来源:蜘蛛抓取(WebSpider)
时间:2018-08-25 17:19
标签:
页面请求
博客分类:
SpringMVC+Shiro权限管理
什么是权限呢?举个简单的例子:
我有一个论坛,注册的用户分为normal用户,manager用户。对论坛的帖子的操作有这些:添加,删除,更新,查看,回复我们规定:normal用户只能:添加,查看,回复manager用户可以:删除,更新normal,manager对应的是角色(role)添加,删除,更新等对应的是权限(permission)我们采用下面的逻辑创建权限表结构(不是绝对的,根据需要修改)一个用户可以有多种角色(normal,manager,admin等等)一个角色可以有多个用户(user1,user2,user3等等)一个角色可以有多个权限(save,update,delete,query等等)一个权限只属于一个角色(delete只属于manager角色)
我们创建四张表:t_user用户表:设置了3个用户-------------------------------id + username
+ password---+----------------+----------1
000000---------------------------------t_role角色表:设置3个角色--------------id + rolename ---+----------1
+ manager3
+ normal--------------t_user_role用户角色表:tom是admin和normal角色,jack是manager和normal角色,rose是normal角色---------------------user_id
role_id-----------+-----------1
3---------------------t_permission权限表:admin角色可以删除,manager角色可以添加和更新,normal角色可以查看-----------------------------------id
permissionname
role_id----+------------------------+-----------1
3-----------------------------------
建立对应的POJO:
package com.cn.
import java.util.HashS
import java.util.L
import java.util.S
import javax.persistence.E
import javax.persistence.GeneratedV
import javax.persistence.GenerationT
import javax.persistence.Id;
import javax.persistence.JoinC
import javax.persistence.JoinT
import javax.persistence.ManyToM
import javax.persistence.T
import javax.persistence.T
import org.hibernate.validator.constraints.NotE
@Table(name="t_user")
public class User {
@NotEmpty(message="用户名不能为空")
@NotEmpty(message="密码不能为空")
private List&Role& roleL
@GeneratedValue(strategy=GenerationType.IDENTITY)
public Integer getId() {
public void setId(Integer id) {
public String getUsername() {
public void setUsername(String username) {
this.username =
public String getPassword() {
public void setPassword(String password) {
this.password =
@ManyToMany
@JoinTable(name="t_user_role",joinColumns={@JoinColumn(name="user_id")},inverseJoinColumns={@JoinColumn(name="role_id")})
public List&Role& getRoleList() {
return roleL
public void setRoleList(List&Role& roleList) {
this.roleList = roleL
@Transient
public Set&String& getRolesName(){
List&Role& roles=getRoleList();
Set&String& set=new HashSet&String&();
for (Role role : roles) {
set.add(role.getRolename());
package com.cn.
import java.util.ArrayL
import java.util.L
import javax.persistence.E
import javax.persistence.GeneratedV
import javax.persistence.GenerationT
import javax.persistence.Id;
import javax.persistence.JoinC
import javax.persistence.JoinT
import javax.persistence.ManyToM
import javax.persistence.OneToM
import javax.persistence.T
import javax.persistence.T
@Table(name="t_role")
public class Role {
private List&Permission& permissionL
private List&User& userL
@GeneratedValue(strategy=GenerationType.IDENTITY)
public Integer getId() {
public void setId(Integer id) {
public String getRolename() {
public void setRolename(String rolename) {
this.rolename =
@OneToMany(mappedBy="role")
public List&Permission& getPermissionList() {
return permissionL
public void setPermissionList(List&Permission& permissionList) {
this.permissionList = permissionL
@ManyToMany
@JoinTable(name="t_user_role",joinColumns={@JoinColumn(name="role_id")},inverseJoinColumns={@JoinColumn(name="user_id")})
public List&User& getUserList() {
return userL
public void setUserList(List&User& userList) {
this.userList = userL
@Transient
public List&String& getPermissionsName(){
List&String& list=new ArrayList&String&();
List&Permission& perlist=getPermissionList();
for (Permission per : perlist) {
list.add(per.getPermissionname());
package com.cn.
import javax.persistence.E
import javax.persistence.GeneratedV
import javax.persistence.GenerationT
import javax.persistence.Id;
import javax.persistence.JoinC
import javax.persistence.ManyToO
import javax.persistence.T
@Table(name="t_permission")
public class Permission {
@GeneratedValue(strategy=GenerationType.IDENTITY)
public Integer getId() {
public void setId(Integer id) {
public String getPermissionname() {
public void setPermissionname(String permissionname) {
this.permissionname =
@ManyToOne
@JoinColumn(name="role_id")
public Role getRole() {
public void setRole(Role role) {
this.role =
使用SHIRO的步骤:1,导入jar2,配置web.xml3,建立dbRelm4,在Spring中配置pom.xml中配置如下:
xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
0.0.1-SNAPSHOT
springmvc Maven Webapp
http://maven.apache.org
org.springframework
spring-webmvc
3.2.4.RELEASE
org.springframework
spring-jdbc
3.2.4.RELEASE
org.springframework
spring-orm
3.2.4.RELEASE
org.hibernate
hibernate-core
4.2.5.Final
org.hibernate
hibernate-ehcache
4.2.5.Final
net.sf.ehcache
commons-dbcp
commons-dbcp
mysql-connector-java
javax.inject
javax.inject
org.hibernate
hibernate-validator
5.0.1.Final
org.codehaus.jackson
jackson-mapper-asl
javax.servlet
javax.servlet
servlet-api
org.apache.shiro
shiro-core
org.apache.shiro
org.apache.shiro
shiro-spring
org.mortbay.jetty
jetty-maven-plugin
implementation="org.eclipse.jetty.server.nio.SelectChannelConnector"
web.xml中的配置:
version="1.0" encoding="UTF-8"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
Archetype Created Web Application
opensessioninview
org.springframework.orm.hibernate4.support.OpenSessionInViewFilter
opensessioninview
org.springframework.web.servlet.DispatcherServlet
contextConfigLocation
classpath:applicationContext*.xml
org.springframework.web.context.ContextLoaderListener
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
shiroFilter
package com.cn.
import java.util.L
import javax.inject.I
import org.apache.shiro.authc.AuthenticationE
import org.apache.shiro.authc.AuthenticationI
import org.apache.shiro.authc.AuthenticationT
import org.apache.shiro.authc.SimpleAuthenticationI
import org.apache.shiro.authc.UsernamePasswordT
import org.apache.shiro.authz.AuthorizationI
import org.apache.shiro.authz.SimpleAuthorizationI
import org.apache.shiro.realm.AuthorizingR
import org.apache.shiro.subject.PrincipalC
import org.springframework.stereotype.S
import org.springframework.transaction.annotation.T
import com.cn.pojo.R
import com.cn.pojo.U
@Transactional
public class MyShiro extends AuthorizingRealm{
private UserService userS
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String loginName=(String) principalCollection.fromRealm(getName()).iterator().next();
User user=userService.findByName(loginName);
if(user!=null){
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
info.setRoles(user.getRolesName());
List&Role& roleList=user.getRoleList();
for (Role role : roleList) {
info.addStringPermissions(role.getPermissionsName());
return null;
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token=(UsernamePasswordToken) authenticationT
User user=userService.findByName(token.getUsername());
if(user!=null){
return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
return null;
在spring的配置文件中配置,为了区别spring原配置和shiro我们将shiro的配置独立出来。
applicationContext-shiro.xml
version="1.0" encoding="UTF-8"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"
id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"
name="realm" ref="myShiro"
name="cacheManager" ref="cacheManager"
id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"
name="securityManager" ref="securityManager"
name="loginUrl" value="/login"
name="successUrl" value="/user"
name="unauthorizedUrl" value="/403"
name="filterChainDefinitions"
/static/**=anon
/user=perms[user:query]
/user/add=roles[manager]
/user/del/**=roles[admin]
/user/edit/**=roles[manager]
/** = authc
id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"
id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"
用于登录,登出,权限跳转的控制:
package com.cn.
import javax.validation.V
import org.apache.shiro.SecurityU
import org.apache.shiro.authc.AuthenticationE
import org.apache.shiro.authc.UsernamePasswordT
import org.springframework.stereotype.C
import org.springframework.ui.M
import org.springframework.validation.BindingR
import org.springframework.web.bind.annotation.RequestM
import org.springframework.web.bind.annotation.RequestM
import org.springframework.web.servlet.mvc.support.RedirectA
import com.cn.pojo.U
@Controller
public class HomeController {
@RequestMapping(value="/login",method=RequestMethod.GET)
public String loginForm(Model model){
model.addAttribute("user", new User());
return "/login";
@RequestMapping(value="/login",method=RequestMethod.POST)
public String login(@Valid User user,BindingResult bindingResult,RedirectAttributes redirectAttributes){
if(bindingResult.hasErrors()){
return "/login";
SecurityUtils.getSubject().login(new UsernamePasswordToken(user.getUsername(), user.getPassword()));
return "redirect:/user";
} catch (AuthenticationException e) {
redirectAttributes.addFlashAttribute("message","用户名或密码错误");
return "redirect:/login";
@RequestMapping(value="/logout",method=RequestMethod.GET)
public String logout(RedirectAttributes redirectAttributes ){
SecurityUtils.getSubject().logout();
redirectAttributes.addFlashAttribute("message", "您已安全退出");
return "redirect:/login";
@RequestMapping("/403")
public String unauthorizedRole(){
return "/403";
三个主要的JSP:login.jsp:
%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%
%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %
&!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
My JSP 'MyJsp.jsp' starting page
登录页面----${message }
alt="" src="/static/img/1.jpg"
action="/login" commandName="user" method="post"
用户名: path="username"
path="username" cssClass="error"
密 &&码: path="password"
path="password" cssClass="error"
name="button"submit
%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%
%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %
%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %
&!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
${message }
用户列表-- href="/user/add"添加用户--- href="/logout"退出登录
用户已经登录显示此内容
name="manager"manager角色登录显示此内容
name="admin"admin角色登录显示此内容
name="normal"normal角色登录显示此内容
name="manager,admin"**manager or admin 角色用户登录显示此内容**
-显示当前登录用户名
name="add"add权限用户显示此内容
name="user:query"query权限用户显示此内容
name="user:del" 不具有user:del权限的用户显示此内容
items="${userList }" var="user"
用户名:${user.username }----密码:${user.password }---- href="/user/edit/${user.id}"修改用户---- href="javascript:;" class="del" ref="${user.id }"删除用户
alt="" src="/static/img/1.jpg"
type="text/javascript" src="http://cdn.staticfile.org/jquery/1.9.1/jquery.min.js"
$(function(){
$(".del").click(function(){
var id=$(this).attr("ref");
type:"delete",
url:"/user/del/"+id,
success:function(e){
%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%
%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %
&!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
对不起,您没有权限请求此连接!
alt="" src="/static/img/1.jpg"
浏览 82060
:? [/img][/url][/flash]
浏览: 820717 次
来自: 武汉
prince4426 写道说的也太简单了吧。我还是没看懂你写个 ...
Shrio在线教程:http://www.sojson.com ...
不错,赞一个
写的不错,受用
可以发下源码吗
(window.slotbydup=window.slotbydup || []).push({
id: '4773203',
container: s,
size: '200,200',
display: 'inlay-fix'>> SpringMVC+shiro+hibernate权限管理整合
SpringMVC+shiro+hibernate权限管理整合
所属分类:
下载地址:
archx-spring-agg-master_Shiro.文件大小:1.25 MB
分享有礼! 》
请点击右侧的分享按钮,把本代码分享到各社交媒体。
通过您的分享链接访问Codeforge,每来2个新的IP,您将获得0.1 积分的奖励。
通过您的分享链接,每成功注册一个用户,该用户在Codeforge上所获得的每1个积分,您都将获得0.2 积分的分成奖励。
什么是权限?权限是管理web应用用户的一种手段,比如,一个电商平台,用户具有user的角色,他可以在这个商场里面进行交易。商家拥有的是user的角色同时也拥有manager的角色,因此,他可以进行买卖的同时进行对自己商品的管理。shiro就是一个基于RBAC权限设计模型的权限管理框架。什么是Shiro ?Apache Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能:&认证 - 用户身份识别,常被称为用户“登录”;授权 - 访问控制;密码加密 - 保护或隐藏数据防止被偷窥;会话管理 - 每用户相关的时间敏感的状态。以下是对使用SpringMVC+shiro+hibernate框架对用户管理的一个例子:附上项目:https://git.oschina.net/jeremie_astray/SpringMVC_Shiro/tree/master/Annotion版本:https://git.oschina.net/jeremie_astray/SpringMVC_Shiro/tree/shiro_annotation一、实体对应关系:用户与角色为一对多关系角色与权限为多对多关系权限过滤与角色和权限为一对一关系t_user(,用户表,密码为md5加密,可以自己修改)t_role(角色表)t_permission(权限表)t_function(权限过滤表)t_user_role(用户-角色表,中间表)t_role_permission(角色-权限表,中间表)实体类可以在文章结尾的git链接查看二、包导入及spring配置maven配置如下:[html] view plaincopyprint?&span style=&font-size:12&& & &&properties& && & & & &endorsed.dir&${project.build.directory}/endorsedendorsed.dir& && & & & &project.build.sourceEncoding&UTF-8project.build.sourceEncoding& && & & & &spring.version&4.1.0.RELEASEspring.version& && & properties& && & &&& & &dependencies& && & & & &dependency& && & & & & & &groupId&junitgroupId& && & & & & & &artifactId&junitartifactId& && & & & & & &version&3.8.1version& && & & & & & &scope&testscope& && & & & dependency& && & & & &&& & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-aspectsartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-beansartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-contextartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-context-supportartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-coreartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-expressionartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-jdbcartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-ormartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-txartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-webartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-webmvcartifactId& && & & & & & &version&${spring.version}version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&org.springframeworkgroupId& && & & & & & &artifactId&spring-testartifactId& && & & & & & &version&${spring.version}version& && & & & & & &scope&testscope& && & & & dependency& && & & & &&& & & & &dependency& && & & & & & &groupId&net.sf.ehcachegroupId& && & & & & & &artifactId&ehcacheartifactId& && & & & & & &version&2.7.2version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&commons-dbcpgroupId& && & & & & & &artifactId&commons-dbcpartifactId& && & & & & & &version&1.4version& && & & & dependency& && & & & &dependency& && & & & & & &groupId&mysqlgroupId& && & & & & & &artifactId&mysql-connector-javaartifactId& && & & & & & &version&5.1.26version& && & & & dependency& && & & & &&& & & & &dependency& && & & & & & &groupId&javax.injectgroupId& && & & & & & &artifactId&javax.injectartifactId& && & & & & & &version&1version& && & & & dependency& && & & & &&&&
Sponsored links
源码文件列表
温馨提示: 点击源码文件名可预览文件内容哦 ^_^
.gitignore40.00 B 21:21
LICENSE1.05 kB 21:21
10.07 kB 21:21
9.08 kB 21:21
490.00 B 21:21
2.24 kB 21:21
507.00 B 21:21
737.00 B 21:21
6.57 kB 21:21
892.00 B 21:21
1.80 kB 21:21
2.45 kB 21:21
201.00 B 21:21
846.00 B 21:21
1.47 kB 21:21
892.00 B 21:21
1.00 kB 21:21
871.00 B 21:21
348.00 B 21:21
136.00 B 21:21
261.00 B 21:21
1.27 kB 21:21
1.52 kB 21:21
2.70 kB 21:21
2.66 kB 21:21
3.02 kB 21:21
1.67 kB 21:21
3.74 kB 21:21
436.00 B 21:21
412.00 B 21:21
380.00 B 21:21
373.00 B 21:21
451.00 B 21:21
623.00 B 21:21
551.00 B 21:21
1.67 kB 21:21
1.27 kB 21:21
1.81 kB 21:21
454.00 B 21:21
350.00 B 21:21
316.00 B 21:21
506.00 B 21:21
2.50 kB 21:21
990.00 B 21:21
582.00 B 21:21
4.67 kB 21:21
1.16 kB 21:21
druid.properties487.00 B 21:21
1.01 kB 21:21
1.50 kB 21:21
1.25 kB 21:21
408.00 B 21:21
1.66 kB 21:21
2.24 kB 21:21
1.33 kB 21:21
5.38 kB 21:21
989.00 B 21:21
3.34 kB 21:21
3.55 kB 21:21
6.49 kB 21:21
5.04 kB 21:21
1.46 kB 21:21
1.14 kB 21:21
2.38 kB 21:21
1.93 kB 21:21
370.00 B 21:21
381.00 B 21:21
244.00 B 21:21
644.00 B 21:21
2.46 kB 21:21
525.00 B 21:21
214.00 B 21:21
3.54 kB 21:21
1.89 kB 21:21
20.34 kB 21:21
14.62 kB 21:21
FontAwesome.otf41.30 kB 21:21
fontawesome-webfont.eot24.80 kB 21:21
fontawesome-webfont.svg135.52 kB 21:21
fontawesome-webfont.ttf53.80 kB 21:21
fontawesome-webfont.woff28.69 kB 21:21
museo_slab_300-webfont.eot50.23 kB 21:21
museo_slab_300-webfont.ttf50.06 kB 21:21
museo_slab_500-webfont.eot54.21 kB 21:21
museo_slab_500-webfont.ttf54.04 kB 21:21
proximanova-sbold-webfont.eot13.84 kB 21:21
proximanova-sbold-webfont.ttf31.65 kB 21:21
proximanova-webfont.eot30.59 kB 21:21
proximanova-webfont.ttf87.63 kB 21:21
262.09 kB 21:21
90.46 kB 21:21
239.22 kB 21:21
81.65 kB 21:21
jquery.min.map123.63 kB 21:21
2.64 kB 21:21
6.10 kB 21:21
7.15 kB 21:21
2.02 kB 21:21
861.00 B 21:21
11.84 kB 21:21
86.08 kB 21:21
662.04 kB 21:21
73.64 kB 21:21
291.74 kB 21:21
zh-cn.json3.56 kB 21:21
80.05 kB 21:21
delete.png70.73 kB 21:21
index.png66.74 kB 21:21
login.png72.99 kB 21:21
normal.png62.14 kB 21:21
permission.png73.95 kB 21:21
931.00 B 21:21
437.00 B 21:21
979.00 B 21:21
(提交有效评论获得积分)
评论内容不能少于15个字,不要超出160个字。
darko1924Very nice code! thank you for uploading it
评价成功,多谢!
下载archx-spring-agg-master_Shiro.
CodeForge积分(原CF币)全新升级,功能更强大,使用更便捷,不仅可以用来下载海量源代码马上还可兑换精美小礼品了
您的积分不足,优惠套餐快速获取 30 积分
10积分 / ¥100
30积分 / ¥200原价 ¥300 元
100积分 / ¥500原价 ¥1000 元
订单支付完成后,积分将自动加入到您的账号。以下是优惠期的人民币价格,优惠期过后将恢复美元价格。
支付宝支付宝付款
微信钱包微信付款
更多付款方式:、
您本次下载所消耗的积分将转交上传作者。
同一源码,30天内重复下载,只扣除一次积分。
鲁ICP备号-3 runtime:Elapsed:198.305ms - init:0.2;find:3.7;t:22.1;tags:30.4;related:18.8;comment:3.6; 4.5
登录 CodeForge
还没有CodeForge账号?
Switch to the English version?
^_^"呃 ...
Sorry!这位大神很神秘,未开通博客呢,请浏览一下其他的吧
