|
|
1.导入以来的jar包,这里只列出关于shiro的
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<exclusions>
<exclusion>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache-core</artifactId>
</exclusion>
</exclusions>
<version>${shiro.version}</version>
</dependency>
2.编写配置文件 application-shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-lazy-init="true">
<!--shiro的配置,关键两点,配置SecurityManager和依赖的RealM -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- <property name="cacheManager" ref="shiroEhcacheManager" /> -->
<property name="realm" ref="myRealm"/>
</bean>
<bean id="shiroSessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- default:1 hours -->
<property name="globalSessionTimeout" value="3600000" />
<property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
<property name="sessionValidationSchedulerEnabled" value="true" />
<property name="deleteInvalidSessions" value="false" />
</bean>
<!-- 用户授权信息Cache, 采用EhCache -->
<!-- <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> -->
<!-- <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" /> -->
<!-- </bean> -->
<!-- Shiro Filter -->
<!-- Shiro主过滤器本身功能十分强大,其强大之处就在于它支持任何基于URL路径表达式的、自定义的过滤器的执行 -->
<!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<property name="successUrl" value="/main" />
<property name="unauthorizedUrl" value="/login" />
<property name="filterChainDefinitions">
<value>
/login = anon
/js/**=anon
/** =authc
</value>
</property>
</bean>
<bean id="myRealm" class ="com.util.OracleJdbcRealm">
</bean>
</beans>
3.编写com.util.OracleJdbcRealm继承JdbcRealm,主要是编写获取认证信息和授权信息方法
package com.util;
import java.util.List;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import com.dao.entity.Operator;
import com.dao.entity.OperatorRole;
import com.dao.entity.UserInfo;
import com.service.SystemPersonnelCollectionService;
public class OracleJdbcRealm extends JdbcRealm {
@Autowired
private SystemPersonnelCollectionService loginService;
//认证信息
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken auToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) auToken;
String userName = token.getUsername();
try {
Operator user = loginService.getOperatorByOperatorNo(token
.getUsername());
System.out.println("userName:" + user.getOperatorNo());
if (user != null) {
SimpleAuthenticationInfo sai = new SimpleAuthenticationInfo(
userName, user.getOperatorPassword(), getName());
sai.setCredentialsSalt(ByteSource.Util.bytes(userName));
/**
* 将用户信息放到session
*/
UserInfo userInfo = new UserInfo();
userInfo.setOperator(user);
userInfo.setIp(token.getHost());
setSession("USER_INFO", userInfo);
return sai;
} else {
return null;
}
} catch (Exception e) {
throw new AuthenticationException(e.getMessage(), e);
}
}
private void setSession(Object key, Object value) {
Subject currentUser = SecurityUtils.getSubject();
if (null != currentUser) {
Session session = currentUser.getSession();
if (null != session) {
session.setAttribute(key, value);
}
}
}
//授权信息
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
UserInfo userInfo = SpringSecurityUtils.getCurrentUser();
List<OperatorRole> operatorRoles = loginService
.getRoleByOperatorId(String.valueOf(userInfo.getOperatorId()));
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
for (OperatorRole role : operatorRoles) {// 添加角色
simpleAuthorizationInfo.addRole(role.getRoleName());
}
// 设置网格操作权限
// if(userInfo.getGridId() != null){}
// if (simpleAuthorizationInfo.getRoles().contains("admin")
// || userInfo.getGridId() != null) {
// simpleAuthorizationInfo.addStringPermissions(loginService
// .findAllChildGridById("grid:edit:", userInfo.getGridId()));
// }
return simpleAuthorizationInfo;
}
}
4.编写mybatis连接数据库需要的Java类和映射文件
OperatorMapper.xml文件内容如下:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.dao.mapper.OperatorMapper">
<resultMap id="result_getOperatorByOperatorNo" type="com.dao.entity.Operator">
<id property="operatorId" column="OPERATOR_ID" />
<result property="employeeId" column="EMPLOYEE_ID" />
<result property="operatorNo" column="OPERATOR_NO" />
<result property="operatorType" column="OPERATOR_TYPE" />
<result property="operatorPassword" column="OPERATOR_PASSWORD" />
<result property="operatorStatus" column="OPERATOR_STATUS" />
<result property="createTime" column="CREATE_TIME" />
<result property="modifyTime" column="MODIFY_TIME" />
<result property="gridId" column="GRID_ID" />
<result property="operatorName" column="OPERATOR_NAME" />
<result property="operatorTel" column="OPERATOR_TEL" />
<result property="operatorEmail" column="OPERATOR_EMAIL" />
<result property="gridOpType" column="GRID_OP_TYPE" />
<result property="gridOpImg" column="GRID_OP_IMG" />
</resultMap>
<sql id="operator_column">
OPERATOR_ID, EMPLOYEE_ID, OPERATOR_NO, OPERATOR_TYPE,
OPERATOR_PASSWORD, OPERATOR_STATUS, CREATE_TIME, MODIFY_TIME,
GRID_ID,
OPERATOR_NAME, OPERATOR_TEL, OPERATOR_EMAIL, GRID_OP_TYPE,GRID_OP_IMG
</sql>
<!-- 根据用户名获取操作员信息 -->
<select id="getOperatorByOperatorNo" parameterType="string"
resultMap="result_getOperatorByOperatorNo">
SELECT
<include refid="operator_column" />
FROM T_OPERATOR WHERE OPERATOR_NO= #{operatorNo}
</select>
<resultMap id="result_getRoleByOperatorId"
type="com.dao.entity.OperatorRole">
<id property="operatorRoleId" column="OPERATOR_ROLE_ID" />
<result property="operatorId" column="OPERATOR_ID" />
<result property="roleId" column="ROLE_ID" />
<result property="roleName" column="ROLE_NAME" />
</resultMap>
<select id="getRoleByOperatorId" resultMap="result_getRoleByOperatorId">
SELECT
OPERATOR_ROLE_ID,OPERATOR_ID,ROLE_ID,(SELECT ROLE_NAME FROM T_ROLE
WHERE ROLE_ID = TOR.ROLE_ID) ROLE_NAME
FROM T_OPERATOR_ROLE TOR
WHERE
OPERATOR_ID = #{operatorId}
</select>
</mapper>
com.dao.entity.Operator实体类:
package com.dao.entity;
import java.io.Serializable;
import java.util.Date;
public class Operator implements Serializable{
/**
*
*/
private static final long serialVersionUID = 7642745218798808968L;
private Long operatorId; // 操作员ID
private Long employeeId; // 员工ID
private String operatorNo; // 操作员账号
private String operatorType; // 1系统管理员;2网格管理员;3:网格操作员
private String operatorPassword; // 登陆口令
private String operatorStatus = "1"; // 操作员状态1有效0归档
private Date createTime; // 创建时间
private Date modifyTime; // 修改时间
private Long gridId;//网格操作员所属的网格
private String operatorName; // 操作员名称
private String operatorTel; // 操作员电话
private String operatorEmail; // 操作员邮箱
private String operatorRoleId; //操作员角色
private String gridOpType; //网格员类型1: 网格管理员(社区居委管理人员)、2: 网格协管员(机关包片干部)、3: 网格警务员(片警)、4:网格监督员
private String gridOpImg;//网格员照片URL
/**
* 获取 操作员ID
*/
public Long getOperatorId(){
return this.operatorId;
}
/**
* 设置 操作员ID
*/
public void setOperatorId(Long operatorId){
this.operatorId=operatorId;
}
/**
* 获取 员工ID
*/
public Long getEmployeeId(){
return this.employeeId;
}
/**
* 设置 员工ID
*/
public void setEmployeeId(Long employeeId){
this.employeeId=employeeId;
}
/**
* 获取 操作员账号
*/
public String getOperatorNo(){
return this.operatorNo;
}
/**
* 设置 操作员账号
*/
public void setOperatorNo(String operatorNo){
this.operatorNo=operatorNo;
}
/**
* 获取 1管理员2业务操作员
*/
public String getOperatorType(){
return this.operatorType;
}
/**
* 设置 1管理员2业务操作员
*/
public void setOperatorType(String operatorType){
this.operatorType=operatorType;
}
/**
* 获取 登陆口令LGN_PWD
*/
public String getOperatorPassword(){
return this.operatorPassword;
}
/**
* 设置 登陆口令LGN_PWD
*/
public void setOperatorPassword(String operatorPassword){
this.operatorPassword=operatorPassword;
}
/**
* 获取 操作员状态OP_STT1有效0归档
*/
public String getOperatorStatus(){
return this.operatorStatus;
}
/**
* 设置 操作员状态OP_STT1有效0归档
*/
public void setOperatorStatus(String operatorStatus){
this.operatorStatus=operatorStatus;
}
/**
* 获取 null
*/
public Date getCreateTime(){
return this.createTime;
}
/**
* 设置 null
*/
public void setCreateTime(Date createTime){
this.createTime=createTime;
}
/**
* 获取 null
*/
public Date getModifyTime(){
return this.modifyTime;
}
/**
* 设置 null
*/
public void setModifyTime(Date modifyTime){
this.modifyTime=modifyTime;
}
public String getOperatorName() {
return operatorName;
}
public void setOperatorName(String operatorName) {
this.operatorName = operatorName;
}
public String getOperatorTel() {
return operatorTel;
}
public void setOperatorTel(String operatorTel) {
this.operatorTel = operatorTel;
}
public String getOperatorEmail() {
return operatorEmail;
}
public void setOperatorEmail(String operatorEmail) {
this.operatorEmail = operatorEmail;
}
public String getOperatorRoleId() {
return operatorRoleId;
}
public void setOperatorRoleId(String operatorRoleId) {
this.operatorRoleId = operatorRoleId;
}
public Long getGridId() {
return gridId;
}
public void setGridId(Long gridId) {
this.gridId = gridId;
}
public String getGridOpType() {
return gridOpType;
}
public void setGridOpType(String gridOpType) {
this.gridOpType = gridOpType;
}
public String getGridOpImg() {
return gridOpImg;
}
public void setGridOpImg(String gridOpImg) {
this.gridOpImg = gridOpImg;
}
public String toString(){
StringBuffer sb = new StringBuffer();
sb.append("operatorId="+operatorId).append(";");
sb.append("employeeId="+employeeId).append(";");
sb.append("operatorNo="+operatorNo).append(";");
sb.append("operatorType="+operatorType).append(";");
sb.append("operatorPassword="+operatorPassword).append(";");
sb.append("operatorStatus="+operatorStatus).append(";");
sb.append("createTime="+createTime).append(";");
sb.append("modifyTime="+modifyTime).append(";");
sb.append("operatorName="+operatorName).append(";");
sb.append("operatorTel="+operatorTel).append(";");
sb.append("operatorEmail="+operatorEmail).append(";");
sb.append("gridOpType="+gridOpType).append(";");
sb.append("gridOpImg="+gridOpImg).append(";");
return sb.toString();
}
}
com.dao.entity.OperatorRole实体类:
package com.dao.entity;
import java.io.Serializable;
public class OperatorRole implements Serializable{
/**
*
*/
private static final long serialVersionUID = -7384310951225091546L;
private Long operatorRoleId; // ID
private String operatorId; // 操作员ID
private String roleId; // 角色代码
private String roleName;
public Long getOperatorRoleId() {
return operatorRoleId;
}
public void setOperatorRoleId(Long operatorRoleId) {
this.operatorRoleId = operatorRoleId;
}
public String getOperatorId() {
return operatorId;
}
public void setOperatorId(String operatorId) {
this.operatorId = operatorId;
}
public String getRoleId() {
return roleId;
}
public void setRoleId(String roleId) {
this.roleId = roleId;
}
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
}
com.dao.mapper.OperatorMapper接口:
package com.dao.mapper;
import java.util.List;
import java.util.Map;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.session.RowBounds;
import com.dao.entity.Operator;
import com.dao.entity.OperatorRole;
/**
* 系统菜单
*
* @author cykj
*
*/
public interface OperatorMapper {
/**
* 根据用户名获取操作员信息
*
* @param operatorNo
* @return
*/
Operator getOperatorByOperatorNo(String operatorNo);
/**
* 查询用户角色
*
* @param operatorId
* @return
*/
public List<OperatorRole> getRoleByOperatorId(String operatorId);
}
6.编写服务接口和服务类
接口
package com.service;
import java.util.List;
import com.dao.entity.Operator;
import com.dao.entity.OperatorRole;
/**
* 系统人员管理大接口____________服务端
*/
public interface SystemPersonnelCollectionService {
/**
* 根据操作员工号取得操作员信息
*
* @param operatorNo
* @return
*/
public Operator getOperatorByOperatorNo(String operatorNo); // 测试
/**
* 查询用户对应的角色
*
* @param operatorId
* @return
*/
public List<OperatorRole> getRoleByOperatorId(String operatorId);
}
实现类:
package com.service.impl;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.dao.entity.Operator;
import com.dao.entity.OperatorRole;
import com.dao.mapper.OperatorMapper;
import com.service.SystemPersonnelCollectionService;
@Service("loginService")
public class SystemPersonnelCollectionServiceImpl implements
SystemPersonnelCollectionService {
@Autowired
OperatorMapper operatorMapper;
@Override
public Operator getOperatorByOperatorNo(String operatorNo) {
return operatorMapper.getOperatorByOperatorNo(operatorNo);
}
@Override
public List<OperatorRole> getRoleByOperatorId(String operatorId) {
return operatorMapper.getRoleByOperatorId(operatorId);
}
}
7.编写前台登陆界面和controller
前台登陆界面 login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<html>
<head>
<title>登陆</title>
<link href="/js/easyui-1.3.6/themes/default/easyui.css" rel="stylesheet"
type="text/css" />
<link href="/js/easyui-1.3.6/themes/icon.css" rel="stylesheet"
type="text/css" />
<script src="/js/jquery-1.9.1.min.js" type="text/javascript"></script>
<script src="/js/easyui-1.3.6/jquery.easyui.min.js"
type="text/javascript"></script>
</head>
<body>
<div class="box">
<div class="login">
<form id="loginForm" method="post" class="form">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td style="font-size: 16px; color: #0e7b9a; font-weight: bold;">用户名:</td>
<td style="padding-left: 10px;" colspan="2"><input
type="text" id="username" name="username" class="text"
onkeydown="if(event.keyCode==13)$('#password').focus();"></td>
</tr>
<tr>
<td style="font-size: 16px; color: #0e7b9a; font-weight: bold;">密
码:</td>
<td style="padding-left: 10px;" colspan="2"><input
type="password" id="password" name="password"
onkeydown="if(event.keyCode==13)loginFun();" class="text"></td>
</tr>
<tr>
<td></td>
<td colspan="2" style="padding-left: 10px;"><input
type="button" class="button" value="登 陆"><input
type="reset" class="button" value="清 空"
style="margin-left: 32px;"></td>
</tr>
</table>
</form>
</div>
<div id="errorMessages" class="tips"></div>
</div>
</body>
</html>
<script type="text/javascript">
function loginFun() {
var $form = $('#loginForm');//选中的tab里面的form
$.post('/login', $form.serialize(), function(data) {
alert(data.success);
if (data.success) {
alert("alert");
self.location.href = 'main';
} else {
$('#errorMessages').html(" " + data.msg).show();
}
}, 'json');
}
</script>
登陆成功后的main.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<html>
<head>
<title>登陆成功</title>
</head>
<body>
登陆成功
</body>
</html>
controller 类:
package com.controller;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import com.google.gson.Gson;
import com.util.SpringSecurityUtils;
@Controller
public class LoginController {
@RequestMapping(value="login",method=RequestMethod.POST)
public void login(HttpServletRequest request,PrintWriter out){
String userName = request.getParameter("username");
String password = request.getParameter("password");
String pass = SpringSecurityUtils.generatePassword(userName, password);
Subject subject = SecurityUtils.getSubject();
subject.login(new UsernamePasswordToken(userName, pass));
Gson gson = new Gson();
if(subject.isAuthenticated()){
String success = "true";
out.print("{\"success\":\"true\"}");
}
}
@RequestMapping(value = "login", method = RequestMethod.GET)
public String showLoginForm() {
return "login";
}
@RequestMapping("main")
public String showMain(){
return "main";
}
}
详细的源码见附件 |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-11-27 09:56:05
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡