为什么80%的码农都做不了架构师?>>>
JFinal 整合 Shiro原文:
http://my.oschina.net/smile622/blog/135098
在此基础上 补充数据库和MyShiroRealm.java
users表
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for `users`
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(50) DEFAULT NULL,
`password` varchar(50) DEFAULT NULL,
`mail` varchar(100) DEFAULT NULL,
`roleid` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `RoleId` (`roleid`),
CONSTRAINT `users_ibfk_1` FOREIGN KEY (`roleid`) REFERENCES `roles` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=43 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of users
-- ----------------------------
INSERT INTO `users` VALUES ('1', '1', '1', '1@126.com', '1');
INSERT INTO `users` VALUES ('2', 'admin', 'admin', 'admin@126.com', '2');
roles表
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for `roles`
-- ----------------------------
DROP TABLE IF EXISTS `roles`;
CREATE TABLE `roles` (
`id` int(11) NOT NULL,
`rolename` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of roles
-- ----------------------------
INSERT INTO `roles` VALUES ('1', 'user');
INSERT INTO `roles` VALUES ('2', 'sysadmin');
MyShiroRealm.java
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import xxx.model.Roles;
import xxx.model.Users;
/**
* 自实现用户与权限查询. 演示关系,密码用明文存储,因此使用默认 的SimpleCredentialsMatcher.
*/
public class MyShiroRealm extends AuthorizingRealm {
/**
* 认证回调函数, 登录时调用.
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String password = String.valueOf(token.getPassword());
// 调用操作数据库的方法查询user信息
Users user = Users.dao.findFirst(
"select * from users where username = ?", token.getUsername());
if (user != null) {
if (password.equals(user.getStr("password"))) {
Session session = SecurityUtils.getSubject().getSession();
session.setAttribute("username", user.getStr("username"));
return new SimpleAuthenticationInfo(user.getInt("id"),
user.getStr("password"), getName());
} else {
return null;
}
} else {
return null;
}
}
/**
* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
int userId = (int) principals.fromRealm(getName()).iterator().next();
Users user = Users.dao.findById(userId);
if (user != null) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Roles role = Roles.dao.findById(user.getInt("roleid"));
info.addRole(role.getStr("rolename"));
// info.addStringPermissions( role.getPermissions()
// );//如果你添加了对权限的表,打开此注释,添加角色具有的权限
return info;
} else {
return null;
}
}
}
FreeMarker添加Shiro标签(需要加入shiro-freemarker-tags-0.1-SNAPSHOT.jar)
FreeMarkerRender.getConfiguration().setSharedVariable("shiro", new ShiroTags()); // FreeMarker中使用shiro标签
到这一步基本的权限就够了
附带Shiro.ini
[main]
shiro.loginUrl = /login
#realm
myRealm = xxx.manage.shiro.ShiroDbRealm
securityManager.realm = $myRealm
#cache
shiroCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
shiroCacheManager.cacheManagerConfigFile = classpath:ehcache-shiro.xml
securityManager.cacheManager = $shiroCacheManager
#session
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionDAO.activeSessionsCacheName = shiro-activeSessionCache
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 360000
#这里的规则,web.xml中的配置的ShiroFilter会使用到。
[urls]
/manage/** = authc, roles[user]
/** = anon
密码加密等其他功能请另查阅资料,如需更多复杂应用请查阅http://www.oschina.net/question/925382_114550