shiro spring 整合
用shiro来作为系统的权限控制,它和spring的整合比较简单。思路是:
??? 1. 首先用sping+struts2 做个最简单的登录
??? 2. 引入shiro
一:简单的登录
???? 1.login.jsp
???? 2. home.jsp
? 3.web.xml
? 6. User.java
??????? MonitorRealm:自定义Realm,这里可以选择数据源是DB的、CAS的或者其它
??????? iniRealm : 使用ini配置文件来管理shiro的,demo时候或者系统不变的时候可以选择
3. MonitorRealm
import com.rain.bo.User;import org.apache.shiro.authc.*;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.subject.SimplePrincipalCollection;import org.springframework.stereotype.Service;@Service("monitorRealm")public class MonitorRealm extends AuthorizingRealm { /* @Autowired UserService userService; @Autowired RoleService roleService; @Autowired LoginLogService loginLogService;*/ public MonitorRealm() { super(); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { /*这里编写授权代码*/ return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { /*这里编写认证代码*/ UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String userName = token.getUsername(); if( userName != null && !"".equals(userName) ){// User user = accountManager.login(token.getUsername(),// String.valueOf(token.getPassword())); if(token.getUsername().equals("admin") && String.valueOf(token.getPassword()).equals("123")) return new SimpleAuthenticationInfo(token.getUsername(), token.getPassword(), getName()); /* if( user != null ) return new SimpleAuthenticationInfo( user.getId(),user.getPassword(), getName());*/ } return null; } public void clearCachedAuthorizationInfo(String principal) { SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName()); clearCachedAuthorizationInfo(principals); }}?
三:
???? 可见引入shiro对原有系统的影响是超级轻微的,只是把原来对象(权限)的获得抛给了shiro来处理,至于获取对象之前和对象之后的流程操作基本上不用变