shiro安全框架是目前為止作為登錄注冊最常用的框架,因為它十分的強大簡單,提供了認證、授權、加密和會話管理等功能 。
shiro能做什么?
認證:驗證用戶的身份
授權:對用戶執行訪問控制:判斷用戶是否被允許做某事
會話管理:在任何環境下使用 Session API,即使沒有 Web 或EJB 容器。
加密:以更簡潔易用的方式使用加密功能,保護或隱藏數據防止被偷窺
Realms:聚集一個或多個用戶安全數據的數據源
單點登錄(SSO)功能。
為沒有關聯到登錄的用戶啟用 "Remember Me“ 服務
Shiro 的四大核心部分
Authentication(身份驗證):簡稱為“登錄”,即證明用戶是誰。
Authorization(授權):訪問控制的過程,即決定是否有權限去訪問受保護的資源。
Session Management(會話管理):管理用戶特定的會話,即使在非 Web 或 EJB 應用程序。
Cryptography(加密):通過使用加密算法保持數據安全
shiro的三個核心組件:
Subject :正與系統進行交互的人,或某一個第三方服務。所有 Subject 實例都被綁定到(且這是必須的)一個SecurityManager 上。
SecurityManager:Shiro 架構的心臟,用來協調內部各安全組件,管理內部組件實例,並通過它來提供安全管理的各種服務。當 Shiro 與一個 Subject 進行交互時,實質上是幕后的 SecurityManager 處理所有繁重的 Subject 安全操作。
Realms :本質上是一個特定安全的 DAO。當配置 Shiro 時,必須指定至少一個 Realm 用來進行身份驗證和/或授權。Shiro 提供了多種可用的 Realms 來獲取安全相關的數據。如關系數據庫(JDBC),INI 及屬性文件等。可以定義自己 Realm 實現來代表自定義的數據源。
shiro整合SSM框架:
1.我的demo目錄:
2.pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.xingshang</groupId> <artifactId>ShiroDemo</artifactId> <packaging>war</packaging> <version>1.0-SNAPSHOT</version> <name>ShiroDemo Maven Webapp</name> <url>http://maven.apache.org</url> <properties> <!-- spring版本號 --> <spring.version>3.2.4.RELEASE</spring.version> <!-- mybatis版本號 --> <mybatis.version>3.2.4</mybatis.version> <!-- log4j日志文件管理包版本 --> <slf4j.version>1.6.6</slf4j.version> <log4j.version>1.2.9</log4j.version> </properties> <dependencies> <!-- spring核心包 --> <!-- springframe start --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-oxm</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <!-- springframe end --> <!-- mybatis核心包 --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>${mybatis.version}</version> </dependency> <!-- mybatis/spring包 --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>1.2.2</version> </dependency> <!-- mysql驅動包 --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.29</version> </dependency> <!-- junit測試包 --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> <!-- 阿里巴巴數據源 包 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.0.2</version> </dependency> <!-- json數據 --> <dependency> <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-mapper-asl</artifactId> <version>1.9.13</version> </dependency> <!-- 日志文件管理包 --> <!-- log start --> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>${log4j.version}</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>${slf4j.version}</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>${slf4j.version}</version> </dependency> <!-- log end --> <!--shiro核心包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.2</version> </dependency> <!--shiro web支持--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.2</version> </dependency> <!--shiro spring支持--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.2</version> </dependency> <!----> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.2.2</version> </dependency> <dependency> <groupId>com.alipay</groupId> <artifactId>sdk-java</artifactId> <version>20180309170622</version> </dependency> </dependencies> <build> <finalName>ShiroDemo</finalName> </build> </project>
3.配置 web.xml 文件
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID3" version="3.0"> <display-name>Archetype Created Web Application</display-name> <!-- 讀取spring配置文件 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-*.xml</param-value> </context-param> <!-- Spring字符集過濾器 --> <filter> <filter-name>SpringEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>SpringEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- springMVC核心配置 --> <!--前端控制器--> <servlet> <servlet-name>springMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <!--初始化所需配置文件位置--> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-mvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <!--設置攔截路徑--> <servlet-mapping> <servlet-name>springMVC</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!--Filter的代理器:shiro攔截--> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <!--DelegatingFilterProxy:去spring的容器中去找filter—name相同名字的bean--> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 日志記錄 --> <context-param> <!-- 日志配置文件路徑 --> <param-name>log4jConfigLocation</param-name> <param-value>classpath:log4j.properties</param-value> </context-param> <context-param> <!-- 日志頁面的刷新間隔 --> <param-name>log4jRefreshInterval</param-name> <param-value>6000</param-value> </context-param> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <!--spring監聽器--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <welcome-file-list> <welcome-file>login.jsp</welcome-file> </welcome-file-list> <!-- 錯誤跳轉頁面 --> <error-page> <!-- 路徑不正確 --> <error-code>404</error-code> <location>/WEB-INF/file/404.jsp</location> </error-page> <error-page> <!-- 沒有訪問權限,訪問被禁止 --> <error-code>405</error-code> <location>/WEB-INF/file/405.jsp</location> </error-page> <error-page> <!-- 內部錯誤 --> <error-code>500</error-code> <location>/WEB-INF/file/500.jsp</location> </error-page> </web-app>
4.spring-mybatis.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd"> <!-- 引入jdbc配置文件 --> <context:property-placeholder location="classpath:jdbc.properties" /> <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close"> <property name="driverClassName"> <value>${jdbc_driverClassName}</value> </property> <property name="url"> <value>${jdbc_url}</value> </property> <property name="username"> <value>${jdbc_username}</value> </property> <property name="password"> <value>${jdbc_password}</value> </property> <!-- 連接池最大使用連接數 --> <property name="maxActive"> <value>20</value> </property> <!-- 初始化連接大小 --> <property name="initialSize"> <value>1</value> </property> <!-- 獲取連接最大等待時間 --> <property name="maxWait"> <value>60000</value> </property> <!-- 連接池最大空閑 --> <property name="maxIdle"> <value>20</value> </property> <!-- 連接池最小空閑 --> <property name="minIdle"> <value>3</value> </property> <!-- 自動清除無用連接 --> <property name="removeAbandoned"> <value>true</value> </property> <!-- 清除無用連接的等待時間 --> <property name="removeAbandonedTimeout"> <value>180</value> </property> <!-- 連接屬性 --> <property name="connectionProperties"> <value>clientEncoding=UTF-8</value> </property> </bean> <!-- mybatis文件配置,掃描所有mapper文件 --> <!-- configLocation為mybatis屬性;mapperLocations為所有mapper --> <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean" p:dataSource-ref="dataSource" p:configLocation="classpath:mybatis-config.xml" p:mapperLocations="classpath:mapper/*.xml" /> <!-- spring與mybatis整合配置,掃描所有dao --> <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer" p:basePackage="com.xingshang.dao" p:sqlSessionFactoryBeanName="sqlSessionFactory" /> <!-- 對數據源進行事務管理 --> <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager" p:dataSource-ref="dataSource" /> </beans>
5.spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd"> <!-- 掃描controller(controller層注入) --> <context:component-scan base-package="com.xingshang.controller" /> <!-- 避免IE在ajax請求時,返回json出現下載 --> <bean id="jacksonMessageConverter" class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter"> <property name="supportedMediaTypes"> <list> <value>text/html;charset=UTF-8</value> </list> </property> </bean> <mvc:annotation-driven> <mvc:message-converters register-defaults="true"> <bean class="org.springframework.http.converter.StringHttpMessageConverter"> <constructor-arg value="UTF-8" /> </bean> </mvc:message-converters> </mvc:annotation-driven> <!-- 對模型視圖添加前后綴 --> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/WEB-INF/" p:suffix=".jsp" /> <!-- 開啟shiro的注解支持 --> <bean id="defaultAdvisorAutoProxyCreator" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"> <!-- 必須改為true,即使用cglib方式為Action創建代理對象。默認值為false,使用JDK創建代理對象,會造成問題 --> <property name="proxyTargetClass" value="true"></property> </bean> <!-- 使用shiro框架提供的切面類,用於創建代理對象 --> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"></bean> </beans>
6.jdbc.properties
jdbc_driverClassName=com.mysql.jdbc.Driver
jdbc_url=jdbc:mysql://localhost:3306/shirodemo
jdbc_username=root
jdbc_password=123456
7.log4j.properties
### set log levels ###
#log4j.rootLogger = debug , stdout , D , E
log4j.rootLogger = debug , stdout , D
### output to the console ###
log4j.appender.stdout = org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target = System.out
log4j.appender.stdout.layout = org.apache.log4j.PatternLayout
#log4j.appender.stdout.layout.ConversionPattern = %d{ABSOLUTE} %5p %c{ 1 }:%L - %m%n
log4j.appender.stdout.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss} [%c]-[%p] %m%n
### Output to the log file ###
log4j.appender.D = org.apache.log4j.DailyRollingFileAppender
log4j.appender.D.File = ${springmvc.root}/WEB-INF/logs/log.log
log4j.appender.D.Append = true
log4j.appender.D.Threshold = DEBUG
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss} [ %t:%r ] - [ %p ] %m%n
### Save exception information to separate file ###
log4j.appender.D = org.apache.log4j.DailyRollingFileAppender
log4j.appender.D.File = ${springmvc.root}/WEB-INF/logs/error.log
log4j.appender.D.Append = true
log4j.appender.D.Threshold = ERROR
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss} [ %t:%r ] - [ %p ] %m%n
8.spring-shiro.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <!-- 配置 ShiroFilter bean: 該 bean 的 id 必須和 web.xml 文件中配置的 shiro filter 的 name 一致 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 裝配 securityManager:shiro核心安全接口,這個屬性是必須的--> <property name="securityManager" ref="securityManager"/> <!-- 配置登陸頁面 非必須,若沒有指定shiro會在web工程下尋找indexjsp頁面--> <property name="loginUrl" value="/login.jsp"/> <!-- 登陸成功后的頁面 --> <property name="successUrl" value="/success.jsp"/> <!--用戶訪問未對其授權的頁面時所跳轉的頁面--> <property name="unauthorizedUrl" value="WEB-INF/file/500.jsp"/> <!--代表需要完成的shiro過濾器的具體配置--> <!-- 具體配置需要攔截哪些 URL, 以及訪問對應的 URL 時使用 Shiro 的什么 Filter 進行攔截. 不同的filter有不同的攔截級別 anon:不需要登入 authc:必須需要登入 應用 /**=authc,都必須登入才能訪問 --> <property name="filterChainDefinitions"> <value> /WEB-INF/index.jsp=anon /WEB-INF/fail/*.jsp=anon /login=anon /**=authc </value> </property> </bean> <!-- 配置 Shiro 的 SecurityManager Bean. --> <!--配置安全管理器--> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--引入緩存管理器--> <property name="cacheManager" ref="cacheManager"/> <!-- 目標realm的實現--> <property name="realm" ref="myRealm"/> <!-- <property name="sessionMode" value="native"/>--> </bean> <!-- 配置緩存管理器 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <!-- 指定 ehcache 的配置文件 --> <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/> </bean> <!-- 配置進行授權和認證的 Realm --> <bean id="myRealm" class="com.xingshang.realm.MyRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <!-- 加密算法為MD5 --> <property name="hashAlgorithmName" value="MD5"></property> <!-- 加密次數 --> <property name="hashIterations" value="2"></property> </bean> </property> </bean> <!-- 配置 Bean 后置處理器: 會自動的調用和 Spring 整合后各個組件的生命周期方法. --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> </beans>
9.ehcache-shiro.xml
<ehcache updateCheck="false" name="shiroCache"> <defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="false" diskPersistent="false" diskExpiryThreadIntervalSeconds="120" /> </ehcache>
10.mybatis-config.xml
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd"> <configuration> <!-- 命名空間 --> </configuration>
到這一步,配置文件都基本准備好了,接下來要寫Realm方法了,新建realm包,在包下新建MyRealm.java文件繼承AuthorizingRealm
package com.xingshang.realm; import com.xingshang.dao.UserDao; import com.xingshang.entity.User; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import org.apache.shiro.util.ByteSource.Util; import java.util.HashSet; import java.util.List; import java.util.Set; public class MyRealm extends AuthorizingRealm { @Autowired private UserDao userDao; /** * 1、登入認證 * thenticationInfo:獲取認證消息,如果數據庫中沒有,返回null,如果得到正確的用戶名和密碼 * 2、AuthenticationInfo 可用simpleAuthenticationInfo實現類,封裝獲取到的正確的賬號和密碼 * 返回正定類型的對象 * * @param authenticationToken * @return * @throws AuthenticationException */ protected SimpleAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //1、將token轉換為UserNamePasswordToken UsernamePasswordToken uptoken = (UsernamePasswordToken) authenticationToken; //2、獲取用戶名 User user = new User(); user.setUsername(uptoken.getUsername()); user.setPassword(uptoken.getPassword().toString()); User us = userDao.login(user); if (us != null) { SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(us.getUsername(), us.getPassword(), "a"); authenticationInfo.setCredentialsSalt(Util.bytes(us.getSalt())); return authenticationInfo; } else { throw new ExcessiveAttemptsException("賬號密碼錯誤"); } } /** * 權限角色認證 * * @param principalCollection * @return */ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String username = principalCollection.getPrimaryPrincipal().toString(); List<String> roles = userDao.selectRole(username); List<String> permissions = userDao.selectPermission(username); Set<String> ro = new HashSet<String>(); Set<String> per = new HashSet<String>(); for (String role : roles) { ro.add(role); } for (String permission : permissions) { per.add(permission); } SimpleAuthorizationInfo sim = new SimpleAuthorizationInfo(); sim.setRoles(ro); sim.setStringPermissions(per); return sim; } }
好了,接下來我們寫一個簡單的controller來通過shiro登錄驗證。
package com.xingshang.controller; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class LoginController { @RequestMapping("/login") public String login(@RequestParam("username") String username,@RequestParam("password") String password){ Subject subject = SecurityUtils.getSubject(); if (!subject.isAuthenticated()){ UsernamePasswordToken token = new UsernamePasswordToken(username,password); try {
//執行認證操作 subject.login(token); }catch (Exception e){ return e.getMessage(); } } return "success"; } @RequestMapping("/test1") @ResponseBody public String test1(){ Subject subject = SecurityUtils.getSubject(); try { subject.checkRole("admin"); }catch (Exception e){ return "不擁有admin角色"; } return "擁有admin角色"; } @RequestMapping("/test2") @ResponseBody public String test2(){ Subject subject= SecurityUtils.getSubject(); try { subject.checkRole("CEO"); }catch (Exception e){ return "不擁有CEO角色"; } return "擁有admin角色"; } }
login.jsp
<%@ page language="java" contentType="text/html; charset=utf-8" %> <html> <head> <title>Title</title> </head> <body> <form action="/login" method="post"> <div> 賬號:<input type="text" name="username"> </div> <div> 密碼:<input type="password" name="password"> </div> <div> <input type="submit" value="登入"> </div> </form> </body> </html>
success.jsp
<%-- Created by IntelliJ IDEA. User: Administrator Date: 2018/3/19 Time: 9:31 To change this template use File | Settings | File Templates. --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> <a href="/test1">是不是admin</a> <a href="/test2">是不是ceo</a> </body> </html>
UserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > <mapper namespace="com.xingshang.dao.UserDao" > <select id="login" resultType="com.xingshang.entity.User" parameterType="com.xingshang.entity.User"> SELECT u.username, u.password, r.roleId AS "roleid", CONCAT(u.username,u.password_salt) AS "salt" FROM users u JOIN user_role r on u.id=r.userId WHERE u.username=#{userName} </select> <select id="selectRole" parameterType="String" resultType="String"> SELECT r.role FROM roles r where r.id=(select z.roleId FROM users u join user_role z on u.id=z.userId where u.username=#{username}) </select> <select id="selectPermission" parameterType="String" resultType="String"> select p.permission from permissions p join role_permisssion x on p.id=x.permissionId where x.roleId=(select z.roleId FROM users u join user_role z on u.id=z.userId where u.username=#{username}) </select> </mapper>
shirodemo.sql
/* Navicat MySQL Data Transfer Source Server : localhost_3306 Source Server Version : 50558 Source Host : localhost:3306 Source Database : shirodemo Target Server Type : MYSQL Target Server Version : 50558 File Encoding : 65001 Date: 2018-03-26 21:27:58 */ SET FOREIGN_KEY_CHECKS=0; -- ---------------------------- -- Table structure for `permissions` -- ---------------------------- DROP TABLE IF EXISTS `permissions`; CREATE TABLE `permissions` ( `id` int(11) NOT NULL, `permission` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of permissions -- ---------------------------- INSERT INTO `permissions` VALUES ('1', 'add'); INSERT INTO `permissions` VALUES ('2', 'delete'); INSERT INTO `permissions` VALUES ('3', 'update'); INSERT INTO `permissions` VALUES ('4', 'select'); -- ---------------------------- -- Table structure for `role_permisssion` -- ---------------------------- DROP TABLE IF EXISTS `role_permisssion`; CREATE TABLE `role_permisssion` ( `id` int(11) NOT NULL AUTO_INCREMENT, `roleId` int(255) DEFAULT NULL, `permissionId` int(11) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of role_permisssion -- ---------------------------- INSERT INTO `role_permisssion` VALUES ('1', '4', '1'); INSERT INTO `role_permisssion` VALUES ('2', '4', '2'); -- ---------------------------- -- Table structure for `roles` -- ---------------------------- DROP TABLE IF EXISTS `roles`; CREATE TABLE `roles` ( `id` int(11) NOT NULL, `role` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of roles -- ---------------------------- INSERT INTO `roles` VALUES ('1', 'CEO'); INSERT INTO `roles` VALUES ('2', 'CTO'); INSERT INTO `roles` VALUES ('3', 'CFO'); INSERT INTO `roles` VALUES ('4', 'admin'); -- ---------------------------- -- Table structure for `user_role` -- ---------------------------- DROP TABLE IF EXISTS `user_role`; CREATE TABLE `user_role` ( `id` int(11) NOT NULL AUTO_INCREMENT, `userId` int(11) DEFAULT NULL, `roleId` int(11) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC; -- ---------------------------- -- Records of user_role -- ---------------------------- INSERT INTO `user_role` VALUES ('1', '1', '1'); INSERT INTO `user_role` VALUES ('2', '1', '2'); INSERT INTO `user_role` VALUES ('3', '1', '3'); INSERT INTO `user_role` VALUES ('4', '1', '4'); INSERT INTO `user_role` VALUES ('5', '2', '4'); -- ---------------------------- -- Table structure for `users` -- ---------------------------- DROP TABLE IF EXISTS `users`; CREATE TABLE `users` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `username` varchar(100) DEFAULT NULL, `password` varchar(100) DEFAULT NULL, `password_salt` varchar(100) DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `idx_users_username` (`username`) ) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of users -- ----------------------------INSERT INTO `users` VALUES ('1', 'miaomiao', '2a9c616f5dc6d23329ad4622ff8fa89f', 'b58c47e10cc56807ce31010a41c7fa65'); INSERT INTO `users` VALUES ('2', 'admin', '123', null);
//執行認證操作.