場景

從實例入手學習Shiro與Web的整合:
https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/details/90140802

在上面已經實現整合Web的基礎上實現 Shiro 自定義Realm，然后查詢數據實現權限驗證。

實現

數據庫搭建

新建t_user表,用戶表

新建t_role表，角色表

新建t_permission表，權限表

建立表的關聯關系

t_user表的roleId就是t_role表的id，一對多的關系。

t_role表的id就是t_premission表的roleId，一對多的關系。

插入t_user表數據

插入t_role數據

插入t_permission數據

添加項目依賴

打開pom.xml，添加mysql的依賴

<dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>8.0.11</version></dependency>

完整pom.xml代碼

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.badao.shiro</groupId><artifactId>ShiroWeb</artifactId><packaging>war</packaging><version>0.0.1-SNAPSHOT</version><name>ShiroWeb Maven Webapp</name><url>http://maven.apache.org</url><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>3.8.1</version><scope>test</scope></dependency><!-- 添加servlet支持 --><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.1</version></dependency><!-- 添加jstl支持 --><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!-- 添加日志支持 --><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加shiro支持 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.12</version></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>8.0.11</version></dependency></dependencies><build><finalName>ShiroWeb</finalName></build> </project>

新建連接數據庫工具類

在util包下新建Dbutil.java

package com.badao.util;import java.sql.Connection; import java.sql.DriverManager;/*** 數據庫工具類* @author**/ public class DbUtil {/*** 獲取數據庫連接* @return* @throws Exception*/public Connection getCon() throws Exception{Class.forName("com.mysql.jdbc.Driver");Connection con=DriverManager.getConnection("jdbc:mysql://localhost:3306/shirotest", "root", "123");return con;}/*** 關閉數據庫連接* @param con* @throws Exception*/public void closeCon(Connection con)throws Exception{if(con!=null){con.close();}}public static void main(String[] args) {DbUtil dbUtil=new DbUtil();try {dbUtil.getCon();System.out.println("數據庫連接成功");} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();System.out.println("數據庫連接失敗");}} }

編寫自定義Realm

新建realm包，包下新建MyRealm.java

package com.badao.realm;import java.sql.Connection;import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection;import com.badao.dao.UserDao; import com.badao.entity.User; import com.badao.util.DbUtil;public class MyRealm extends AuthorizingRealm{private UserDao userDao=new UserDao();private DbUtil dbUtil=new DbUtil();/*** 為當前登錄的用戶授予角色和權限*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {String userName=(String)principals.getPrimaryPrincipal();SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();Connection con=null;try{con=dbUtil.getCon();authorizationInfo.setRoles(userDao.getRoles(con,userName));authorizationInfo.setStringPermissions(userDao.getPermissions(con,userName));}catch(Exception e){e.printStackTrace();}finally{try {dbUtil.closeCon(con);} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();}}return authorizationInfo;}/*** 驗證當前登錄的用戶*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {String userName=(String)token.getPrincipal();Connection con=null;try{con=dbUtil.getCon();User user=userDao.getByUserName(con, userName);if(user!=null){AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx");return authcInfo;}else{return null;}}catch(Exception e){e.printStackTrace();}finally{try {dbUtil.closeCon(con);} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();}}return null;}}

編寫UserDao

package com.badao.dao;import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.util.HashSet; import java.util.Set;import com.badao.entity.User;public class UserDao {public User getByUserName(Connection con,String userName)throws Exception{User resultUser=null;String sql="select * from t_user where userName=?";PreparedStatement pstmt=con.prepareStatement(sql);pstmt.setString(1, userName);ResultSet rs=pstmt.executeQuery();if(rs.next()){resultUser=new User();resultUser.setId(rs.getInt("id"));resultUser.setUserName(rs.getString("userName"));resultUser.setPassword(rs.getString("password"));}return resultUser;}public Set<String> getRoles(Connection con, String userName) throws Exception{Set<String> roles=new HashSet<String>();String sql="select * from t_user u,t_role r where u.roleId=r.id and u.userName=?";PreparedStatement pstmt=con.prepareStatement(sql);pstmt.setString(1, userName);ResultSet rs=pstmt.executeQuery();while(rs.next()){roles.add(rs.getString("roleName"));}return roles;}public Set<String> getPermissions(Connection con, String userName)throws Exception {Set<String> permissions=new HashSet<String>();String sql="select * from t_user u,t_role r,t_permission p where u.roleId=r.id and p.roleId=r.id and u.userName=?";PreparedStatement pstmt=con.prepareStatement(sql);pstmt.setString(1, userName);ResultSet rs=pstmt.executeQuery();while(rs.next()){permissions.add(rs.getString("permissionName"));}return permissions;}}

編寫entity

package com.badao.entity;public class User {private Integer id;private String userName;private String password;public Integer getId() {return id;}public void setId(Integer id) {this.id = id;}public String getUserName() {return userName;}public void setUserName(String userName) {this.userName = userName;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;} }

修改ini配置文件

將原來的配置用戶、角色、權限的部分替換為：

myRealm=com.badao.realm.MyRealm securityManager.realms=$myRealm

完整配置文件代碼

[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jspmyRealm=com.badao.realm.MyRealm securityManager.realms=$myRealm[urls] /login=anon /admin/**=authc /student=roles[teacher] /teacher=perms["user:create"]

項目結構

源碼下載

https://download.csdn.net/download/badao_liumang_qizhi/11174591

總結

以上是生活随笔為你收集整理的从实例入手学习Shiro自定义Realm实现查询数据进行验证的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。