shiro认证的主要过程
通过apache shiro处理用户认证和权限问题
首先需要自己编写UserRealm类并继承Realm,用以实现认证和授权操作
身份认证
/** * 验证当前登录的用户 * * @param authenticationToken * @return * @throws AuthenticationException */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { // 获取需要验证的用户名 String userName = (String) authenticationToken.getPrincipal(); //authenticationToken.getCredentials();//凭证信息,即:密码 // 查询数据库中是否存在该用户名 User user = this.userService.getUserByUserName(userName); if (user != null) { // 存在,则为该用户授予角色和权限 AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(), "xx"); return authcInfo; } // 不存在 return null; }权限控制
/** * 为当前登录的用户授予角色和权限 * * @param principalCollection * @return */ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { // 获取需要授权的用户名 String userName = (String) principalCollection.getPrimaryPrincipal(); // 创建授权对象 SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo(); // 查询当前用户名角色并授权 authzInfo.setRoles(this.userService.getRolesByUserName(userName)); // 查询当前用户名权限并授权 authzInfo.setStringPermissions(this.userService.getPermissionByUserName(userName)); return authzInfo; }controller中对应的代码
@RequestMapping("/login") public String login(User user, HttpServletRequest request) { // 获取subject对象 Subject subject = SecurityUtils.getSubject(); // 实例化用户名密码令牌 UsernamePasswordToken token = new UsernamePasswordToken(user.getUserName(), user.getPassword()); //token.setRememberMe(false); try { // 使用subject对象进行登陆 subject.login(token); // 获取session Session session = subject.getSession(); // 输出session //System.out.println("sessionId:" + session.getId() + ";sessionHost:" + session.getHost() + ";sessionTimeout:%s" + session.getTimeout()); session.setAttribute("info", "session的数据"); return "redirect:success"; } catch (Exception e) { // 验证失败 e.printStackTrace(); request.setAttribute("user", user); request.setAttribute("errorMsg", "用户名或密码错误"); return "login"; } }
参考链接
http://blog.csdn.net/sinat_35767703/article/details/67633186
shiro框架下获取当前登录用户名
获取用户名(后端)
//当前登录用户ID String loginuser = (String)SecurityUtils.getSubject().getPrincipal();获取用户名(前端)
引入标签
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ page isELIgnored="false" %><%--开启EL表达式--%>使用shiro标签获取当前登录用户
<shiro:principal/>
shiro+ssm中遇到的问题
shiro+ssm在jdk7下正常启动运行,在jdk6下无法启动运行:
控制台错误日志:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shiroFilter' defined in class path resource [spring-mybatis.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor#0' defined in class path resource [spring-mybatis.xml]: Cannot resolve reference to bean 'securityManager' while setting bean property 'securityManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityManager' defined in class path resource [spring-mybatis.xml]: ........在控制台搜索error还可以找到以下关键信息:
Caused by: java.lang.UnsupportedClassVersionError: org/aspectj/weaver/tools/PointcutDesignatorHandler : Unsupported major.minor version 51.0 (unable to load class org.aspectj.weaver.tools.PointcutDesignatorHandler) 由这段错误信息可以知道,aspectj没有被正确加载加载,原因是该版本不被支持,在pom.xml文件中找到aspectj: <!-- aspectjweaver --> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>1.8.10</version> </dependency> Unsupported major.minor version 51.0错误提示的原因: 这段错误提示的根本原因是我们使用低版本的 JRE 去运行高版本 JDK 编译的 class 文件!,51是jdk7