void(0);"class="dropdown-toggleqqlogin">登录
@shiro.guest>
2.user(已经登录,或者记住我登录)
<@shiro.user>
欢迎[<@shiro.principal/>]登录,退出
@shiro.user>
3.authenticated(已经认证,排除记住我登录的)
<@shiro.authenticated>
用户[<@shiro.principal/>]已身份验证通过
@shiro.authenticated>
4.notAuthenticated(和authenticated相反)
<@shiro.notAuthenticated>
当前身份未认证(包括记住我登录的)
@shiro.notAuthenticated>
5.principal标签(能够取到你在realm中保存的信息比如我存的是ShiroUser对象,取出其中urlSet属性)
--需要指定property-->
<@shiro.principalproperty="urlSet"/>
6.hasRole标签(判断是否拥有这个角色)
<@shiro.hasRolename="admin">
用户[<@shiro.principal/>]拥有角色admin
@shiro.hasRole>
7.hasAnyRoles标签(判断是否拥有这些角色的其中一个)
<@shiro.hasAnyRolesname="admin,user,member">
用户[<@shiro.principal/>]拥有角色admin或user或member
@shiro.hasAnyRoles>
8.lacksRole标签(判断是否不拥有这个角色)
<@shiro.lacksRolename="admin">
用户[<@shiro.principal/>]不拥有admin角色
@shiro.lacksRole>
9.hasPermission标签(判断是否有拥有这个权限)
<@shiro.hasPermissionname="user:
add">
用户[<@shiro.principal/>]拥有user:
add权限
@shiro.hasPermission>
10.lacksPermission标签(判断是否没有这个权限)
<@shiro.lacksPermissionname="user:
add">
用户[<@shiro.principal/>]不拥有user:
add权限
@shiro.lacksPermission>
**/
}
}
3.2修改spring-mvc-servlet.xml中的freemarker配置
4.新建CustomCredentialsMatcher类继承shiro的SimpleCredentialsMatcher类,这个类作用是自定义密码验证
[java]viewplaincopy在CODE上查看代码片派生到我的代码片
packagecom.business.shiro;
importorg.apache.shiro.authc.AuthenticationInfo;
importorg.apache.shiro.authc.AuthenticationToken;
importorg.apache.shiro.authc.UsernamePasswordToken;
importorg.apache.shiro.authc.credential.SimpleCredentialsMatcher;
importcom.business.util.MD5Util;
/**
*Description:
告诉shiro如何验证加密密码,通过SimpleCredentialsMatcher或HashedCredentialsMatcher
*@Author:
zh
*@CreateDate:
2017-5-9
*/
publicclassCustomCredentialsMatcherextendsSimpleCredentialsMatcher{
@Override
publicbooleandoCredentialsMatch(AuthenticationTokenauthcToken,AuthenticationInfoinfo){
UsernamePasswordTokentoken=(UsernamePasswordToken)authcToken;
ObjecttokenCredentials=MD5Util.hmac_md5(String.valueOf(token.getPassword()));
ObjectaccountCredentials=getCredentials(info);
//将密码加密与系统加密后的密码校验,内容一致就返回true,不一致就返回false
returnequals(tokenCredentials,accountCredentials);
}
}
5.新建ShiroDbRealm类
[java]viewplaincopy在CODE上查看代码片派生到我的代码片
packagecom.business.shiro;
importjava.util.List;
importjava.util.Set;
importjavax.annotation.PostConstruct;
importorg.apache.log4j.Logger;
importorg.apache.shiro.authc.AuthenticationException;
importorg.apache.shiro.authc.AuthenticationInfo;
importorg.apache.shiro.authc.AuthenticationToken;
importorg.apache.shiro.authc.DisabledAccountException;
importorg.apache.shiro.authc.SimpleAuthenticationInfo;
importorg.apache.shiro.authc.UsernamePasswordToken;
importorg.apache.shiro.authc.credential.CredentialsMatcher;
importorg.apache.shiro.authz.AuthorizationInfo;
importorg.apache.shiro.authz.SimpleAuthorizationInfo;
importorg.apache.shiro.cache.CacheManager;
importorg.apache.shiro.realm.AuthorizingRealm;
importorg.apache.shiro.subject.PrincipalCollection;
importorg.apache.shiro.subject.SimplePrincipalCollection;
importorg.springframework.beans.factory.annotation.Autowired;
importcom.business.dao.UserDao;
importcom.business.entity.Menu;
importcom.business.entity.Role;
importcom.business.entity.User;
importcom.business.entity.UserRole;
importcom.business.service.sysService.MenuService;
importcom.business.service.sysService.RoleService;
importcom.business.service.sysService.UserRoleService;
importcom.business.service.sysService.UserService;
importcom.business.util.SessionUtil;
importmon.util.BizUtil;
importmon.collect.Sets;
/**
*@description:
shiro权限认证
*@author:
zhanghao
*@date:
2017/5/814:
51
*/
publicclassShiroDbRealmextendsAuthorizingRealm{
privatestaticfinalLoggerLOGGER=Logger.getLogger(ShiroDbRealm.class);
@AutowiredprivateUserServiceuserService;
@AutowiredprivateUserDaouserDao;
@AutowiredprivateRoleServiceroleService;
@AutowiredprivateUserRoleServiceuserRoleService;
@AutowiredprivateMenuServicemenuService;
publicShiroDbRealm(CacheManagercacheManager,CredentialsMatchermatcher){
super(cacheManager,matcher);
}
/**
*Shiro登录认证(原理:
用户提交用户名和密码---shiro封装令牌----realm通过用户名将密码查询返回----shiro自动去比较查询出密码和用户输入密码是否一致----进行登陆控制)
*/
@Override
protectedAuthenticationInfodoGetAuthenticationInfo(
AuthenticationTokenauthcToken)throwsAuthenticationException{
LOGGER.info("Shiro开始登录认证");
UsernamePasswordTokentoken=(UsernamePasswordToken)authcToken;
Useruser=userDao.getByName(token.getUsername());
//账号不存在
if(user==null){
returnnull;
}
//账号未启用
if(user.getStatus()==1){
thrownewDisabledAccountException();
}
//将用户信息保存在session中
SessionUtil.addSession(user);
UserRoleuserRole=userRoleService.getByUserId(user.getId());
Rolerole=roleService.getById(userRole.getRoleId());
//读取用户的url和角色
Setroles=Sets.newHashSet(role.getName());
ListmenuIds=BizUtil.stringToLongList(role.getMenu(),",");
List