shiro学习(16)：使用注解实现权限认证和后台管理二

工具idea

先看看数据库

shiro_role_permission

数据

shiro_user

shiro_user_role

数据

目录结构

在pom.xml里面添加

<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>geyaoshiro</groupId><artifactId>geyaoshiro</artifactId><version>1.0-SNAPSHOT</version><packaging>war</packaging><name>geyaoshiro Maven Webapp</name><!-- FIXME change it to the project's website --><url>http://www.example.com</url><properties><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><maven.compiler.source>1.7</maven.compiler.source><maven.compiler.target>1.7</maven.compiler.target></properties><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.11</version><scope>test</scope></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.3</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.6.1</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.6.1</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>4.3.11.RELEASE</version></dependency><dependency><groupId>com.mchange</groupId><artifactId>c3p0</artifactId><version>0.9.5.2</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.3</version></dependency><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.0.1</version><scope>provided</scope></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>4.2.8.RELEASE</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-spring</artifactId><version>1.4.0</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>4.2.8.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-context</artifactId><version>4.2.8.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-aop</artifactId><version>4.2.8.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-aop</artifactId><version>4.2.8.RELEASE</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-beans</artifactId><version>4.2.8.RELEASE</version></dependency></dependencies><build><finalName>geyaoshiro</finalName><pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --><plugins><plugin><artifactId>maven-clean-plugin</artifactId><version>3.1.0</version></plugin><!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --><plugin><artifactId>maven-resources-plugin</artifactId><version>3.0.2</version></plugin><plugin><artifactId>maven-compiler-plugin</artifactId><version>3.8.0</version></plugin><plugin><artifactId>maven-surefire-plugin</artifactId><version>2.22.1</version></plugin><plugin><artifactId>maven-war-plugin</artifactId><version>3.2.2</version></plugin><plugin><artifactId>maven-install-plugin</artifactId><version>2.5.2</version></plugin><plugin><artifactId>maven-deploy-plugin</artifactId><version>2.8.2</version></plugin></plugins></pluginManagement></build>
</project>

AuthorExceptionHandle

package com.geyao.shiro.exception;import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.servlet.ModelAndView;@ControllerAdvice
public class AuthExceptionHandler {@ExceptionHandler({UnauthorizedException.class})@ResponseStatus(HttpStatus.UNAUTHORIZED)public ModelAndView processUnauthenticatedException(NativeWebRequest request,UnauthorizedException e){return new ModelAndView("error","exception",e);}
}

controller包

LoginController

package controller;import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpServletRequest;@Controller
public class LoginController {@RequestMapping("gologin.html")public String goLogin(){Subject subject=SecurityUtils.getSubject();subject.logout();return "login";}@RequestMapping("logout.html")public String logout(){return "login";}@RequestMapping("login.html")public String login(String username, String password, HttpServletRequest request) {System.out.println("nihao");Subject subject = SecurityUtils.getSubject();UsernamePasswordToken token = new UsernamePasswordToken(username, password);try {subject.login(token);return "redirect:index.html";}catch (AuthenticationException e){e.printStackTrace();request.setAttribute("error","用户名或者密码错误");return "login";}}
}

PageController

package controller;import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;@Controller
public class PageController {@RequestMapping("index")public String index(){return "index";}@RequestMapping("error.html")public String error(){return "error";}}

MenuController

package controller;import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;@Controller
@RequestMapping("/menu")
public class MenuController {@RequestMapping("list.html")public String list(){return "menu_list";}@RequestMapping("go_edit.html")@RequiresPermissions("menu:edit")public String goEdit(){return "menu_edit";}
}

log4j.properties

### \u914D\u7F6E\u6839 ###
log4j.rootLogger = error,console ,fileAppender,dailyRollingFile,ROLLING_FILE,MAIL,DATABASE### \u8BBE\u7F6E\u8F93\u51FAsql\u7684\u7EA7\u522B\uFF0C\u5176\u4E2Dlogger\u540E\u9762\u7684\u5185\u5BB9\u5168\u90E8\u4E3Ajar\u5305\u4E2D\u6240\u5305\u542B\u7684\u5305\u540D ###
log4j.logger.org.apache=error
log4j.logger.java.sql.Connection=error
log4j.logger.java.sql.Statement=error
log4j.logger.java.sql.PreparedStatement=error
log4j.logger.java.sql.ResultSet=error### \u914D\u7F6E\u8F93\u51FA\u5230\u63A7\u5236\u53F0 ###
log4j.appender.console = org.apache.log4j.ConsoleAppender
log4j.appender.console.Target = System.out
log4j.appender.console.layout = org.apache.log4j.PatternLayout
log4j.appender.console.layout.ConversionPattern =  %d{ABSOLUTE} %5p %c{1}:%L - %m%n

shiro-web.ini

[users]
root = secret,admin
guest = guest,guest
test = 123456,guest,test[roles]
admin = *
guest=user:list
test=menu:list,menu:add

spring-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xmlns:classpath="http://www.springframework.org/schema/c"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/contexthttp://www.springframework.org/schema/context/spring-context-4.1.xsdhttp://www.springframework.org/schema/mvchttp://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd"><context:component-scan base-package="com.geyao.shiro"><context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"></context:exclude-filter></context:component-scan><bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm"><constructor-arg name="resourcePath" value="classpath:shiro-web.ini"/></bean><bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"><property name="securityManager" ref="securityManager"></property></bean><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="realm" ref="iniRealm"></property></bean><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><property name="securityManager" ref="securityManager"></property><property name="loginUrl" value="/gologin.html"></property><property name="successUrl" value="/index.html"></property><property name="unauthorizedUrl" value="/error.html"></property><property name="filterChainDefinitions"><value>[urls]/login.html=anon/gologin.html=anon/index.html=authc/role.html=authc,roles[admin]/menu/**=authc</value></property></bean>
</beans>

error.jsp

<%--Created by IntelliJ IDEA.User: geyaoDate: 2019/11/30Time: 14:05To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
权限不足
</body>
</html>

index.jsp

<%--Created by IntelliJ IDEA.User: geyaoDate: 2019/11/30Time: 13:53To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
首页
</body>
</html>

<%--Created by IntelliJ IDEA.User: geyaoDate: 2019/11/30Time: 13:46To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
<form action="/login.html" method="post">用户名:<input type="text" name="username"/><br/>密码:<input type="password" name="password"/><br/><input type="submit" value="登录"/>${error}
</form>
</body>
</html>

menu_list

<%--Created by IntelliJ IDEA.User: geyaoDate: 2019/11/30Time: 20:09To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
菜单页
</body>
</html>

menu_edit

<%--Created by IntelliJ IDEA.User: geyaoDate: 2019/11/30Time: 21:33To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
编辑
</body>
</html>

springMVC-servlet

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsdhttp://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd"><mvc:annotation-driven /><!-- 定义要扫描 controller的包--><context:component-scan base-package="controller"></context:component-scan><!-- 配置视图解析器 如何把handler 方法返回值解析为实际的物理视图 --><!--指定视图解析器--><bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"><!-- 视图的路径 --><property name="prefix" value="/WEB-INF/"/><!-- 视图名称后缀  --><property name="suffix" value=".jsp"/></bean><bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"></bean><bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"depends-on="lifecycleBeanPostProcessor"></bean>
</beans>

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/javaeehttp://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:spring-config.xml</param-value></context-param><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><servlet><servlet-name>springMVC</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class></servlet>
<servlet-mapping><servlet-name>springMVC</servlet-name><url-pattern>*.html</url-pattern>
</servlet-mapping><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>*.html</url-pattern></filter-mapping>
</web-app>

运行结果