- pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.fmz</groupId>
<artifactId>shiroDemo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<!-- 添加Servlet支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.1</version>
</dependency>
<!-- 添加jstl支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- 添加Spring支持 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.2.3</version>
</dependency>
<!-- 添加日志支持 -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<!-- 添加mybatis支持 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.3.0</version>
</dependency>
<!-- jdbc驱动包 -->
<!-- mysql数据库 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.37</version>
</dependency>
<!-- sqlserver -->
<!-- <dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>sqljdbc4</artifactId>
<version>4.0</version>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>6.4.0.jre7</version>
</dependency> -->
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.4</version>
</dependency>
</dependencies>
</project>
- web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<!-- shiro过滤器定义 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<!-- Spring监听器 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- 编码过滤器 -->
<filter>
<filter-name>SpringEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SpringEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 添加对springmvc的支持 -->
<servlet>
<servlet-name>SpringMVC</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/spring-mvc*.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>SpringMVC</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
- mapper–>UserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.fmz.dao.UserDao">
<select id="getByUid" parameterType="String" resultType="User">
select * from users where uid=#{uid}
</select>
<select id="getRoles" parameterType="String" resultType="String">
select r.c_role from users u,c_role r where u.roleid=r.c_id and u.uid=#{uid}
</select>
<select id="getPermissions" parameterType="String" resultType="String">
select p.permission_name from users u,c_role r,c_permission p where u.roleid=r.c_id and p.role_id=r.c_id and u.uid=#{uid}
</select>
</mapper>
- applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">
<!-- 引入数据库配置文件 -->
<context:property-placeholder location="classpath:db.properties"/>
<!-- 自动扫描 -->
<context:component-scan base-package="com.fmz.service" />
<!-- 配置数据源 -->
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
<property name="jdbcUrl" value="${jdbc.jdbcUrl}"></property>
<property name="driverClass" value="${jdbc.driverClass}"></property>
<property name="user" value="${jdbc.user}"></property>
<property name="password" value="${jdbc.password}"></property>
</bean>
<!-- 配置mybatis的sqlSessionFactory -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<!-- 自动扫描mappers.xml文件 -->
<property name="mapperLocations" value="classpath:mapper/*.xml"></property>
<!-- mybatis配置文件 -->
<property name="configLocation" value="classpath:mybatis-config.xml"></property>
</bean>
<!-- DAO接口所在包名,Spring会自动查找其下的类 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.fmz.dao" />
</bean>
<!-- 配置事务管理 -->
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<!-- 自定义Realm -->
<bean id="myRealm" class="com.fmz.realm.MyRealm"/>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean>
<!-- Shiro过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager"/>
<!-- 身份认证失败,则跳转到登录页面的配置 -->
<property name="loginUrl" value="/login.jsp"/>
<!-- 权限认证失败,则跳转到指定页面 -->
<property name="unauthorizedUrl" value="/unauthorized.jsp"/>
<!-- Shiro连接约束配置,即过滤链的定义 -->
<property name="filterChainDefinitions">
<value>
/login=anon
/logout=logout
/admin=authc
/user=roles[admin]
/admin=perms["admin:create"]
/**=authc
</value>
</property>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- 开启Shiro注解 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<!-- 配置事务通知属性 -->
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<!-- 定义事务传播属性 -->
<tx:attributes>
<tx:method name="insert*" propagation="REQUIRED" />
<tx:method name="update*" propagation="REQUIRED" />
<tx:method name="edit*" propagation="REQUIRED" />
<tx:method name="save*" propagation="REQUIRED" />
<tx:method name="add*" propagation="REQUIRED" />
<tx:method name="new*" propagation="REQUIRED" />
<tx:method name="set*" propagation="REQUIRED" />
<tx:method name="remove*" propagation="REQUIRED" />
<tx:method name="delete*" propagation="REQUIRED" />
<tx:method name="change*" propagation="REQUIRED" />
<tx:method name="check*" propagation="REQUIRED" />
<tx:method name="get*" propagation="REQUIRED" read-only="true" />
<tx:method name="find*" propagation="REQUIRED" read-only="true" />
<tx:method name="load*" propagation="REQUIRED" read-only="true" />
<tx:method name="*" propagation="REQUIRED" read-only="true" />
</tx:attributes>
</tx:advice>
<!-- 配置事务切面 -->
<aop:config>
<aop:pointcut id="txPoint"
expression="execution(* com.fmz.service.*.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="txPoint" />
</aop:config>
</beans>
- db.properties
jdbc.driverClass=com.mysql.jdbc.Driver
jdbc.jdbcUrl=jdbc:mysql://localhost:3306/emp?useUnicode=true&characterEncoding=utf8
jdbc.user=root
jdbc.password=admin
- log4j.properties
log4j.rootLogger=DEBUG, Console
#Console
log4j.appender.Console=org.apache.log4j.ConsoleAppender
log4j.appender.Console.layout=org.apache.log4j.PatternLayout
log4j.appender.Console.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n
log4j.logger.java.sql.ResultSet=INFO
log4j.logger.org.apache=INFO
log4j.logger.java.sql.Connection=DEBUG
log4j.logger.java.sql.Statement=DEBUG
log4j.logger.java.sql.PreparedStatement=DEBUG
- mybatis-config.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<settings>
<!-- 开启驼峰命名法 -->
<setting name="mapUnderscoreToCamelCase" value="true"/>
</settings>
<!-- 别名 -->
<typeAliases>
<package name="com.fmz.entity"/>
</typeAliases>
</configuration>
- spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
<!-- 扫描注解包 -->
<context:component-scan base-package="com.fmz.controller" />
<!-- 视图解析器 -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
</beans>
- com.fmz.controller–>UserController.java
package com.fmz.controller;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import com.fmz.entity.User;
@Controller
public class UserController {
@RequestMapping("/login")
public String login(User user,HttpServletRequest request){
//获取当前用户
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken(user.getUid(), user.getPassword());
try{
//为当前用户进行认证,授权
subject.login(token);
request.setAttribute("user", user);
return "success";
}catch(Exception e){
e.printStackTrace();
request.setAttribute("user", user);
request.setAttribute("errorMsg", "用户名或密码错误!");
return "login";
}
}
@RequestMapping("/admin")
public String index() {
return "index";
}
}
- com.fmz.dao–>UserDao.java
package com.fmz.dao;
import java.util.Set;
import com.fmz.entity.User;
public interface UserDao {
/**
* 通过用户名查找用户
* @param uid
* @return User
*/
public User getByUid(String uid);
/**
* 通过用户名查找该用户所有的角色并保存在Set集合中
* @param uid
* @return Set<String>
*/
public Set<String> getRoles(String uid);
/**
* 通过用户名查找该用户所有的权限并保存在Set集合中
* @param uid
* @return Set<String>
*/
public Set<String> getPermissions(String uid);
}
- com.fmz.entity–>Employee.java
package com.fmz.entity;
public class Employee {
private Integer id;
private String jnum;
private String ename;
private String job;
private String domain;
private Integer age;
private String sex;
private String birth;
private String aptitude;
private String b1;
private String b2;
private String b3;
private String b4;
private String b5;
public Employee(Integer id, String jnum, String ename, String job, String domain, Integer age, String sex,
String birth, String aptitude, String b1, String b2, String b3, String b4, String b5) {
super();
this.id = id;
this.jnum = jnum;
this.ename = ename;
this.job = job;
this.domain = domain;
this.age = age;
this.sex = sex;
this.birth = birth;
this.aptitude = aptitude;
this.b1 = b1;
this.b2 = b2;
this.b3 = b3;
this.b4 = b4;
this.b5 = b5;
}
public Employee() {
super();
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getJnum() {
return jnum;
}
public void setJnum(String jnum) {
this.jnum = jnum;
}
public String getEname() {
return ename;
}
public void setEname(String ename) {
this.ename = ename;
}
public String getJob() {
return job;
}
public void setJob(String job) {
this.job = job;
}
public String getDomain() {
return domain;
}
public void setDomain(String domain) {
this.domain = domain;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public String getSex() {
return sex;
}
public void setSex(String sex) {
this.sex = sex;
}
public String getBirth() {
return birth;
}
public void setBirth(String birth) {
this.birth = birth;
}
public String getAptitude() {
return aptitude;
}
public void setAptitude(String aptitude) {
this.aptitude = aptitude;
}
public String getB1() {
return b1;
}
public void setB1(String b1) {
this.b1 = b1;
}
public String getB2() {
return b2;
}
public void setB2(String b2) {
this.b2 = b2;
}
public String getB3() {
return b3;
}
public void setB3(String b3) {
this.b3 = b3;
}
public String getB4() {
return b4;
}
public void setB4(String b4) {
this.b4 = b4;
}
public String getB5() {
return b5;
}
public void setB5(String b5) {
this.b5 = b5;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((age == null) ? 0 : age.hashCode());
result = prime * result + ((aptitude == null) ? 0 : aptitude.hashCode());
result = prime * result + ((b1 == null) ? 0 : b1.hashCode());
result = prime * result + ((b2 == null) ? 0 : b2.hashCode());
result = prime * result + ((b3 == null) ? 0 : b3.hashCode());
result = prime * result + ((b4 == null) ? 0 : b4.hashCode());
result = prime * result + ((b5 == null) ? 0 : b5.hashCode());
result = prime * result + ((birth == null) ? 0 : birth.hashCode());
result = prime * result + ((domain == null) ? 0 : domain.hashCode());
result = prime * result + ((ename == null) ? 0 : ename.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((jnum == null) ? 0 : jnum.hashCode());
result = prime * result + ((job == null) ? 0 : job.hashCode());
result = prime * result + ((sex == null) ? 0 : sex.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
Employee other = (Employee) obj;
if (age == null) {
if (other.age != null)
return false;
} else if (!age.equals(other.age))
return false;
if (aptitude == null) {
if (other.aptitude != null)
return false;
} else if (!aptitude.equals(other.aptitude))
return false;
if (b1 == null) {
if (other.b1 != null)
return false;
} else if (!b1.equals(other.b1))
return false;
if (b2 == null) {
if (other.b2 != null)
return false;
} else if (!b2.equals(other.b2))
return false;
if (b3 == null) {
if (other.b3 != null)
return false;
} else if (!b3.equals(other.b3))
return false;
if (b4 == null) {
if (other.b4 != null)
return false;
} else if (!b4.equals(other.b4))
return false;
if (b5 == null) {
if (other.b5 != null)
return false;
} else if (!b5.equals(other.b5))
return false;
if (birth == null) {
if (other.birth != null)
return false;
} else if (!birth.equals(other.birth))
return false;
if (domain == null) {
if (other.domain != null)
return false;
} else if (!domain.equals(other.domain))
return false;
if (ename == null) {
if (other.ename != null)
return false;
} else if (!ename.equals(other.ename))
return false;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
if (jnum == null) {
if (other.jnum != null)
return false;
} else if (!jnum.equals(other.jnum))
return false;
if (job == null) {
if (other.job != null)
return false;
} else if (!job.equals(other.job))
return false;
if (sex == null) {
if (other.sex != null)
return false;
} else if (!sex.equals(other.sex))
return false;
return true;
}
@Override
public String toString() {
return "Employee [id=" + id + ", jnum=" + jnum + ", ename=" + ename + ", job=" + job + ", domain=" + domain
+ ", age=" + age + ", sex=" + sex + ", birth=" + birth + ", aptitude=" + aptitude + ", b1=" + b1
+ ", b2=" + b2 + ", b3=" + b3 + ", b4=" + b4 + ", b5=" + b5 + "]";
}
}
- com.fmz.entity–>User.java
package com.fmz.entity;
public class User {
private Integer id;
private String uid;
private String password;
private Integer roleid;
private String department;
private String team;
private String classes;
private String endtime;
private String nowstate;
private String userstate;
private String a1;
private String a2;
private String a3;
private String a4;
private String a5;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUid() {
return uid;
}
public void setUid(String uid) {
this.uid = uid;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Integer getRoleid() {
return roleid;
}
public void setRoleid(Integer roleid) {
this.roleid = roleid;
}
public String getDepartment() {
return department;
}
public void setDepartment(String department) {
this.department = department;
}
public String getTeam() {
return team;
}
public void setTeam(String team) {
this.team = team;
}
public String getClasses() {
return classes;
}
public void setClasses(String classes) {
this.classes = classes;
}
public String getEndtime() {
return endtime;
}
public void setEndtime(String endtime) {
this.endtime = endtime;
}
public String getNowstate() {
return nowstate;
}
public void setNowstate(String nowstate) {
this.nowstate = nowstate;
}
public String getUserstate() {
return userstate;
}
public void setUserstate(String userstate) {
this.userstate = userstate;
}
public String getA1() {
return a1;
}
public void setA1(String a1) {
this.a1 = a1;
}
public String getA2() {
return a2;
}
public void setA2(String a2) {
this.a2 = a2;
}
public String getA3() {
return a3;
}
public void setA3(String a3) {
this.a3 = a3;
}
public String getA4() {
return a4;
}
public void setA4(String a4) {
this.a4 = a4;
}
public String getA5() {
return a5;
}
public void setA5(String a5) {
this.a5 = a5;
}
public User(Integer id, String uid, String password, Integer roleid, String department, String team, String classes,
String endtime, String nowstate, String userstate, String a1, String a2, String a3, String a4, String a5) {
super();
this.id = id;
this.uid = uid;
this.password = password;
this.roleid = roleid;
this.department = department;
this.team = team;
this.classes = classes;
this.endtime = endtime;
this.nowstate = nowstate;
this.userstate = userstate;
this.a1 = a1;
this.a2 = a2;
this.a3 = a3;
this.a4 = a4;
this.a5 = a5;
}
public User() {
super();
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((a1 == null) ? 0 : a1.hashCode());
result = prime * result + ((a2 == null) ? 0 : a2.hashCode());
result = prime * result + ((a3 == null) ? 0 : a3.hashCode());
result = prime * result + ((a4 == null) ? 0 : a4.hashCode());
result = prime * result + ((a5 == null) ? 0 : a5.hashCode());
result = prime * result + ((classes == null) ? 0 : classes.hashCode());
result = prime * result + ((department == null) ? 0 : department.hashCode());
result = prime * result + ((endtime == null) ? 0 : endtime.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((nowstate == null) ? 0 : nowstate.hashCode());
result = prime * result + ((password == null) ? 0 : password.hashCode());
result = prime * result + ((roleid == null) ? 0 : roleid.hashCode());
result = prime * result + ((team == null) ? 0 : team.hashCode());
result = prime * result + ((uid == null) ? 0 : uid.hashCode());
result = prime * result + ((userstate == null) ? 0 : userstate.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
User other = (User) obj;
if (a1 == null) {
if (other.a1 != null)
return false;
} else if (!a1.equals(other.a1))
return false;
if (a2 == null) {
if (other.a2 != null)
return false;
} else if (!a2.equals(other.a2))
return false;
if (a3 == null) {
if (other.a3 != null)
return false;
} else if (!a3.equals(other.a3))
return false;
if (a4 == null) {
if (other.a4 != null)
return false;
} else if (!a4.equals(other.a4))
return false;
if (a5 == null) {
if (other.a5 != null)
return false;
} else if (!a5.equals(other.a5))
return false;
if (classes == null) {
if (other.classes != null)
return false;
} else if (!classes.equals(other.classes))
return false;
if (department == null) {
if (other.department != null)
return false;
} else if (!department.equals(other.department))
return false;
if (endtime == null) {
if (other.endtime != null)
return false;
} else if (!endtime.equals(other.endtime))
return false;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
if (nowstate == null) {
if (other.nowstate != null)
return false;
} else if (!nowstate.equals(other.nowstate))
return false;
if (password == null) {
if (other.password != null)
return false;
} else if (!password.equals(other.password))
return false;
if (roleid == null) {
if (other.roleid != null)
return false;
} else if (!roleid.equals(other.roleid))
return false;
if (team == null) {
if (other.team != null)
return false;
} else if (!team.equals(other.team))
return false;
if (uid == null) {
if (other.uid != null)
return false;
} else if (!uid.equals(other.uid))
return false;
if (userstate == null) {
if (other.userstate != null)
return false;
} else if (!userstate.equals(other.userstate))
return false;
return true;
}
@Override
public String toString() {
return "User [id=" + id + ", uid=" + uid + ", password=" + password + ", roleid=" + roleid + ", department="
+ department + ", team=" + team + ", classes=" + classes + ", endtime=" + endtime + ", nowstate="
+ nowstate + ", userstate=" + userstate + ", a1=" + a1 + ", a2=" + a2 + ", a3=" + a3 + ", a4=" + a4
+ ", a5=" + a5 + "]";
}
}
- com.fmz.realm–>MyRealm.java
package com.fmz.realm;
import java.util.Set;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import com.fmz.entity.User;
import com.fmz.service.UserService;
public class MyRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
/**
* 授权方法
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//获取当前身份
String uid = (String) principals.getPrimaryPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//从数据库中查找该用户有何角色和权限
Set<String> roles = userService.getRoles(uid);
Set<String> permissions = userService.getPermissions(uid);
//为当前用户赋予对应角色和权限
info.setRoles(roles);
info.setStringPermissions(permissions);
return info;
}
/**
* 认证方法
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取用户名
String uid = (String) token.getPrincipal();
//从数据库中查找用户信息
User user = userService.getByUid(uid);
if (user == null) {
return null;
}
AuthenticationInfo info = new SimpleAuthenticationInfo(user.getUid(), user.getPassword(), getName());
return info;
}
}
- com.fmz.service–>UserService.java
package com.fmz.service;
import java.util.Set;
import com.fmz.entity.User;
public interface UserService {
/**
* 通过用户名查找用户
* @param uid
* @return User
*/
public User getByUid(String uid);
/**
* 通过用户名查找该用户所有的角色并保存在Set集合中
* @param uid
* @return Set<String>
*/
public Set<String> getRoles(String uid);
/**
* 通过用户名查找该用户所有的权限并保存在Set集合中
* @param uid
* @return Set<String>
*/
public Set<String> getPermissions(String uid);
}
- com.fmz.service.impl–>UserServiceImpl.java
package com.fmz.service.impl;
import java.util.Set;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.fmz.dao.UserDao;
import com.fmz.entity.User;
import com.fmz.service.UserService;
@Service
public class UserServiceImpl implements UserService{
@Autowired
private UserDao userDao;
public User getByUid(String uid) {
return userDao.getByUid(uid);
}
public Set<String> getRoles(String uid) {
return userDao.getRoles(uid);
}
public Set<String> getPermissions(String uid) {
return userDao.getPermissions(uid);
}
}
16 . index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="gbk"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>管理系统</title>
<script type="text/javascript" src="js/jquery-3.1.1.js"></script>
<script type="text/javascript" src="js/index.js"></script>
<link rel="shortcut icon" href="icon/ali.gif" type="image/gif" />
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
<style type="text/css">
a {
outline-style: none;
color: #535353;
text-decoration: none
}
</style>
</head>
<body onload="addUser()">
<div>
<table>
<tr>
<td align="right"><h3>当前用户:</h3></td>
<td><h3 id="user">
<shiro:principal />
</h3></td>
</tr>
<tr>
<td colspan="2" width="150">
<ul>
<li><a href="javascript:;" id="A">用户管理</a></li>
<ul id="a" style="display:none">
<li><a href="javascript:addUser()">添加用户</a></li>
<li><a href="javascript:getAll()">修改用户</a></li>
</ul>
<li><a href="javascript:;" id="B">角色管理</a></li>
<ul id="b" style="display:none">
<li><a href="javascript:addRole()">添加角色</a></li>
<li><a href="javascript:getAllRoles()">修改角色</a></li>
</ul>
<li><a href="javascript:;" id="C">权限管理</a></li>
<ul id="c" style="display:none">
<li><a href="javascript:addPermission()">添加权限</a></li>
<li><a href="javascript:getAllPermissions()">修改角色</a></li>
</ul>
<li><a href="logout">Exit</a></li>
</ul>
</td>
</tr>
</table>
</div>
<div id="div_add">
<form style="position: absolute;top: 100;left: 500">
<table align="center" width="300">
<tr>
<td colspan="2" align="center"><h1>添加</h1>
<hr></td>
</tr>
<tr>
<td align="right">姓名:</td>
<td align="center"><input type="text" name="username"
id="username" /></td>
</tr>
<tr>
<td align="right">密码:</td>
<td align="center"><input type="password" name="password"
id="password" /></td>
</tr>
<shiro:hasRole name="admin">
<tr>
<td align="right">角色:</td>
<td id="roles" align="center"></td>
</tr>
</shiro:hasRole>
<tr>
<td></td>
<td align="right"><input type="button" value="提 交" id="t_add" /></td>
</tr>
</table>
</form>
</div>
<div id="div_update" style=display:none>
<form action="addUser" method="post">
<table align="center" style="position: absolute;top: 100;left: 500"
border="1" bordercolor="black" cellspacing="0" id="t_allUser">
<tr>
<td colspan="4" align="center"><h1>查询</h1></td>
</tr>
<tr align="center" id="last">
<td width="40">ID</td>
<td width="60">姓名</td>
<td width="120">权限</td>
<td width="90">操作</td>
</tr>
</table>
</form>
</div>
<div id="div_role" style=display:none>
<form style="position: absolute;top: 100;left: 500">
<table align="center" width="300">
<tr>
<td colspan="2" align="center"><h1>添加</h1>
<hr></td>
</tr>
<tr>
<td align="right">角色:</td>
<td align="center"><input type="text" name="rolename"
id="rolename" /></td>
</tr>
<shiro:hasRole name="admin">
<tr>
<td align="right">权限:</td>
<td id="permission" align="center"></td>
</tr>
</shiro:hasRole>
<tr>
<td></td>
<td align="right"><input type="button" value="提 交"
id="role_add" /></td>
</tr>
</table>
</form>
</div>
<div id="div_updaterole" style=display:none>
<form action="addRole" method="post">
<table align="center" style="position: absolute;top: 100;left: 500"
border="1" bordercolor="black" cellspacing="0" id="t_allRole">
<tr>
<td colspan="4" align="center"><h1>查询</h1></td>
</tr>
<tr align="center" id="last">
<td width="40">ID</td>
<td width="60">角色</td>
<td width="120">权限</td>
<td width="90">操作</td>
</tr>
</table>
</form>
</div>
<div id="div_permission" style=display:none>
<form style="position: absolute;top: 100;left: 500">
<table align="center" width="300">
<tr>
<td colspan="2" align="center"><h1>添加</h1>
<hr></td>
</tr>
<tr>
<td align="right">权限:</td>
<td align="center"><input type="text" name="permissionname"
id="permissionname" /></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="button" value="提 交"
id="permission_add" /></td>
</tr>
</table>
</form>
</div>
<div id="div_updatepermission" style=display:none>
<form action="addPermission" method="post">
<table align="center" style="position: absolute;top: 100;left: 500"
border="1" bordercolor="black" cellspacing="0" id="t_allPermission">
<tr>
<td colspan="3" align="center"><h1>查询</h1></td>
</tr>
<tr align="center" id="last">
<td width="40">ID</td>
<td width="120">权限</td>
<td width="90">操作</td>
</tr>
</table>
</form>
</div>
</body>
</html>
- login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
</head>
<style>
body{
background-color: #C0C0C0;
}
.lading{
background:rgba(255, 255, 255, 0.4) !important;
border-radius: 20px;
width: 350px;
height: 300px;
border:1px solid #ccc;
margin:0 auto;
margin-top: 150px;
text-align: center;
padding-top: 60px;
}
.click_lading,.password{
margin: 20px 0px;
}
.lading input{
width: 200px;
height: 40px;
color: #6e6e6e;
text-indent: 10px;
}
*{
padding: 0px;
margin: 0px;
font-size: 14px;
}
</style>
<body style="background-image: url('img/login-bg-3.jsp');">
<div class="lading">
<form action="${pageContext.request.contextPath }/login" method="post">
<div class="account">账号:<input type="text" placeholder="请输入账号" name="uid" value="${user.uid }"/></div>
<div class="password">密码:<input type="password" placeholder="请输入密码" name="password" value="${user.password }"></div>
<div><input type="submit" value="登录"/></div>
<font color="red">${errorMsg }</font>
</form>
</div>
</body>
</html>
- success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录成功</title>
</head>
<body>
尊敬的:<shiro:principal/>欢迎您!<br>
<shiro:hasRole name="user">
用户<br>
</shiro:hasRole>
<shiro:hasRole name="admin">
admin管理员<br>
</shiro:hasRole>
<shiro:hasPermission name="admin:create">
您具备admin:create权限<br>
</shiro:hasPermission>
<shiro:hasPermission name="user:update">
您具备user:update权限<br>
</shiro:hasPermission>
<br>
<shiro:hasPermission name="{user:update,user:*}">
具备user:update,user:*权限才能看到这句话<br>
</shiro:hasPermission>
<a href="admin">需要admin:create(管理员)权限才能访问首页哦!</a><br>
<a href="logout">退出系统</a>
</body>
</html>
- unauthorized.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>访问失败</title>
</head>
<body>
抱歉<shiro:principal/>,你不具备访问该页面内容的角色或权限
</body>
</html>
- shiroDemo结构
- 数据库结构
- permission
4.role
5.userrole
6.employyee
7.users
- 数据库脚本(sqlserver)
USE [emp]
GO
/****** Object: Table [dbo].[users] Script Date: 10/18/2018 23:07:52 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[users](
[id] [int] IDENTITY(1,1) NOT NULL,
[uid] [varchar](50) NOT NULL,
[password] [varchar](50) NOT NULL,
[roleid] [int] NOT NULL,
[department] [varchar](50) NULL,
[team] [varchar](50) NULL,
[classes] [varchar](50) NULL,
[endtime] [varchar](50) NULL,
[nowstate] [varchar](50) NULL,
[userstate] [varchar](50) NULL,
[a1] [varchar](50) NULL,
[a2] [varchar](50) NULL,
[a3] [varchar](50) NULL,
[a4] [varchar](50) NULL,
[a5] [varchar](50) NULL,
CONSTRAINT [PK_users] PRIMARY KEY CLUSTERED
(
[id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED
(
[roleid] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED
(
[uid] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
GO
SET IDENTITY_INSERT [dbo].[users] ON
INSERT [dbo].[users] ([id], [uid], [password], [roleid], [department], [team], [classes], [endtime], [nowstate], [userstate], [a1], [a2], [a3], [a4], [a5]) VALUES (1, N'1004', N'1004', 1, N'物流部', N'管理组', N'早班', N'', N'', N'', NULL, NULL, NULL, NULL, NULL)
INSERT [dbo].[users] ([id], [uid], [password], [roleid], [department], [team], [classes], [endtime], [nowstate], [userstate], [a1], [a2], [a3], [a4], [a5]) VALUES (2, N'1005', N'1005', 2, N'计划部', N'计划组', N'晚班', N'', N'', N'', NULL, NULL, NULL, NULL, NULL)
SET IDENTITY_INSERT [dbo].[users] OFF
/****** Object: Table [dbo].[employee] Script Date: 10/18/2018 23:07:52 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[employee](
[id] [int] IDENTITY(1,1) NOT NULL,
[jnum] [nchar](10) NOT NULL,
[ename] [nchar](10) NOT NULL,
[job] [nchar](10) NOT NULL,
[domain] [nchar](10) NOT NULL,
[age] [int] NOT NULL,
[sex] [nchar](10) NOT NULL,
[birth] [nchar](10) NULL,
[aptitude] [nchar](10) NULL,
[b1] [varchar](max) NULL,
[b2] [varchar](max) NULL,
[b3] [varchar](max) NULL,
[b4] [varchar](max) NULL,
[b5] [varchar](max) NULL,
CONSTRAINT [PK_employee] PRIMARY KEY CLUSTERED
(
[id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED
(
[jnum] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
GO
SET IDENTITY_INSERT [dbo].[employee] ON
INSERT [dbo].[employee] ([id], [jnum], [ename], [job], [domain], [age], [sex], [birth], [aptitude], [b1], [b2], [b3], [b4], [b5]) VALUES (2, N'1002 ', N'张三 ', N'骑手 ', N'配送员 ', 20, N'男 ', N'2000-10-21', N'中等 ', NULL, NULL, NULL, NULL, NULL)
INSERT [dbo].[employee] ([id], [jnum], [ename], [job], [domain], [age], [sex], [birth], [aptitude], [b1], [b2], [b3], [b4], [b5]) VALUES (3, N'1003 ', N'李四 ', N'装卸 ', N'分拣员 ', 22, N'男 ', N'2000-10-21', N'良好 ', NULL, NULL, NULL, NULL, NULL)
INSERT [dbo].[employee] ([id], [jnum], [ename], [job], [domain], [age], [sex], [birth], [aptitude], [b1], [b2], [b3], [b4], [b5]) VALUES (4, N'1004 ', N'及时雨 ', N'班长 ', N'决策员 ', 23, N'男 ', N'2001-01-02', N'优秀 ', NULL, NULL, NULL, NULL, NULL)
INSERT [dbo].[employee] ([id], [jnum], [ename], [job], [domain], [age], [sex], [birth], [aptitude], [b1], [b2], [b3], [b4], [b5]) VALUES (5, N'1005 ', N'智多星 ', N'辅导 ', N'计划员 ', 21, N'男 ', N'1999-9-23 ', N'偏优 ', NULL, NULL, NULL, NULL, NULL)
INSERT [dbo].[employee] ([id], [jnum], [ename], [job], [domain], [age], [sex], [birth], [aptitude], [b1], [b2], [b3], [b4], [b5]) VALUES (6, N'1006 ', N'玉麒麟 ', N'组长 ', N'装配员 ', 22, N'男 ', N'2000-07-25', N'偏优 ', NULL, NULL, NULL, NULL, NULL)
INSERT [dbo].[employee] ([id], [jnum], [ename], [job], [domain], [age], [sex], [birth], [aptitude], [b1], [b2], [b3], [b4], [b5]) VALUES (7, N'1007 ', N'一丈青 ', N'组长 ', N'配送员 ', 19, N'女 ', N'1998-02-26', N'优秀 ', NULL, NULL, NULL, NULL, NULL)
SET IDENTITY_INSERT [dbo].[employee] OFF
/****** Object: Table [dbo].[c_userrole] Script Date: 10/18/2018 23:07:52 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[c_userrole](
[c_id] [int] NOT NULL,
[c_userid] [int] NOT NULL,
[c_roleid] [int] NOT NULL
) ON [PRIMARY]
GO
INSERT [dbo].[c_userrole] ([c_id], [c_userid], [c_roleid]) VALUES (1, 1, 1)
INSERT [dbo].[c_userrole] ([c_id], [c_userid], [c_roleid]) VALUES (2, 2, 2)
/****** Object: Table [dbo].[c_role] Script Date: 10/18/2018 23:07:52 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[c_role](
[c_id] [int] NOT NULL,
[c_role] [varchar](50) NOT NULL,
[c_description] [varchar](50) NOT NULL
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
GO
INSERT [dbo].[c_role] ([c_id], [c_role], [c_description]) VALUES (1, N'admin', N'管理员')
INSERT [dbo].[c_role] ([c_id], [c_role], [c_description]) VALUES (2, N'user', N'普通用户')
/****** Object: Table [dbo].[c_permission] Script Date: 10/18/2018 23:07:52 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[c_permission](
[id] [int] NOT NULL,
[permission_name] [varchar](50) NOT NULL,
[role_id] [int] NOT NULL
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
GO
INSERT [dbo].[c_permission] ([id], [permission_name], [role_id]) VALUES (1, N'admin:create', 1)
INSERT [dbo].[c_permission] ([id], [permission_name], [role_id]) VALUES (2, N'user:*', 2)