAuthenticationInfo(username, password, getName());
}else{
return null;
}
} @Override
public String getName() {
// TODO Auto-generated method stub
return "ShiroRealm";
}
/**
* 判断当前认证方式是不是用户名和密码
*/
@Override
public boolean supports(AuthenticationToken arg0) {
// TODO Auto-generated method stub
return arg0 instanceof UsernamePasswordToken;
} }
登录的代码
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession();
String attribute = (String)session.getAttribute("abc");
System.out.println(attribute);
try {
data.put("username", "username");
data.put("password", "password");
PageData pd = userService.getUserByUsernameAndPassword(data);
System.out.println(pd);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
} UsernamePasswordToken token = new UsernamePasswordToken("abc", "abc");
subject.login(token);