SpringMVC+Shiro權限管理
?
?什么是權限呢?舉個簡單的例子:
我有一個論壇,注冊的用戶分為normal用戶,manager用戶。
對論壇的帖子的操作有這些:
添加,刪除,更新,查看,回復
我們規定:
normal用戶只能:添加,查看,回復
manager用戶可以:刪除,更新
normal,manager對應的是角色(role)
添加,刪除,更新等對應的是權限(permission)
我們采用下面的邏輯創建權限表結構(不是絕對的,根據需要修改)
一個用戶可以有多種角色(normal,manager,admin等等)
一個角色可以有多個用戶(user1,user2,user3等等)
一個角色可以有多個權限(save,update,delete,query等等)
一個權限只屬于一個角色(delete只屬于manager角色)
?
?我們創建四張表:
t_user用戶表:設置了3個用戶
-------------------------------
id + username???+ password
---+----------------+----------
1??+???tom ? ? ? ? ? +??000000
2??+???jack ? ? ? ? ? +??000000
3??+???rose ? ? ? ? ?+??000000
---------------------------------
t_role角色表:設置3個角色
--------------
id + rolename?
---+----------
1??+ admin
2??+ manager
3??+ normal
--------------
t_user_role用戶角色表:tom是admin和normal角色,jack是manager和normal角色,rose是normal角色
---------------------
user_id??+??role_id
-----------+-----------
1 ? ? ? ? ? ?+ ? ? 1
1 ? ? ? ? ? ?+ ? ? 3
2 ? ? ? ? ? ?+ ? ? 2
2 ? ? ? ? ? ?+ ? ? 3
3 ? ? ? ? ? ?+ ? ? 3
---------------------
t_permission權限表:admin角色可以刪除,manager角色可以添加和更新,normal角色可以查看
-----------------------------------
id??+??permissionname??+??role_id
----+------------------------+-----------
1???+???add ? ? ? ? ? ? ? ? ? ? + ? ? 2
2???+???del ? ? ? ? ? ? ? ? ? ? ? + ? ?1
3???+???update ? ? ? ? ? ? ? ?+ ? ? 2
4???+???query ? ? ? ? ? ? ? ? ? + ? ?3
-----------------------------------
?
?建立對應的POJO:
- package?com.cn.pojo;??
- ??
- import?java.util.HashSet;??
- import?java.util.List;??
- import?java.util.Set;??
- ??
- import?javax.persistence.Entity;??
- import?javax.persistence.GeneratedValue;??
- import?javax.persistence.GenerationType;??
- import?javax.persistence.Id;??
- import?javax.persistence.JoinColumn;??
- import?javax.persistence.JoinTable;??
- import?javax.persistence.ManyToMany;??
- import?javax.persistence.Table;??
- import?javax.persistence.Transient;??
- ??
- import?org.hibernate.validator.constraints.NotEmpty;??
- ??
- @Entity??
- @Table(name="t_user")??
- public?class?User?{??
- ??
- ????private?Integer?id;??
- ????@NotEmpty(message="用戶名不能為空")??
- ????private?String?username;??
- ????@NotEmpty(message="密碼不能為空")??
- ????private?String?password;??
- ????private?List<Role>?roleList;//一個用戶具有多個角色??
- ??????
- ????@Id??
- ????@GeneratedValue(strategy=GenerationType.IDENTITY)??
- ????public?Integer?getId()?{??
- ????????return?id;??
- ????}??
- ????public?void?setId(Integer?id)?{??
- ????????this.id?=?id;??
- ????}??
- ????public?String?getUsername()?{??
- ????????return?username;??
- ????}??
- ????public?void?setUsername(String?username)?{??
- ????????this.username?=?username;??
- ????}??
- ????public?String?getPassword()?{??
- ????????return?password;??
- ????}??
- ????public?void?setPassword(String?password)?{??
- ????????this.password?=?password;??
- ????}??
- ????@ManyToMany??
- ????@JoinTable(name="t_user_role",joinColumns={@JoinColumn(name="user_id")},inverseJoinColumns={@JoinColumn(name="role_id")})??
- ????public?List<Role>?getRoleList()?{??
- ????????return?roleList;??
- ????}??
- ????public?void?setRoleList(List<Role>?roleList)?{??
- ????????this.roleList?=?roleList;??
- ????}??
- ??????
- ????@Transient??
- ????public?Set<String>?getRolesName(){??
- ????????List<Role>?roles=getRoleList();??
- ????????Set<String>?set=new?HashSet<String>();??
- ????????for?(Role?role?:?roles)?{??
- ????????????set.add(role.getRolename());??
- ????????}??
- ????????return?set;??
- ????}??
- ??????
- }??
?
- package?com.cn.pojo;??
- ??
- import?java.util.ArrayList;??
- import?java.util.List;??
- ??
- import?javax.persistence.Entity;??
- import?javax.persistence.GeneratedValue;??
- import?javax.persistence.GenerationType;??
- import?javax.persistence.Id;??
- import?javax.persistence.JoinColumn;??
- import?javax.persistence.JoinTable;??
- import?javax.persistence.ManyToMany;??
- import?javax.persistence.OneToMany;??
- import?javax.persistence.Table;??
- import?javax.persistence.Transient;??
- ??
- @Entity??
- @Table(name="t_role")??
- public?class?Role?{??
- ??
- ????private?Integer?id;??
- ????private?String?rolename;??
- ????private?List<Permission>?permissionList;//一個角色對應多個權限??
- ????private?List<User>?userList;//一個角色對應多個用戶??
- ??????
- ????@Id??
- ????@GeneratedValue(strategy=GenerationType.IDENTITY)??
- ????public?Integer?getId()?{??
- ????????return?id;??
- ????}??
- ????public?void?setId(Integer?id)?{??
- ????????this.id?=?id;??
- ????}??
- ????public?String?getRolename()?{??
- ????????return?rolename;??
- ????}??
- ????public?void?setRolename(String?rolename)?{??
- ????????this.rolename?=?rolename;??
- ????}??
- ????@OneToMany(mappedBy="role")??
- ????public?List<Permission>?getPermissionList()?{??
- ????????return?permissionList;??
- ????}??
- ????public?void?setPermissionList(List<Permission>?permissionList)?{??
- ????????this.permissionList?=?permissionList;??
- ????}??
- ????@ManyToMany??
- ????@JoinTable(name="t_user_role",joinColumns={@JoinColumn(name="role_id")},inverseJoinColumns={@JoinColumn(name="user_id")})??
- ????public?List<User>?getUserList()?{??
- ????????return?userList;??
- ????}??
- ????public?void?setUserList(List<User>?userList)?{??
- ????????this.userList?=?userList;??
- ????}??
- ??????
- ????@Transient??
- ????public?List<String>?getPermissionsName(){??
- ????????List<String>?list=new?ArrayList<String>();??
- ????????List<Permission>?perlist=getPermissionList();??
- ????????for?(Permission?per?:?perlist)?{??
- ????????????list.add(per.getPermissionname());??
- ????????}??
- ????????return?list;??
- ????}??
- }??
?
- package?com.cn.pojo;??
- ??
- import?javax.persistence.Entity;??
- import?javax.persistence.GeneratedValue;??
- import?javax.persistence.GenerationType;??
- import?javax.persistence.Id;??
- import?javax.persistence.JoinColumn;??
- import?javax.persistence.ManyToOne;??
- import?javax.persistence.Table;??
- ??
- @Entity??
- @Table(name="t_permission")??
- public?class?Permission?{??
- ??
- ????private?Integer?id;??
- ????private?String?permissionname;??
- ????private?Role?role;//一個權限對應一個角色??
- ??????
- ????@Id??
- ????@GeneratedValue(strategy=GenerationType.IDENTITY)??
- ????public?Integer?getId()?{??
- ????????return?id;??
- ????}??
- ????public?void?setId(Integer?id)?{??
- ????????this.id?=?id;??
- ????}??
- ????public?String?getPermissionname()?{??
- ????????return?permissionname;??
- ????}??
- ????public?void?setPermissionname(String?permissionname)?{??
- ????????this.permissionname?=?permissionname;??
- ????}??
- ????@ManyToOne??
- ????@JoinColumn(name="role_id")??
- ????public?Role?getRole()?{??
- ????????return?role;??
- ????}??
- ????public?void?setRole(Role?role)?{??
- ????????this.role?=?role;??
- ????}??
- ??????
- }??
?
?使用SHIRO的步驟:
1,導入jar
2,配置web.xml
3,建立dbRelm
4,在Spring中配置
pom.xml中配置如下:
- <project?xmlns="http://maven.apache.org/POM/4.0.0"?xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"??
- ??xsi:schemaLocation="http://maven.apache.org/POM/4.0.0?http://maven.apache.org/maven-v4_0_0.xsd">??
- ??<modelVersion>4.0.0</modelVersion>??
- ??<groupId>com.hyx</groupId>??
- ??<artifactId>springmvc</artifactId>??
- ??<packaging>war</packaging>??
- ??<version>0.0.1-SNAPSHOT</version>??
- ??<name>springmvc?Maven?Webapp</name>??
- ??<url>http://maven.apache.org</url>??
- ??<dependencies>??
- ????<dependency>??
- ??????<groupId>junit</groupId>??
- ??????<artifactId>junit</artifactId>??
- ??????<version>3.8.1</version>??
- ??????<scope>test</scope>??
- ????</dependency>??
- ????<!--?SpringMVC核心jar?-->??
- ????<dependency>??
- ????????<groupId>org.springframework</groupId>??
- ????????<artifactId>spring-webmvc</artifactId>??
- ????????<version>3.2.4.RELEASE</version>??
- ????</dependency>??
- ????<!--?springmvc連接數據庫需要的jar?-->??
- ????<dependency>??
- ????????<groupId>org.springframework</groupId>??
- ????????<artifactId>spring-jdbc</artifactId>??
- ????????<version>3.2.4.RELEASE</version>??
- ????</dependency>??
- ????<dependency>??
- ????????<groupId>org.springframework</groupId>??
- ????????<artifactId>spring-orm</artifactId>??
- ????????<version>3.2.4.RELEASE</version>??
- ????</dependency>??
- ????<!--?************************************?-->??
- ????<!--?Hibernate相關jar?-->??
- ????<dependency>??
- ????????<groupId>org.hibernate</groupId>??
- ????????<artifactId>hibernate-core</artifactId>??
- ????????<version>4.2.5.Final</version>??
- ????</dependency>??
- ????<dependency>??
- ????????<groupId>org.hibernate</groupId>??
- ????????<artifactId>hibernate-ehcache</artifactId>??
- ????????<version>4.2.5.Final</version>??
- ????</dependency>??
- ????<dependency>??
- ????????<groupId>net.sf.ehcache</groupId>??
- ????????<artifactId>ehcache</artifactId>??
- ????????<version>2.7.2</version>??
- ????</dependency>??
- ????<dependency>??
- ????????<groupId>commons-dbcp</groupId>??
- ????????<artifactId>commons-dbcp</artifactId>??
- ????????<version>1.4</version>??
- ????</dependency>??
- ????<dependency>??
- ????????<groupId>mysql</groupId>??
- ????????<artifactId>mysql-connector-java</artifactId>??
- ????????<version>5.1.26</version>??
- ????</dependency>??
- ????<!--?javax提供的annotation?-->??
- ????<dependency>??
- ????????<groupId>javax.inject</groupId>??
- ????????<artifactId>javax.inject</artifactId>??
- ????????<version>1</version>??
- ????</dependency>??????????
- ????<!--?****************************?-->??
- ??????
- ????<!--?hibernate驗證?-->??
- ????<dependency>??
- ????????<groupId>org.hibernate</groupId>??
- ????????<artifactId>hibernate-validator</artifactId>??
- ????????<version>5.0.1.Final</version>??
- ????</dependency>??
- ????<!--?用于對@ResponseBody注解的支持?-->??
- ????<dependency>??
- ????????<groupId>org.codehaus.jackson</groupId>??
- ????????<artifactId>jackson-mapper-asl</artifactId>??
- ????????<version>1.9.13</version>??
- ????</dependency>??????????
- ????<!--?提供對c標簽的支持?-->??
- ????<dependency>??
- ????????<groupId>javax.servlet</groupId>??
- ????????<artifactId>jstl</artifactId>??
- ????????<version>1.2</version>??
- ????</dependency>??
- ????<!--?servlet?api?-->??
- ????<dependency>??
- ??????<groupId>javax.servlet</groupId>??
- ??????<artifactId>servlet-api</artifactId>??
- ??????<version>2.5</version>??
- ????</dependency>??
- ??????
- ????<!--Apache?Shiro所需的jar包-->????
- ????<dependency>????
- ??????<groupId>org.apache.shiro</groupId>????
- ??????<artifactId>shiro-core</artifactId>????
- ??????<version>1.2.2</version>????
- ????</dependency>????
- ????<dependency>????
- ??????<groupId>org.apache.shiro</groupId>????
- ??????<artifactId>shiro-web</artifactId>????
- ??????<version>1.2.2</version>????
- ????</dependency>????
- ????<dependency>????
- ??????<groupId>org.apache.shiro</groupId>????
- ??????<artifactId>shiro-spring</artifactId>????
- ??????<version>1.2.2</version>????
- ????</dependency>???
- ??</dependencies>??
- ????
- ??<build>??
- ????<finalName>springmvc</finalName>??
- ????<!--?maven的jetty服務器插件?-->??
- ????<plugins>??
- ????????<plugin>??
- ??????????<groupId>org.mortbay.jetty</groupId>??
- ??????????<artifactId>jetty-maven-plugin</artifactId>??
- ??????????<configuration>??
- ????????????<scanIntervalSeconds>10</scanIntervalSeconds>??
- ????????????<webApp>??
- ??????????????<contextPath>/</contextPath>??
- ????????????</webApp>??
- ????????????<!--?修改jetty的默認端口?-->??
- ????????????<connectors>??
- ???????????????<connector?implementation="org.eclipse.jetty.server.nio.SelectChannelConnector">??
- ??????????????????<port>80</port>??
- ??????????????????<maxIdleTime>60000</maxIdleTime>??
- ???????????????</connector>??
- ????????????</connectors>??
- ??????????</configuration>??
- ????????</plugin>??
- ????</plugins>??
- ??</build>??
- </project>??
?
?web.xml中的配置:
- <?xml?version="1.0"?encoding="UTF-8"??>??
- <web-app?version="2.5"???
- ????xmlns="http://java.sun.com/xml/ns/javaee"???
- ????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"???
- ????xsi:schemaLocation="http://java.sun.com/xml/ns/javaee???
- ????http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">??
- ??<display-name>Archetype?Created?Web?Application</display-name>??
- ????
- ??<!--?spring-orm-hibernate4的OpenSessionInViewFilter?-->??
- ??<filter>??
- ????<filter-name>opensessioninview</filter-name>??
- ????<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>??
- ??</filter>??
- ??<filter-mapping>??
- ????<filter-name>opensessioninview</filter-name>??
- ????<url-pattern>/*</url-pattern>??
- ??</filter-mapping>??
- ????
- ??<!--?配置springmvc?servlet?-->??
- ??<servlet>??
- ????<servlet-name>springmvc</servlet-name>??
- ????<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>??
- ????<load-on-startup>1</load-on-startup>??
- ??</servlet>??
- ??<servlet-mapping>??
- ????<servlet-name>springmvc</servlet-name>??
- ????<!--?/?表示所有的請求都要經過此serlvet?-->??
- ????<url-pattern>/</url-pattern>??
- ??</servlet-mapping>??
- ????
- ??<!--?spring的監聽器?-->??
- ??<context-param>??
- ????<param-name>contextConfigLocation</param-name>??
- ????<param-value>classpath:applicationContext*.xml</param-value>??
- ??</context-param>??
- ??<listener>??
- ????<listener-class>??
- ????????org.springframework.web.context.ContextLoaderListener??
- ????</listener-class>??
- ??</listener>??
- ????
- ??<!--?Shiro配置?-->????
- ??<filter>????
- ????<filter-name>shiroFilter</filter-name>????
- ????<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>????
- ??</filter>????
- ??<filter-mapping>????
- ????<filter-name>shiroFilter</filter-name>????
- ????<url-pattern>/*</url-pattern>????
- ??</filter-mapping>??
- ????
- </web-app>??
?
?
- package?com.cn.service;??
- ??
- import?java.util.List;??
- ??
- import?javax.inject.Inject;??
- ??
- import?org.apache.shiro.authc.AuthenticationException;??
- import?org.apache.shiro.authc.AuthenticationInfo;??
- import?org.apache.shiro.authc.AuthenticationToken;??
- import?org.apache.shiro.authc.SimpleAuthenticationInfo;??
- import?org.apache.shiro.authc.UsernamePasswordToken;??
- import?org.apache.shiro.authz.AuthorizationInfo;??
- import?org.apache.shiro.authz.SimpleAuthorizationInfo;??
- import?org.apache.shiro.realm.AuthorizingRealm;??
- import?org.apache.shiro.subject.PrincipalCollection;??
- import?org.springframework.stereotype.Service;??
- import?org.springframework.transaction.annotation.Transactional;??
- ??
- import?com.cn.pojo.Role;??
- import?com.cn.pojo.User;??
- ??
- @Service??
- @Transactional??
- public?class?MyShiro?extends?AuthorizingRealm{??
- ??
- ????@Inject??
- ????private?UserService?userService;??
- ????/**?
- ?????*?權限認證?
- ?????*/??
- ????@Override??
- ????protected?AuthorizationInfo?doGetAuthorizationInfo(PrincipalCollection?principalCollection)?{??
- ????????//獲取登錄時輸入的用戶名??
- ????????String?loginName=(String)?principalCollection.fromRealm(getName()).iterator().next();??
- ????????//到數據庫查是否有此對象??
- ????????User?user=userService.findByName(loginName);??
- ????????if(user!=null){??
- ????????????//權限信息對象info,用來存放查出的用戶的所有的角色(role)及權限(permission)??
- ????????????SimpleAuthorizationInfo?info=new?SimpleAuthorizationInfo();??
- ????????????//用戶的角色集合??
- ????????????info.setRoles(user.getRolesName());??
- ????????????//用戶的角色對應的所有權限,如果只使用角色定義訪問權限,下面的四行可以不要??
- ????????????List<Role>?roleList=user.getRoleList();??
- ????????????for?(Role?role?:?roleList)?{??
- ????????????????info.addStringPermissions(role.getPermissionsName());??
- ????????????}??
- ????????????return?info;??
- ????????}??
- ????????return?null;??
- ????}??
- ??
- ????/**?
- ?????*?登錄認證;?
- ?????*/??
- ????@Override??
- ????protected?AuthenticationInfo?doGetAuthenticationInfo(??
- ????????????AuthenticationToken?authenticationToken)?throws?AuthenticationException?{??
- ????????//UsernamePasswordToken對象用來存放提交的登錄信息??
- ????????UsernamePasswordToken?token=(UsernamePasswordToken)?authenticationToken;??
- ????????//查出是否有此用戶??
- ????????User?user=userService.findByName(token.getUsername());??
- ????????if(user!=null){??
- ????????????//若存在,將此用戶存放到登錄認證info中??
- ????????????return?new?SimpleAuthenticationInfo(user.getUsername(),?user.getPassword(),?getName());??
- ????????}??
- ????????return?null;??
- ????}??
- ??
- }??
?
?在spring的配置文件中配置,為了區別spring原配置和shiro我們將shiro的配置獨立出來。
applicationContext-shiro.xml
- <?xml?version="1.0"?encoding="UTF-8"??>??
- <beans?xmlns="http://www.springframework.org/schema/beans"??
- ???????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"??
- ???????xmlns:aop="http://www.springframework.org/schema/aop"??
- ???????xmlns:tx="http://www.springframework.org/schema/tx"??
- ???????xmlns:context="http://www.springframework.org/schema/context"??
- ???????xsi:schemaLocation="??
- http://www.springframework.org/schema/beans?http://www.springframework.org/schema/beans/spring-beans.xsd??
- http://www.springframework.org/schema/tx?http://www.springframework.org/schema/tx/spring-tx.xsd??
- http://www.springframework.org/schema/aop?http://www.springframework.org/schema/aop/spring-aop.xsd??
- http://www.springframework.org/schema/context?http://www.springframework.org/schema/context/spring-context.xsd">??
- ??
- ????<!--?配置權限管理器?-->??
- ????<bean?id="securityManager"?class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">????
- ????????<!--?ref對應我們寫的realm??MyShiro?-->??
- ????????<property?name="realm"?ref="myShiro"/>????
- ????????<!--?使用下面配置的緩存管理器?-->??
- ????????<property?name="cacheManager"?ref="cacheManager"/>????
- ????</bean>??
- ??????
- ????<!--?配置shiro的過濾器工廠類,id-?shiroFilter要和我們在web.xml中配置的過濾器一致?-->??
- ????<bean?id="shiroFilter"?class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">???
- ????????<!--?調用我們配置的權限管理器?-->???
- ????????<property?name="securityManager"?ref="securityManager"/>???
- ????????<!--?配置我們的登錄請求地址?-->???
- ????????<property?name="loginUrl"?value="/login"/>????
- ????????<!--?配置我們在登錄頁登錄成功后的跳轉地址,如果你訪問的是非/login地址,則跳到您訪問的地址?-->??
- ????????<property?name="successUrl"?value="/user"/>????
- ????????<!--?如果您請求的資源不再您的權限范圍,則跳轉到/403請求地址?-->??
- ????????<property?name="unauthorizedUrl"?value="/403"/>????
- ????????<!--?權限配置?-->??
- ????????<property?name="filterChainDefinitions">????
- ????????????<value>????
- ????????????????<!--?anon表示此地址不需要任何權限即可訪問?-->??
- ????????????????/static/**=anon??
- ????????????????<!--?perms[user:query]表示訪問此連接需要權限為user:query的用戶?-->??
- ????????????????/user=perms[user:query]??
- ????????????????<!--?roles[manager]表示訪問此連接需要用戶的角色為manager?-->??
- ????????????????/user/add=roles[manager]??
- ????????????????/user/del/**=roles[admin]??
- ????????????????/user/edit/**=roles[manager]??
- ????????????????<!--所有的請求(除去配置的靜態資源請求或請求地址為anon的請求)都要通過登錄驗證,如果未登錄則跳到/login-->????
- ????????????????/**?=?authc??
- ????????????</value>????
- ????????</property>????
- ????</bean>??
- ??????
- ??????
- ????<bean?id="cacheManager"?class="org.apache.shiro.cache.MemoryConstrainedCacheManager"?/>????
- ????<bean?id="lifecycleBeanPostProcessor"?class="org.apache.shiro.spring.LifecycleBeanPostProcessor"?/>???
- ??????
- </beans>??
?
?用于登錄,登出,權限跳轉的控制:
- package?com.cn.controller;??
- ??
- import?javax.validation.Valid;??
- ??
- import?org.apache.shiro.SecurityUtils;??
- import?org.apache.shiro.authc.AuthenticationException;??
- import?org.apache.shiro.authc.UsernamePasswordToken;??
- import?org.springframework.stereotype.Controller;??
- import?org.springframework.ui.Model;??
- import?org.springframework.validation.BindingResult;??
- import?org.springframework.web.bind.annotation.RequestMapping;??
- import?org.springframework.web.bind.annotation.RequestMethod;??
- import?org.springframework.web.servlet.mvc.support.RedirectAttributes;??
- ??
- import?com.cn.pojo.User;??
- ??
- @Controller??
- public?class?HomeController?{??
- ??
- ????@RequestMapping(value="/login",method=RequestMethod.GET)??
- ????public?String?loginForm(Model?model){??
- ????????model.addAttribute("user",?new?User());??
- ????????return?"/login";??
- ????}??
- ??????
- ????@RequestMapping(value="/login",method=RequestMethod.POST)??
- ????public?String?login(@Valid?User?user,BindingResult?bindingResult,RedirectAttributes?redirectAttributes){??
- ????????try?{??
- ????????????if(bindingResult.hasErrors()){??
- ????????????????return?"/login";??
- ????????????}??
- ????????????//使用權限工具進行用戶登錄,登錄成功后跳到shiro配置的successUrl中,與下面的return沒什么關系!??
- ????????????SecurityUtils.getSubject().login(new?UsernamePasswordToken(user.getUsername(),?user.getPassword()));??
- ????????????return?"redirect:/user";??
- ????????}?catch?(AuthenticationException?e)?{??
- ????????????redirectAttributes.addFlashAttribute("message","用戶名或密碼錯誤");??
- ????????????return?"redirect:/login";??
- ????????}??
- ????}??
- ??????
- ????@RequestMapping(value="/logout",method=RequestMethod.GET)????
- ????public?String?logout(RedirectAttributes?redirectAttributes?){???
- ????????//使用權限管理工具進行用戶的退出,跳出登錄,給出提示信息??
- ????????SecurityUtils.getSubject().logout();????
- ????????redirectAttributes.addFlashAttribute("message",?"您已安全退出");????
- ????????return?"redirect:/login";??
- ????}???
- ??????
- ????@RequestMapping("/403")??
- ????public?String?unauthorizedRole(){??
- ????????return?"/403";??
- ????}??
- }??
?
?三個主要的JSP:
login.jsp:
- <%@?page?language="java"?import="java.util.*"?pageEncoding="UTF-8"%>??
- <%@?taglib?prefix="form"?uri="http://www.springframework.org/tags/form"?%>??
- <!DOCTYPE?HTML?PUBLIC?"-//W3C//DTD?HTML?4.01?Transitional//EN">??
- <html>??
- ??<head>??
- ????<title>My?JSP?'MyJsp.jsp'?starting?page</title>??
- ??</head>??
- ????
- ??<body>??
- ????<h1>登錄頁面----${message?}</h1>??
- ????<img?alt=""?src="/static/img/1.jpg">??
- ????<form:form?action="/login"?commandName="user"?method="post">??
- ????????用戶名:<form:input?path="username"/>?<form:errors?path="username"?cssClass="error"/>?<br/>??
- ????????密? 碼:<form:password?path="password"/>?<form:errors?path="password"?cssClass="error"?/>?<br/>??
- ????????<form:button?name="button">submit</form:button>??
- ????</form:form>??
- ??</body>??
- </html>??
?
?user.jsp:
- <%@?page?language="java"?import="java.util.*"?pageEncoding="UTF-8"%>??
- <%@?taglib?prefix="c"?uri="http://java.sun.com/jsp/jstl/core"?%>??
- <%@?taglib?prefix="shiro"?uri="http://shiro.apache.org/tags"?%>??
- <!DOCTYPE?HTML?PUBLIC?"-//W3C//DTD?HTML?4.01?Transitional//EN">??
- <html>??
- ??<head>??
- ????<title>用戶列表</title>??
- ??</head>??
- ??<body>??
- ????<h1>${message?}</h1>??
- ????<h1>用戶列表--<a?href="/user/add">添加用戶</a>---<a?href="/logout">退出登錄</a>????</h1>?
- ????<h2>權限列表</h2>??
- ????<shiro:authenticated>用戶已經登錄顯示此內容</shiro:authenticated>??
- ????<shiro:hasRole?name="manager">manager角色登錄顯示此內容</shiro:hasRole>??
- ????<shiro:hasRole?name="admin">admin角色登錄顯示此內容</shiro:hasRole>??
- ????<shiro:hasRole?name="normal">normal角色登錄顯示此內容</shiro:hasRole>??
- ??????
- ????<shiro:hasAnyRoles?name="manager,admin">**manager?or?admin?角色用戶登錄顯示此內容**</shiro:hasAnyRoles>??
- ????<shiro:principal/>-顯示當前登錄用戶名??
- ????<shiro:hasPermission?name="add">add權限用戶顯示此內容</shiro:hasPermission>??
- ????<shiro:hasPermission?name="user:query">query權限用戶顯示此內容<shiro:principal/></shiro:hasPermission>??
- ????<shiro:lacksPermission?name="user:del">?不具有user:del權限的用戶顯示此內容?</shiro:lacksPermission>??
- ????<ul>??
- ????????<c:forEach?items="${userList?}"?var="user">??
- ????????????<li>用戶名:${user.username?}----密碼:${user.password?}----<a?href="/user/edit/${user.id}">修改用戶</a>----<a?href="javascript:;"?class="del"?ref="${user.id?}">刪除用戶</a></li>??
- ????????</c:forEach>??
- ????</ul>??
- ????<img?alt=""?src="/static/img/1.jpg">??
- ????<script?type="text/javascript"?src="http://cdn.staticfile.org/jquery/1.9.1/jquery.min.js"></script>??
- ????<script>??
- ????????$(function(){??
- ????????????$(".del").click(function(){??
- ????????????????var?id=$(this).attr("ref");??
- ????????????????$.ajax({??
- ????????????????????type:"delete",??
- ????????????????????url:"/user/del/"+id,??
- ????????????????????success:function(e){??
- ??????????????????????????
- ????????????????????}??
- ????????????????});??
- ????????????});??
- ????????});??
- ????</script>??
- ??</body>??
- </html>??
?
?
?403.jsp:
- <%@?page?language="java"?import="java.util.*"?pageEncoding="UTF-8"%>??
- <%@?taglib?prefix="form"?uri="http://www.springframework.org/tags/form"?%>??
- <!DOCTYPE?HTML?PUBLIC?"-//W3C//DTD?HTML?4.01?Transitional//EN">??
- <html>??
- ??<head>??
- ????<title>權限錯誤</title>??
- ??</head>??
- ????
- ??<body>??
- ????<h1>對不起,您沒有權限請求此連接!</h1>??
- ????<img?alt=""?src="/static/img/1.jpg">??
- ??????
- ??</body>?
和基于消息契約的序列化)
爆力)
)