从实例入手学习Shiro自定义Realm实现查询数据进行验证
场景
从实例入手学习Shiro与Web的整合:
https://blog.****.net/BADAO_LIUMANG_QIZHI/article/details/90140802
在上面已经实现整合Web的基础上实现 Shiro 自定义Realm,然后查询数据实现权限验证。
实现
数据库搭建
新建t_user表,用户表
新建t_role表,角色表
新建t_permission表,权限表
建立表的关联关系
t_user表的roleId就是t_role表的id,一对多的关系。
t_role表的id就是t_premission表的roleId,一对多的关系。
插入t_user表数据
插入t_role数据
插入t_permission数据
添加项目依赖
打开pom.xml,添加mysql的依赖
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.11</version>
</dependency>完整pom.xml代码
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.badao.shiro</groupId>
<artifactId>ShiroWeb</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>ShiroWeb Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<!-- 添加servlet支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.1</version>
</dependency>
<!-- 添加jstl支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- 添加日志支持 -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!-- 添加shiro支持 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.12</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.11</version>
</dependency>
</dependencies>
<build>
<finalName>ShiroWeb</finalName>
</build>
</project>新建连接数据库工具类
在util包下新建Dbutil.java
package com.badao.util;
import java.sql.Connection;
import java.sql.DriverManager;
/**
* 数据库工具类
* @author
*
*/
public class DbUtil {
/**
* 获取数据库连接
* @return
* @throws Exception
*/
public Connection getCon() throws Exception{
Class.forName("com.mysql.jdbc.Driver");
Connection con=DriverManager.getConnection("jdbc:mysql://localhost:3306/shirotest", "root", "123");
return con;
}
/**
* 关闭数据库连接
* @param con
* @throws Exception
*/
public void closeCon(Connection con)throws Exception{
if(con!=null){
con.close();
}
}
public static void main(String[] args) {
DbUtil dbUtil=new DbUtil();
try {
dbUtil.getCon();
System.out.println("数据库连接成功");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
System.out.println("数据库连接失败");
}
}
}
编写自定义Realm
新建realm包,包下新建MyRealm.java
package com.badao.realm;
import java.sql.Connection;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import com.badao.dao.UserDao;
import com.badao.entity.User;
import com.badao.util.DbUtil;
public class MyRealm extends AuthorizingRealm{
private UserDao userDao=new UserDao();
private DbUtil dbUtil=new DbUtil();
/**
* 为当前登录的用户授予角色和权限
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userName=(String)principals.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
Connection con=null;
try{
con=dbUtil.getCon();
authorizationInfo.setRoles(userDao.getRoles(con,userName));
authorizationInfo.setStringPermissions(userDao.getPermissions(con,userName));
}catch(Exception e){
e.printStackTrace();
}finally{
try {
dbUtil.closeCon(con);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return authorizationInfo;
}
/**
* 验证当前登录的用户
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String userName=(String)token.getPrincipal();
Connection con=null;
try{
con=dbUtil.getCon();
User user=userDao.getByUserName(con, userName);
if(user!=null){
AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx");
return authcInfo;
}else{
return null;
}
}catch(Exception e){
e.printStackTrace();
}finally{
try {
dbUtil.closeCon(con);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return null;
}
}编写UserDao
package com.badao.dao;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.HashSet;
import java.util.Set;
import com.badao.entity.User;
public class UserDao {
public User getByUserName(Connection con,String userName)throws Exception{
User resultUser=null;
String sql="select * from t_user where userName=?";
PreparedStatement pstmt=con.prepareStatement(sql);
pstmt.setString(1, userName);
ResultSet rs=pstmt.executeQuery();
if(rs.next()){
resultUser=new User();
resultUser.setId(rs.getInt("id"));
resultUser.setUserName(rs.getString("userName"));
resultUser.setPassword(rs.getString("password"));
}
return resultUser;
}
public Set<String> getRoles(Connection con, String userName) throws Exception{
Set<String> roles=new HashSet<String>();
String sql="select * from t_user u,t_role r where u.roleId=r.id and u.userName=?";
PreparedStatement pstmt=con.prepareStatement(sql);
pstmt.setString(1, userName);
ResultSet rs=pstmt.executeQuery();
while(rs.next()){
roles.add(rs.getString("roleName"));
}
return roles;
}
public Set<String> getPermissions(Connection con, String userName)throws Exception {
Set<String> permissions=new HashSet<String>();
String sql="select * from t_user u,t_role r,t_permission p where u.roleId=r.id and p.roleId=r.id and u.userName=?";
PreparedStatement pstmt=con.prepareStatement(sql);
pstmt.setString(1, userName);
ResultSet rs=pstmt.executeQuery();
while(rs.next()){
permissions.add(rs.getString("permissionName"));
}
return permissions;
}
}编写entity
package com.badao.entity;
public class User {
private Integer id;
private String userName;
private String password;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}修改ini配置文件
将原来的配置用户、角色、权限的部分替换为:
myRealm=com.badao.realm.MyRealm
securityManager.realms=$myRealm完整配置文件代码
[main]
authc.loginUrl=/login
roles.unauthorizedUrl=/unauthorized.jsp
perms.unauthorizedUrl=/unauthorized.jsp
myRealm=com.badao.realm.MyRealm
securityManager.realms=$myRealm
[urls]
/login=anon
/admin/**=authc
/student=roles[teacher]
/teacher=perms["user:create"]项目结构
源码下载
https://download.****.net/download/badao_liumang_qizhi/11174591