本节基于数据库对用户、角色、权限进行验证:
1、创建用户、角色、权限三张表,并在表中增加上节shiro.ini配置文件中的相应数据:
2、创建一个DBUtil.Java工具类:
package com.yang.util; import java.sql.Connection; import java.sql.DriverManager; /** * 数据库工具类 * @author * */ public class DbUtil { /** * 获取数据库连接 * @return * @throws Exception */ public Connection getCon() throws Exception{ Class.forName("com.mysql.jdbc.Driver"); Connection con=DriverManager.getConnection("jdbc:mysql://localhost:3306/db_shiro", "root", "123456"); return con; } /** * 关闭数据库连接 * @param con * @throws Exception */ public void closeCon(Connection con)throws Exception{ if(con!=null){ con.close(); } } public static void main(String[] args) { DbUtil dbUtil=new DbUtil(); try { dbUtil.getCon(); System.out.println("数据库连接成功"); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); System.out.println("数据库连接失败"); } } }
3、在pom.xml文件中引入mysql的驱动包:
<dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.37</version> </dependency>
4、创建User.java实体类:
package com.yang.entity; public class User { private Integer id; private String userName; private String password; public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
5、创建UserDao.java:
package com.yang.dao; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.util.HashSet; import java.util.Set; import com.yang.entity.User; public class UserDao { /** * 获取当前用户信息 * @param con * @param userName * @return * @throws Exception */ public User getByUserName(Connection con,String userName)throws Exception{ User resultUser = null; String sql = "select * from t_user where userName = ?"; PreparedStatement preparedStatement = con.prepareStatement(sql); preparedStatement.setString(1, userName); ResultSet resultSet = preparedStatement.executeQuery(); if(resultSet.next()){ resultUser = new User(); resultUser.setId(resultSet.getInt("id")); resultUser.setUserName(resultSet.getString("userName")); resultUser.setPassword(resultSet.getString("password")); } return resultUser; } /** * 获取当前用户的所有角色 * @param con * @param userName * @return * @throws Exception */ public Set<String> getRoles(Connection con,String userName)throws Exception{ Set<String> roles = new HashSet<String>(); String sql = "select * from t_user u,t_role r where u.roleId = r.id and userName = ?"; PreparedStatement preparedStatement = con.prepareStatement(sql); preparedStatement.setString(1, userName); ResultSet resultSet = preparedStatement.executeQuery(); while(resultSet.next()){ roles.add(resultSet.getString("roleName")); } return roles; } /** * 获取当前用户角色对应的权限 * @param con * @param userName * @return * @throws Exception */ public Set<String> getPermissions(Connection con,String userName)throws Exception{ Set<String> permissions = new HashSet<String>(); String sql = "select * from t_user u,t_role r,t_permission p where u.roleId = r.id and p.roleId = r.id and userName = ?"; PreparedStatement preparedStatement = con.prepareStatement(sql); preparedStatement.setString(1, userName); ResultSet resultSet = preparedStatement.executeQuery(); while(resultSet.next()){ permissions.add(resultSet.getString("permissionName")); } return permissions; } }
6、创建自定义realm类MyRealm.java:
package com.yang.realm; import java.sql.Connection; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.yang.dao.UserDao; import com.yang.entity.User; import com.yang.util.DbUtil; public class MyRealm extends AuthorizingRealm{ private UserDao userDao = new UserDao(); private DbUtil dbUtil = new DbUtil(); /** * 为当前登录的用户授予角色和权限 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { String userName = (String) principals.getPrimaryPrincipal(); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); Connection con = null; try { con = dbUtil.getCon(); authorizationInfo.setRoles(userDao.getRoles(con, userName)); authorizationInfo.setStringPermissions(userDao.getPermissions(con, userName)); } catch (Exception e) { e.printStackTrace(); }finally{ try { dbUtil.closeCon(con); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return authorizationInfo; } /** * 验证当前登录的用户 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = (String)token.getPrincipal(); Connection con = null; try { con = dbUtil.getCon(); User user = userDao.getByUserName(con, userName); if(user!=null){ AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(), "a"); return authenticationInfo; }else{ return null; } } catch (Exception e) { e.printStackTrace(); }finally{ try { dbUtil.closeCon(con); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } return null; } }
7、修改shiro.ini配置文件:
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp myRealm=com.yang.realm.MyRealm securityManager.realms=$myRealm [urls] /login=anon /admin*=authc /student=roles[teacher] /teacher=perms["user:create"]