67,512
社区成员
发帖
与我相关
我的任务
分享
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
<property name="cacheManager" ref="shiroCacheManager" />
</bean>
<bean id="myRealm" class="com.bkbk.module.admin.Realm.MyRealm">
<property name="sysUserService" ref="sysUserService"/>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/admin/sys_user!login.action"/>
<property name="successUrl" value="/admin/process_definition!findPage.action"/>
<property name="unauthorizedUrl" value="/403.do"/>
<property name="filters">
<map>
<entry key="authenticationFilter" value-ref="authenticationFilter" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
/admin/logout.jsp = logout
/admin/work!** = perms["admin:work"]
</value>
</property>
</bean>
<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
public class MyRealm extends AuthorizingRealm implements
Realm,
InitializingBean{
private SysUserService sysUserService;
public MyRealm() {
super();
}
/**
* 认证信息
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken ) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String userName = token.getUsername();
if( userName != null && !"".equals(userName) ){ 、
//这个地方查询,执行正常
SysUser user = sysUserService.login(token.getUsername(), String.valueOf(token.getPassword()));
if( user != null )
return new SimpleAuthenticationInfo(
user.getUserName(),user.getPassword(), getName());
}
return null;
}
/**
* 授权信息
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
String username = SecurityUtils.getSubject().getPrincipals().fromRealm(getName()).toString();
if( username != null ){
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//这个地方去查询,结果在dao会报错:org.hibernate.HibernateException: No Session found for current thread
info.addRoles(sysUserService.findRoleByUser(user));
return info;
}
return null;
}
public SysUserService getSysUserService() {
return sysUserService;
}
public void setSysUserService(SysUserService sysUserService) {
this.sysUserService = sysUserService;
}
@Override
public void afterPropertiesSet() throws Exception {
Assert.notNull(sysUserService);
// TODO Auto-generated method stub
}
@Override
public String getName() {
return getClass().getName();
}
}
用hibernate3下南就改成".hibernate4"
<filter>
<filter-name>hibernateFilter</filter-name>
<filter-class>
org.springframework.orm.hibernate4.support.OpenSessionInViewFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
public SysUser login(String userName, String password) {
SysUser user = null;
List<Object[]> list = sessionFactory.getCurrentSession().createSQLQuery("select id_,password_,user_name_ from `user_` where `user_name_`= '"+userName+"' and `password_`='"+password+"'").list();
for(Object[] o : list)
{
user = new SysUser();
user.setId(((BigInteger)o[0]).longValue());
user.setPassword((String)o[1]);
user.setUserName((String)o[2]);
}
return user;
}
public List<String> findResourceByUser(SysUser user) {
return sessionFactory.getCurrentSession().createSQLQuery("select distinct(url_) from resource_").list();
}