首页 新闻 赞助 找找看

maven+ssm+shiro项目中,shiro进不到权限判断方法中,求指教

0
悬赏园豆:50 [待解决问题]

求大神指教,相应的jar包已经导入,就是在登录的时候只显示一个用户验证成功,不会进入到那个自定义的权限判断方法中去!!!!急求 !

 

applicationcontext.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd">

<!--配置service的包扫描,自动注入Service -->
<context:component-scan base-package="com.millery" />

<!-- 用户授权信息Cache, 采用EhCache -->
<!-- <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:spring/ehcache.xml" />
</bean> -->
<!-- 配置shiro -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="userRealm" />
<!-- <property name="cacheManager" ref="cacheManager" /> -->
</bean>

 

<!-- shiro filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 安全管理器必须的 -->
<property name="securityManager" ref="securityManager" />
<!-- 身份认证失败 认证提交的地址 -->
<property name="loginUrl" value="/user/login1.do" />
<!-- 权限认证失败 没有权限认证提交的地址 -->
<property name="unauthorizedUrl" value="/unauthUrl.do" />
<!-- 登录成功之后跳转访问的路径 -->
<property name="successUrl" value="/user/successUrl.do" />
<!-- Shiro连接约束配置,即过滤链的定义 -->
<!-- <property name="filters">
<util:map>
<entry key="authc" value-ref="formAuthenticationFilter"/>
</util:map>
</property> -->
<property name="filterChainDefinitions">
<!-- Shiro连接约束配置,即过滤链的定义 -->
<!-- 此处可配合这篇文章来理解各个过滤连的作用http://blog.csdn.net/jadyer/article/details/12172839 -->
<!-- 下面value值的第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的 -->
<!-- anon:它对应的过滤器里面是空的,什么都没做,这里.do和.jsp后面的*表示参数,比方说login.jsp?main这种 -->
<!-- authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->
<value>
/user/login*=anon
/user/**=authc
/message/**=authc
</value>
</property>
</bean>

 

<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

<!-- 由于本例中并未使用Shiro注解,故注释掉这两个bean(个人觉得将权限通过注解的方式硬编码在程序中,查看起来不是很方便,没必要使用) -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/> </bean>

<!-- 文件上传配置支持 -->
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- 每次上传占用文件大小 -->
<property name="maxUploadSize" value="5242880" />
<!-- 每次上传占用内存大小 -->
<property name="maxInMemorySize" value="4096" />
</bean>
<!-- 错误页面跳转的配置,项目版本问题,无法使用prop -->
<bean id="exceptionmapping"
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<prop
key="org.springframework.web.multipart.MaxUploadSizeExceededException">
error
</prop>
</props>
</property>
</bean>
<!-- 使用spring自带的占位符替换功能 -->
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<!-- 允许JVM参数覆盖 -->
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<!-- 忽略没有找到的资源文件 -->
<property name="ignoreResourceNotFound" value="true" />
<!-- 配置资源文件 -->
<property name="locations">
<list>
<value>classpath:jdbc.properties</value>
</list>
</property>
</bean>

<!-- 数据库连接池 :dataSource -->
<bean id="dataSource" class="com.jolbox.bonecp.BoneCPDataSource"
destroy-method="close">
<!-- 数据库驱动 -->
<property name="driverClass" value="${jdbc.driver}" />
<!-- 相应驱动的jdbcUrl -->
<property name="jdbcUrl" value="${jdbc.url}" />
<!-- 数据库的用户名 -->
<property name="username" value="${jdbc.username}" />
<!-- 数据库的密码 -->
<property name="password" value="${jdbc.password}" />
<!-- 检查数据库连接池中空闲连接的间隔时间,单位是分,默认值:240,如果要取消则设置为0 -->
<property name="idleConnectionTestPeriod" value="60" />
<!-- 连接池中未使用的链接最大存活时间,单位是分,默认值:60,如果要永远存活设置为0 -->
<property name="idleMaxAge" value="30" />
<!-- 每个分区最大的连接数 -->
<property name="maxConnectionsPerPartition" value="150" />
<!-- 每个分区最小的连接数 -->
<property name="minConnectionsPerPartition" value="5" />
</bean>

<!-- 定义Mybatis的SqlSessionFactory -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<!-- 定义数据源 -->
<property name="dataSource" ref="dataSource" />
<!-- 指定mybatis全局配置文件 -->
<property name="configLocation" value="classpath:mybatis/mybatis-config.xml" />
<!-- 扫描mappers目录以及子目录下的所有xml文件 -->
<property name="mapperLocations" value="classpath:mybatis/mappers/**/*.xml" />
<!-- 别名扫描包 -->
<property name="typeAliasesPackage" value="com.millery.domain" />
</bean>
<aop:config expose-proxy="true">
<!--pointcut元素定义一个切入点,execution中的第一个星号 用以匹配方法的返回类型, 这里星号表明匹配所有返回类型。 com.abc.dao.*.*(..)表明匹配cn.millery.service包下的所有类的所有
方法 -->
<aop:pointcut id="myPointcut"
expression="execution(* com.millery.services.*.*(..))" />
<!--将定义好的事务处理策略应用到上述的切入点 -->
<aop:advisor advice-ref="txAdvice" pointcut-ref="myPointcut" />
</aop:config>
<!-- 定义事务策略 -->
<tx:annotation-driven transaction-manager="transactionManager" />
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="insert*" propagation="REQUIRED" />
<tx:method name="update*" propagation="REQUIRED" />
<tx:method name="delete*" propagation="REQUIRED" />
<tx:method name="add*" propagation="REQUIRED" />
<tx:method name="edit*" propagation="REQUIRED" />
<tx:method name="change*" propagation="REQUIRED" />
<tx:method name="remove*" propagation="REQUIRED" />
<tx:method name="login*" propagation="REQUIRED" />
<tx:method name="rm*" propagation="REQUIRED" />
<!--所有以query开头的方法都是只读的 -->
<tx:method name="get*" propagation="REQUIRED" read-only="true" />
<tx:method name="check*" propagation="REQUIRED" read-only="true" />
<tx:method name="load*" propagation="REQUIRED" read-only="true" />
<tx:method name="list*" propagation="REQUIRED" read-only="true" />
<tx:method name="query*" propagation="REQUIRED" read-only="true" />
<tx:method name="*" propagation="REQUIRED" read-only="true" />
<!--其他方法使用默认事务策略 -->
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<!-- 定义数据库的事务控制,本事务 控制直接针对于数据库连接进行操作 -->
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>

<!-- 定义Mapper接口扫描器 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.millery.mapper" />
</bean>

<!-- 缓存 -->
<!-- <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation" value="classpath:${ehcache.file}"></property>
</bean> -->
</beans>

 


springmvc.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

 

<context:component-scan base-package="com.millery.controller" />
<!--启用springMVC的注解配置 -->
<mvc:annotation-driven />
<!--启用处理请求的servlet -->
<mvc:default-servlet-handler />
<!-- 定义不被SpringMVC拦截的静态资源 -->
<mvc:resources location="/static/" mapping="/static/**" />
<!--定义Controller扫描包,用户扫描Controller并创建代理对象 -->
<context:annotation-config />
<!-- AOP式方法级权限检查 -->
<!-- <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="userRealm" />
</bean>
保证实现了Shiro内部lifecycle函数的bean执行
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
支持Shiro对Controller的方法级AOP安全控制 begin
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean id="authorizationAttributeSourceAdvisor"
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
-->

<!-- 视图解析器 解析jsp解析,默认使用jstl标签,classpath下的得有jstl的包 -->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- 配置jsp路径的前缀 -->
<property name="prefix" value="/WEB-INF/jsp/" />
<!-- 配置jsp路径的后缀 -->
<property name="suffix" value=".jsp" />
</bean>
</beans>

 


web.xml

 

 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">

<display-name>ssm</display-name>

<!-- 加载spring自身的配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/applicationContext.xml</param-value>
</context-param>
<!-- 防止发生java.beans.Introspector内存泄露,应将它配置在ContextLoaderListener的前面 -->
<listener>
<listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
</listener>
<!--在web容器里进行spring容器的加载 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>


<!-- spring中提供过滤器,使用编码都是UTF-8 -->
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


<!-- Shiro Filter -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 加载SpringMVC的配置文件 -->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/springMVC.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>

</servlet>

<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>


<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>dev</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>dev</param-value>
</context-param>
<context-param>
<param-name>spring.liveBeansView.mbeanDomain</param-name>
<param-value>dev</param-value>
</context-param>

</web-app>

 

 

Realm.java

 

 

@Component
public class UserRealm extends AuthorizingRealm {
private static final Logger logger = LoggerFactory
.getLogger(UserRealm.class);
@Resource
private UserDaoService userService;

/**
* 用户授权认证
*/
@SuppressWarnings("unchecked")
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principalCollection) {
logger.info("======用户授权认证======");
String phone = principalCollection.getPrimaryPrincipal().toString();
SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();
try {
Map<String, Object> map = this.userService.listAuthByUser(phone);
Set<String> allRoles = (Set<String>) map.get("allRoles");
Set<String> allActions = (Set<String>) map.get("allActions");
auth.setRoles(allRoles);
auth.setStringPermissions(allActions);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

return auth;
}

/**
* 用户登陆认证
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authenticationToken) {
logger.info("======用户登陆认证======");
String userName = authenticationToken.getPrincipal().toString();
User user = userService.getUser(userName);
if (user != null) {
String password = new String(
(char[]) authenticationToken.getCredentials());

if (user.getU_password().equals(password)) {
AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
user.getU_phone(), user.getU_password(), "userRealm");
return authenticationInfo;
} else {
throw new IncorrectCredentialsException("密码错误");
}

} else {
throw new UnknownAccountException("用户不存在");

}
}

}

啧啧啧111的主页 啧啧啧111 | 初学一级 | 园豆:61
提问于:2017-11-28 15:53
< >
分享
所有回答(2)
0

没报错吗?

angelshelter | 园豆:9887 (大侠五级) | 2017-11-29 21:33

没有 只是不进权限那个方法,会进下面的登录认证方法

支持(0) 反对(0) 啧啧啧111 | 园豆:61 (初学一级) | 2017-11-30 10:32
0

我也是这样 同问

阿尔托莉亚 | 园豆:202 (菜鸟二级) | 2021-05-11 20:29
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册