旅游网站开发设计报告书医疗ppt模板下载免费完整版

news/2025/10/3 6:22:16/文章来源:

旅游网站开发设计报告书,医疗ppt模板下载免费完整版,小学生手工制作大全,wordpress无插件主题【7】测试【7.1】启动点击apply然后点击OK【7.2】登录过滤访问http://localhost:8080/platform/home的时候#xff0c;会被【7.3】角色过滤使用“admin”用户登录#xff0c;密码#xff1a;123根据SecurityServiceImpl我们可以知道使用admin账号登录成功之后#xff1a;此…【7】测试【7.1】启动点击apply然后点击OK【7.2】登录过滤访问http://localhost:8080/platform/home的时候会被【7.3】角色过滤使用“admin”用户登录密码123根据SecurityServiceImpl我们可以知道使用admin账号登录成功之后此时点击“列表”因为当前admin用户是有admin角色所有可以正常访问点击“添加”因为当前admin用户是没有order:add的资源所以回401【7.4】资源过滤点击“退出”使用“jay”用户登录密码为123点击“添加”因为SecurityServiceImpl中为jay用户添加如下的资源点击“添加”之后正常访问点击“列表”之后因为“jay”用户满意“admin”角色所以访问受限4、web项目授权前面我们学习了基于ini文件配置方式来完成授权下面我们来看下其他2种方式的授权【1】基于代码【1.1】登录相关【1.2】角色相关【1.3】资源相关【1.4】案例【1.4.1】创建项目拷贝shiro-day01-07web新建shiro-day01-08web-java【1.4.2】修改shiro.ini#声明自定义的realm且为安全管理器指定realms[main]definitionRealmcom.itheima.shiro.realm.DefinitionRealmsecurityManager.realms$definitionRealm#用户退出后跳转指定JSP页面logout.redirectUrl/login.jsp#若没有登录则被authc过滤器重定向到login.jsp页面authc.loginUrl /login.jsp[urls]/loginanon#发送/home请求需要先登录#/home authc#发送/order/list请求需要先登录#/order-list roles[admin]#提交代码需要order:add权限#/order-add perms[order:add]#更新代码需要order:del权限#/order-del perms[order:del]#发送退出请求则用退出过滤器/logout logout【1.4.3】登录相关修改HomeServlet的doPost方法package com.itheima.shiro.web;import org.apache.shiro.SecurityUtils;import org.apache.shiro.subject.Subject;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/** * Description系统home页面 */WebServlet(urlPatterns /home)public class HomeServlet extends HttpServlet { Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doPost(req, resp); } Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //通过subjectd对象去判断是否登录 Subject subject SecurityUtils.getSubject(); boolean flag subject.isAuthenticated(); if (flag){ resp.sendRedirect(home.jsp); }else { req.getRequestDispatcher(/login).forward(req, resp); } }}访问http://localhost:8080/platform/home 进行debug此时我们通过subject.isAuthenticated()判断是否登录如果登录则重定向到home.jsp,如果没有登录则转发到/login对应的servlet【1.4.4】角色相关修改OrderListServlet的doPost方法判断是否有admin角色如果有则转发order-list.jsp,没有则转发/loginpackage com.itheima.shiro.web;import org.apache.shiro.SecurityUtils;import org.apache.shiro.subject.Subject;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/** * Description订单列表 */WebServlet(urlPatterns /order-list)public class OrderListServlet extends HttpServlet { Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doPost(req, resp); } Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Subject subject SecurityUtils.getSubject(); //判断当前角色 boolean flag subject.hasRole(admin); if (flag){ req.getRequestDispatcher(order-list.jsp).forward(req, resp); }else { req.getRequestDispatcher(/login).forward(req, resp); } }}访问http://localhost:8080/platform/order-list因为此时我未登录也就是说当前没有admin角色这是通过subject.hasRole(admin)返回未false【1.4.5】资源相关修改OrderAddServletpackage com.itheima.shiro.web;import org.apache.shiro.SecurityUtils;import org.apache.shiro.subject.Subject;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/** * Description添加页码 */WebServlet(urlPatterns /order-add)public class OrderAddServlet extends HttpServlet { Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doPost(req, resp); } Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Subject subject SecurityUtils.getSubject(); //判断是否有对应资源 boolean flag subject.isPermitted(order:add); if (flag){ req.getRequestDispatcher(order-add.jsp).forward(req, resp); }else { req.getRequestDispatcher(/login).forward(req, resp); } }}访问http://localhost:8080/platform/order-add因为此时我未登录也就是说当前没有order:add资源通过 subject.isPermitted(order:add)返回未false【2】基于Jsp标签【2.1】使用方式Shiro提供了一套JSP标签库来实现页面级的授权控制在使用Shiro标签库前首先需要在JSP引入shiro标签【2.2】相关标签【2.3】案例【2.3.1】新建项目拷贝shiro-day01-08web-java新建shiro-day01-09web-jsp-taglib项目【2.3.2】修改home.jsp 退出列表添加【2.3.3】测试访问http://localhost:8080/platform/login使用admin/123登录这个时候我们只能看见“列表”看不见“添加”点击“退出”使用jay/123登录这个时候我们只能看见“添加”看不见“列表”点击“退出”需要注意的是这里只是页面是否显示内容不能防止盗链的发生第五章 Springboot集成Shiro1、技术栈主框架springboot响应层springMVC持久层mybatis事务控制jta前端技术easyui2、数据库设计【1】数据库图解sh_user:用户表一个用户可以有多个角色sh_role:角色表一个角色可以有多个资源sh_resource:资源表sh_user_role:用户角色中间表sh_role_resource:角色资源中间表【2】数据库脚本sh_userCREATE TABLE sh_user ( ID varchar(36) NOT NULL COMMENT 主键, LOGIN_NAME varchar(36) DEFAULT NULL COMMENT 登录名称, REAL_NAME varchar(36) DEFAULT NULL COMMENT 真实姓名, NICK_NAME varchar(36) DEFAULT NULL COMMENT 昵称, PASS_WORD varchar(150) DEFAULT NULL COMMENT 密码, SALT varchar(36) DEFAULT NULL COMMENT 加密因子, SEX int(11) DEFAULT NULL COMMENT 性别, ZIPCODE varchar(36) DEFAULT NULL COMMENT 邮箱, ADDRESS varchar(36) DEFAULT NULL COMMENT 地址, TEL varchar(36) DEFAULT NULL COMMENT 固定电话, MOBIL varchar(36) DEFAULT NULL COMMENT 电话, EMAIL varchar(36) DEFAULT NULL COMMENT 邮箱, DUTIES varchar(36) DEFAULT NULL COMMENT 职务, SORT_NO int(11) DEFAULT NULL COMMENT 排序, ENABLE_FLAG varchar(18) DEFAULT NULL COMMENT 是否有效, PRIMARY KEY (ID)) ENGINEInnoDB DEFAULT CHARSETutf8 ROW_FORMATCOMPACT COMMENT用户表;sh_roleCREATE TABLE sh_role ( ID varchar(36) NOT NULL COMMENT 主键, ROLE_NAME varchar(36) DEFAULT NULL COMMENT 角色名称, LABEL varchar(36) DEFAULT NULL COMMENT 角色标识, DESCRIPTION varchar(200) DEFAULT NULL COMMENT 角色描述, SORT_NO int(36) DEFAULT NULL COMMENT 排序, ENABLE_FLAG varchar(18) DEFAULT NULL COMMENT 是否有效, PRIMARY KEY (ID)) ENGINEInnoDB DEFAULT CHARSETutf8 ROW_FORMATCOMPACT COMMENT用户角色表;sh_resourceCREATE TABLE sh_resource ( ID varchar(36) NOT NULL COMMENT 主键, PARENT_ID varchar(36) DEFAULT NULL COMMENT 父资源, RESOURCE_NAME varchar(36) DEFAULT NULL COMMENT 资源名称, REQUEST_PATH varchar(200) DEFAULT NULL COMMENT 资源路径, LABEL varchar(200) DEFAULT NULL COMMENT 资源标签, ICON varchar(20) DEFAULT NULL COMMENT 图标, IS_LEAF varchar(18) DEFAULT NULL COMMENT 是否叶子节点, RESOURCE_TYPE varchar(36) DEFAULT NULL COMMENT 资源类型, SORT_NO int(11) DEFAULT NULL COMMENT 排序, DESCRIPTION varchar(200) DEFAULT NULL COMMENT 描述, SYSTEM_CODE varchar(36) DEFAULT NULL COMMENT 系统code, IS_SYSTEM_ROOT varchar(18) DEFAULT NULL COMMENT 是否根节点, ENABLE_FLAG varchar(18) DEFAULT NULL COMMENT 是否有效, PRIMARY KEY (ID)) ENGINEInnoDB DEFAULT CHARSETutf8 ROW_FORMATCOMPACT COMMENT资源表;sh_role_resourceCREATE TABLE sh_role_resource ( ID varchar(36) NOT NULL, ENABLE_FLAG varchar(18) DEFAULT NULL, ROLE_ID varchar(36) DEFAULT NULL, RESOURCE_ID varchar(36) DEFAULT NULL, PRIMARY KEY (ID)) ENGINEInnoDB DEFAULT CHARSETutf8 ROW_FORMATCOMPACT COMMENT角色资源表;sh_user_roleCREATE TABLE sh_user_role ( ID varchar(36) NOT NULL, ENABLE_FLAG varchar(18) DEFAULT NULL, USER_ID varchar(36) DEFAULT NULL, ROLE_ID varchar(36) DEFAULT NULL, PRIMARY KEY (ID)) ENGINEInnoDB DEFAULT CHARSETutf8 ROW_FORMATCOMPACT COMMENT用户角色表;3、项目骨架4、ShiroDbRealm定义【1】图解【2】原理分析(1)、ShiroDbRealmImpl继承ShiroDbRealm向上继承AuthorizingRealmShiroDbRealmImpl实例化时会创建密码匹配器HashedCredentialsMatcher实例HashedCredentialsMatcher指定hash次数与方式交于AuthenticatingRealm(2)、调用login方法后最终调用doGetAuthenticationInfo(AuthenticationToken authcToken)方法拿到SimpleToken的对象调用UserBridgeService的查找用户方法把ShiroUser对象、密码和salt交于SimpleAuthenticationInfo去认证(3)、访问需要鉴权时调用doGetAuthorizationInfo(PrincipalCollection principals)方法然后调用UserBridgeService的授权验证【3】核心类代码【3.1】ShiroDbRealmpackage com.itheima.shiro.core;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import javax.annotation.PostConstruct;/** * * Description shiro自定义realm */public abstract class ShiroDbRealm extends AuthorizingRealm { /** * Description 认证 * param authcToken token对象 * return */ public abstract AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) ; /** * Description 鉴权 * param principals 令牌 * return */ public abstract AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals); /** * Description 密码匹配器 */ PostConstruct public abstract void initCredentialsMatcher() ;}【3.2】ShiroDbRealmImplpackage com.itheima.shiro.core.impl;import com.itheima.shiro.constant.SuperConstant;import com.itheima.shiro.core.base.ShiroUser;import com.itheima.shiro.core.base.SimpleToken;import com.itheima.shiro.core.ShiroDbRealm;import com.itheima.shiro.core.bridge.UserBridgeService;import com.itheima.shiro.pojo.User;import com.itheima.shiro.utils.BeanConv;import com.itheima.shiro.utils.DigestsUtil;import com.itheima.shiro.utils.EmptyUtil;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authc.credential.HashedCredentialsMatcher;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.util.ByteSource;import org.springframework.beans.factory.annotation.Autowired;/** * Description自定义shiro的实现 */public class ShiroDbRealmImpl extends ShiroDbRealm { Autowired private UserBridgeService userBridgeService; /** * Description 认证方法 * param authcToken 校验传入令牌 * return AuthenticationInfo */ Override public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) { SimpleToken token (SimpleToken)authcToken; User user userBridgeService.findUserByLoginName(token.getUsername()); if(EmptyUtil.isNullOrEmpty(user)){ throw new UnknownAccountException(账号不存在); } ShiroUser shiroUser BeanConv.toBean(user, ShiroUser.class); shiroUser.setResourceIds(userBridgeService.findResourcesIdsList(user.getId())); String salt user.getSalt(); String password user.getPassWord(); return new SimpleAuthenticationInfo(shiroUser, password, ByteSource.Util.bytes(salt), getName()); } /** * Description 授权方法 * param principals SimpleAuthenticationInfo对象第一个参数 * return */ Override public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { ShiroUser shiroUser (ShiroUser) principals.getPrimaryPrincipal(); return userBridgeService.getAuthorizationInfo(shiroUser); } /** * Description 加密方式 */ Override public void initCredentialsMatcher() { HashedCredentialsMatcher matcher new HashedCredentialsMatcher(SuperConstant.HASH_ALGORITHM); matcher.setHashIterations(SuperConstant.HASH_INTERATIONS); setCredentialsMatcher(matcher); }}【3.3】SimpleTokenpackage com.itheima.shiro.core.base;import org.apache.shiro.authc.UsernamePasswordToken;/** * Description 自定义tooken */public class SimpleToken extends UsernamePasswordToken { /** serialVersionUID */ private static final long serialVersionUID -4849823851197352099L; private String tokenType; private String quickPassword; /** * Constructor for SimpleToken * param tokenType */ public SimpleToken(String tokenType, String username,String password) { super(username,password); this.tokenType tokenType; } public SimpleToken(String tokenType, String username,String password,String quickPassword) { super(username,password); this.tokenType tokenType; this.quickPassword quickPassword; } public String getTokenType() { return tokenType; } public void setTokenType(String tokenType) { this.tokenType tokenType; } public String getQuickPassword() { return quickPassword; } public void setQuickPassword(String quickPassword) { this.quickPassword quickPassword; }}

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/news/925584.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！