自定义realm
package com.baizhi.realm;
import com.baizhi.dao.ResourceDao;
import com.baizhi.dao.RoleDao;
import com.baizhi.entity.Admin;
import com.baizhi.service.AdminService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
public class MyRealm extends AuthorizingRealm {
@Autowired
private AdminService adminService;
@Autowired
private ResourceDao resourceDao;
@Autowired
private RoleDao roleDao;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String username = principalCollection.getPrimaryPrincipal().toString();
System.out.println(username+"@@@@@@@@@@@@@");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roleDao.selectroleByusername(username));
info.addStringPermissions(resourceDao.selectresourceByusername(username));
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
String username = authenticationToken.getPrincipal().toString();
Admin admin = adminService.selectByusername(username);
System.out.println(admin+"@@@@@@@@@@@@@@@@@@@");
if(admin==null){
return null;
}
if(username.equals(admin.getUsername())){
return new SimpleAuthenticationInfo(admin.getUsername(),admin.getPassword(),
ByteSource.Util.bytes(admin.getPasswordsalt()),this.getName());
}
return null;
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:cache="http://www.springframework.org/schema/cache" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/cache
http://www.springframework.org/schema/cache/spring-cache-4.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">
<!-- 开启注解管理service -->
<context:component-scan base-package="com.baizhi.service"></context:component-scan>
<!-- 引入properties配置文件 -->
<context:property-placeholder location="classpath:/druid.properties" />
<!-- ===========================1. 创建连接池 =========================== -->
<bean id='ds' class="com.alibaba.druid.pool.DruidDataSource">
<property name="driverClassName" value="${druid.driverClassName}"></property>
<property name="url" value="${druid.url}"></property>
<property name="username" value="${druid.username}"></property>
<property name="password" value="${druid.password}"></property>
<property name="initialSize" value="${druid.initialSize}"></property>
<property name="maxActive" value="${druid.maxActive}"></property>
<property name="minIdle" value="${druid.minIdle}"></property>
<property name="maxWait" value="${druid.maxWait}"></property>
</bean>
<!-- ===========================1. 创建连接池 =========================== -->
shiroFilterFactory
<!--shiro的目标filter-->
<bean id="shiroFilterFactory" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!--注入安全管理器-->
<property name="securityManager" ref="securityManager"/>
<!--更改默认的登录页面-->
<property name="loginUrl" value="/jsp/login.jsp"/>
<!--配置shiro过滤链 -->
<property name="filterChainDefinitions">
<value>
<!--
authc:认证过滤器的缩写
anon: 匿名过滤器的缩写
logout: 登出过滤器的缩写
过滤器配置顺序:自上而下
-->
/static/** = anon
/js/** = anon
/admin/** = anon
/admin/login.do = anon
/admin/logout.do = logout
/jsp/index.jsp=anon
/css/* = anon
/** = authc
</value>
</property>
</bean>
<!--声明安全管理器-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--将realm注入安全管理器-->
<property name="realm" ref="myRealm"/>
</bean>
<!--引入自定义realm-->
<bean id="myRealm" class="com.baizhi.realm.MyRealm">
<property name="credentialsMatcher" ref="credentialsMatcher"/>
</bean>
<!--替换凭证匹配器 SimpleCredentialsMatcher-->
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<!--指定加密策略-->
<property name="hashAlgorithmName" value="md5"/>
<!--指定加密次数-->
<property name="hashIterations" value="1024"/>
</bean>
<!-- ===========================3. 管理mybatis =========================== -->
<!-- SqlSEssionfacotry -->
<bean id="sf" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="ds"></property>
<!-- mapper文件中使用实体类的全类名是,只需要写类名 -->
<property name="typeAliasesPackage" value="com.baizhi.entity"></property>
<property name="mapperLocations" value="classpath:/com/baizhi/dao/*Mapper.xml"></property>
<!-- 缓存配置 setting -->
<!-- <property name="configurationProperties"> <props> <prop key="setting的name">setting的值</prop>
</props> </property> -->
</bean>
<!-- 生成DAO MapperScannerConfigurer -->
<bean id='daoGenerator' class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="sqlSessionFactoryBeanName" value="sf"></property>
<property name="basePackage" value="com.baizhi.dao"></property>
</bean>
<!-- ===========================3. 管理mybatis =========================== -->
<!--引入切面 日志信息管理-->
<bean id="myAop" class="com.baizhi.util.MyAop"/>
<!-- =============================================2. 事务配置 =================================================== -->
<bean id="txManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="ds"></property>
</bean>
<!-- 事务增强 id: txAdvice 控制事务使用的方法的对象: JDBC:DataSourceTransactionManager -->
<tx:advice id="txAdvice" transaction-manager="txManager">
<!-- 对service的不同方法指定特定的事务控制方式 -->
<tx:attributes>
<!-- service的lgoin方法对数据库的操作,数据库不会分配回滚段,减轻数据库压力,提供数据库效率 -->
<tx:method name="login" read-only="true" propagation="SUPPORTS" />
<tx:method name="select*" read-only="true" isolation="READ_COMMITTED" propagation="SUPPORTS" />
<tx:method name="*" propagation="REQUIRED" />
</tx:attributes>
</tx:advice>
<!-- aop配置加入事务增强 -->
<aop:config proxy-target-class="true">
<!--定义切入点 切包 -->
<!-- <aop:pointcut id="myPonit" expression="execution(* com.baizhi.service.*.*(..))"/>-->
<!-- 切注解 日志信息的切入点-->
<aop:pointcut id="myPonit" expression="@annotation(com.baizhi.util.ServiceLog)"/>
<!-- 切入点 -->
<aop:pointcut expression="execution(* com.baizhi.service.impl.*.*(..))"
id="pc" />
<!-- 组装日志信息+切入点 -->
<aop:advisor advice-ref="myAop" pointcut-ref="myPonit" />
<!-- 组装增强+切入点 -->
<aop:advisor advice-ref="txAdvice" pointcut-ref="pc" />
</aop:config>
<!-- =============================================2. 事务配置 =================================================== -->
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.0.xsd ">
<!-- 注解管理controller -->
<context:component-scan base-package="com.baizhi.controller"></context:component-scan>
<!-- 注解开发mvc -->
<!-- <mvc:annotation-driven>
<mvc:message-converters>
<bean class="com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter"></bean>
</mvc:message-converters>
</mvc:annotation-driven> -->
<mvc:annotation-driven>
<mvc:message-converters>
<bean class="com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<value>application/json</value>
</list>
</property>
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<!-- 配置文件上传的文件解析器 -->
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!--设置文件上传的大小-->
<property name="maxUploadSize" value="1024000000"></property>
</bean>
</beans>