SpringMVC项目配置Shrio框架,却进不了controller,请各位帮忙看看

shenhaiyang 发布于 2015/06/29 19:15
阅读 1K+
收藏 0

项目框架用的是Spring  SpringMVC  Mybatis  CXF,原本是个WebService项目。

现在要加入界面和权限,所以使用了Shiro框架,现在Shiro配置好了但是却进不了

Controller,请各位帮忙看看。下面贴出相应的配置文件

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"

         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"

         version="3.0">

         <display-name>eis_new</display-name>

 

         <context-param>

                 <param-name>contextConfigLocation</param-name>

                 <param-value>classpath:com/configs/spring-context*.xml</param-value>

         </context-param>

         <context-param>

                 <param-name>log4jConfigLocation</param-name>

                 <param-value>classpath:com/configs/log4j.properties</param-value>

         </context-param>

         <listener>

                 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

         </listener>

         <listener>

                  <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>

         </listener>

         <listener>

                 <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>

         </listener>

         <filter>

                 <filter-name>encodingFilter</filter-name>

                 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>

                 <init-param>

                          <param-name>encoding</param-name>

                          <param-value>UTF-8</param-value>

                 </init-param>

                 <init-param>

                          <param-name>forceEncoding</param-name>

                          <param-value>true</param-value>

                 </init-param>

         </filter>

         <filter-mapping>

                 <filter-name>encodingFilter</filter-name>

                 <url-pattern>/*</url-pattern>

         </filter-mapping>

         <filter>

                 <filter-name>shiroFilter</filter-name>

                 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

                 <init-param>

                          <param-name>targetFilterLifecycle</param-name>

                          <param-value>true</param-value>

                 </init-param>

         </filter>

         <filter-mapping>

                 <filter-name>shiroFilter</filter-name>

                 <url-pattern>/*</url-pattern>

         </filter-mapping>

         <servlet>

                 <servlet-name>springServlet</servlet-name>

                 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

                 <init-param>

                          <param-name>contextConfigLocation</param-name>

                          <param-value>classpath:com/configs/spring-mvc*.xml</param-value>

                 </init-param>

                 <load-on-startup>1</load-on-startup>

         </servlet>

         <servlet-mapping>

                 <servlet-name>springServlet</servlet-name>

                 <url-pattern>/</url-pattern>

         </servlet-mapping>

         <servlet>

                 <servlet-name>cxfServlet</servlet-name>

                 <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>

                 <load-on-startup>2</load-on-startup>

         </servlet>

         <servlet-mapping>

                 <servlet-name>cxfServlet</servlet-name>

                 <url-pattern>/webService/*</url-pattern>

         </servlet-mapping>

         <error-page>

                 <error-code>500</error-code>

                 <location>/WEB-INF/views/error/500.jsp</location>

         </error-page>

         <error-page>

                 <error-code>404</error-code>

                 <location>/WEB-INF/views/error/404.jsp</location>

         </error-page>

</web-app>

spring-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:mvc="http://www.springframework.org/schema/mvc" 
 xmlns:aop="http://www.springframework.org/schema/aop"
 xmlns:tx="http://www.springframework.org/schema/tx"
 xsi:schemaLocation="
 http://www.springframework.org/schema/context 
 http://www.springframework.org/schema/context/spring-context-4.1.xsd
 http://www.springframework.org/schema/mvc 
 http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd
 http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
 http://www.springframework.org/schema/tx 
 http://www.springframework.org/schema/tx/spring-tx-4.1.xsd
 http://www.springframework.org/schema/aop 
 http://www.springframework.org/schema/aop/spring-aop-4.1.xsd">
 
 <description>Spring Configuration</description>
 
 <!-- 加载配置属性文件 -->
 <context:property-placeholder ignore-unresolvable="true" location="classpath:com/configs/eis.properties" />
 
 <!-- 使用Annotation自动注册Bean,解决事物失效问题:在主容器中不扫描@Controller注解,在SpringMvc中只扫描@Controller注解。  -->
         <context:component-scan base-package="com.dhzx"><!-- base-package 如果多个,用“,”分隔 -->
 <context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
 </context:component-scan> 
 
 <aop:aspectj-autoproxy expose-proxy="true"/>


 <!-- ***************配置数据源************** -->
 <bean name="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
 >
 <property name="driverClassName" value="${jdbc_driver}"/>
 <property name="url" value="${url}" />
 <property name="username" value="${username}" />
 <property name="password" value="${password}" />


 <!-- 初始化连接大小 -->
 <property name="initialSize" value="0" />
 <!-- 连接池最大使用连接数量 -->
 <property name="maxActive" value="20" />
 <!-- 连接池最大空闲 -->
 <property name="maxIdle" value="20" />
 <!-- 连接池最小空闲 -->
 <property name="minIdle" value="0" />
 <!-- 获取连接最大等待时间 -->
 <property name="maxWait" value="60000" />


 <property name="testOnBorrow" value="false" />
 <property name="testOnReturn" value="false" />
 <property name="testWhileIdle" value="true" />


 <!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
 <property name="timeBetweenEvictionRunsMillis" value="60000" />
 <!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
 <property name="minEvictableIdleTimeMillis" value="25200000" />


 <!-- 打开removeAbandoned功能 -->
 <property name="removeAbandoned" value="true" />
 <!-- 1800秒,也就是30分钟 -->
 <property name="removeAbandonedTimeout" value="1800" />
 <!-- 关闭abanded连接时输出错误日志 -->
 <property name="logAbandoned" value="true" />


 </bean>


 <!-- myBatis文件 -->
 <!-- <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
 <property name="dataSource" ref="dataSource" />
 自动扫描entity目录, 省掉Configuration.xml里的手工配置
 <property name="mapperLocations">
 <list>
 <value>classpath*:com/dhzx/dao/mapping/*.xml</value>
 </list>
 </property>
 </bean> -->


 <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
        <property name="dataSource" ref="dataSource"/>
        <property name="typeAliasesPackage" value="com.dhzx"/>
        <property name="typeAliasesSuperType" value="com.dhzx.common.persistence.BaseEntity"/>
        <property name="mapperLocations">
 <list>
 <value>classpath*:com/dhzx/dao/mapping/*.xml</value>
 <value>classpath:/mappings/**/*.xml</value>
 </list>
 </property>
 <property name="configLocation" value="classpath:com/configs/mybatis-config.xml"></property>
    </bean>


 <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
 <property name="basePackage" value="com.dhzx" />
 <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" />
 <property name="annotationClass" value="com.dhzx.common.persistence.annotation.MyBatisDao"/>
 </bean>


 <!-- 配置事务管理器 -->
 <bean id="transactionManager"
 class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
 <property name="dataSource" ref="dataSource" />
 </bean>


 <!-- 注解方式配置事物 -->
 <tx:annotation-driven transaction-manager="transactionManager" />


 <!-- 配置 JSR303 Bean Validator 定义 -->
 <bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean" />


 <!-- 缓存配置 -->
         <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
 <property name="configLocation" value="classpath:${ehcache.configFile}" />
 </bean> 


 <!-- 配置druid监控spring jdbc -->
 <bean id="druid-stat-interceptor"
 class="com.alibaba.druid.support.spring.stat.DruidStatInterceptor">
 </bean>
 <bean id="druid-stat-pointcut" class="org.springframework.aop.support.JdkRegexpMethodPointcut"
 scope="prototype">
 <property name="patterns">
 <list>
 <value>com.dhzx.service.*</value>
 </list>
 </property>
 </bean>


</beans>


spring-context.shiro.xml


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
 http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-4.1.xsd"
 default-lazy-init="true">
 
 <description>Shiro Configuration</description>
 <!-- 加载配置属性文件 -->
 <context:property-placeholder ignore-unresolvable="true" location="classpath:com/configs/eis.properties" />
 
 <!-- Shiro权限过滤过滤器定义 -->
 <bean name="shiroFilterChainDefinitions" class="java.lang.String">
 <constructor-arg>
 <value>
 /static/** = anon
 /framework/** = anon
 ${adminPath}/login = authc
 ${adminPath}/logout = logout
 ${adminPath}/** = user
 </value>
 </constructor-arg>
 </bean>
 
 <!-- 安全认证过滤器 -->
 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
 <property name="securityManager" ref="securityManager" />
 <property name="loginUrl" value="${adminPath}/login" />
 <property name="successUrl" value="${adminPath}?login" />
 <property name="filters">
            <map>
                <entry key="authc" value-ref="formAuthenticationFilter"/>
            </map>
        </property>
 <property name="filterChainDefinitions">
 <ref bean="shiroFilterChainDefinitions"/>
 </property>
 </bean>
 


 <!-- 定义Shiro安全管理配置 -->
 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
 <property name="realm" ref="systemAuthorizingRealm" />
 <property name="sessionManager" ref="sessionManager" />
 <property name="cacheManager" ref="shiroCacheManager" />
 </bean>


 <!-- 自定义会话管理配置 -->
 <bean id="sessionManager" class="com.dhzx.common.security.session.SessionManager"> 
 <property name="sessionDAO" ref="sessionDAO"/>
 
 <!-- 会话超时时间,单位:毫秒  -->
 <property name="globalSessionTimeout" value="${session.sessionTimeout}"/>
 
 <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->
 <property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>
<!--              <property name="sessionValidationSchedulerEnabled" value="false"/> -->
                 <property name="sessionValidationSchedulerEnabled" value="true"/>
 
 <property name="sessionIdCookie" ref="sessionIdCookie"/>
 <property name="sessionIdCookieEnabled" value="true"/>
 </bean>
 <!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
 当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
 <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
    <constructor-arg name="name" value="eis.session.id"/>
 </bean>
 <bean id="sessionDAO" class="com.dhzx.common.security.session.CacheSessionDAO">
 <property name="sessionIdGenerator" ref="idGen" />
 <property name="activeSessionsCacheName" value="activeSessionsCache" />
 <property name="cacheManager" ref="shiroCacheManager" />
 </bean>
 
 <!-- 定义授权缓存管理器 -->
 <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
 <property name="cacheManager" ref="cacheManager"/>
 </bean>
 <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
 
 <!-- AOP式方法级权限检查  -->
 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
 <property name="proxyTargetClass" value="true" />
 </bean>
 <!-- <aop:config proxy-target-class="true"/> -->
 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
         <property name="securityManager" ref="securityManager"/>
 </bean>
 
</beans>

 

 


spring-mvc.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xmlns:context="http://www.springframework.org/schema/context"
 xmlns:mvc="http://www.springframework.org/schema/mvc"
 xsi:schemaLocation="http://www.springframework.org/schema/context
 http://www.springframework.org/schema/context/spring-context-4.1.xsd
 http://www.springframework.org/schema/beans 
 http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
 http://www.springframework.org/schema/mvc 
 http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">
    
    <description>Spring MVC Configuration</description>
 <!-- 加载配置属性文件 -->
 <context:property-placeholder ignore-unresolvable="true" location="classpath:com/configs/eis.properties" />
 
 
 <!-- 自动扫描该包,使SpringMVC认为包下用了@controller注解的类是控制器 -->
 <context:component-scan base-package="com.dhzx" /><!--  use-default-filters="false">
 <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
 </context:component-scan> -->
 
 
 <!-- 避免IE执行AJAX时,返回JSON出现下载文件 -->
 <bean id="mappingJacksonHttpMessageConverter"
 class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
 <property name="supportedMediaTypes">
 <list>
 <value>text/html;charset=UTF-8</value>
 </list>
 </property>
 </bean>
 
 
 
 <!-- 启动Spring MVC的注解功能,完成请求和注解POJO的映射 -->
 <bean
 class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
 <property name="messageConverters">
 <list>
 <ref bean="mappingJacksonHttpMessageConverter" />
 </list>
 </property>
 </bean>
 
 <bean
 class="org.springframework.web.servlet.view.InternalResourceViewResolver">
 <!-- <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property> -->
                 <!-- <property name="prefix" value="${web.view.prefix}" /> 
 <property name="suffix" value="${web.view.suffix}" /> -->
 <property name="prefix" value="/WEB-INF/views/"/>
        <property name="suffix" value=".jsp"/>
 </bean>
 
 <!-- 对静态资源文件的访问, 将无法mapping到Controller的path交给default servlet handler处理 -->
 <mvc:default-servlet-handler />
 
 <!-- 静态资源映射 -->
    <mvc:resources mapping="/static/**" location="/static/" cache-period="31536000"/>
 
 <!-- 定义无Controller的path<->view直接映射 -->
 <mvc:view-controller path="/" view-name="redirect:${web.view.index}"/>


</beans>


在浏览器输入项目地址

http://localhost:8080/eis_new

已经可以自己跳转为http://localhost:8080/eis_new/admin/login;JSESSIONID=a0a383d6bb8e489cbb88ac7b549a637c

说明shiro的配置是器作用的,但是这时候就是不进/admin/login 这个地址对应的Controller

LoginController 部分代码

package com.dhzx.system.web;

import...

@Controller
public class LoginController extends BaseController
{
    @Autowired
    private SessionDAO sessionDAO;
        
    /**
     * 管理登录
     */
    @RequestMapping(value = "${adminPath}/login", method = RequestMethod.GET)
    public String login(HttpServletRequest request,
        HttpServletResponse response, Model model)
    {
        Principal principal = LoginAccountUtil.getPrincipal();
        
        if (logger.isDebugEnabled())
        {
            logger.debug("login, active session size: {}",
                sessionDAO.getActiveSessions(false).size());
        }



加载中
0
CoderLeon
CoderLeon

权限这东西,自己搞几张表实现呗,用户-角色-资源(权限)

shenhaiyang
shenhaiyang
一来领导这样要求,二来自己也可以学到东西,对安全框架有了更多的认识。
0
vvtf
vvtf

${adminPath}/login = authc

你这样要有登录权限

${adminPath}/login = anon

shenhaiyang
shenhaiyang
其实这个Controller就是用来跳转登陆页的,打酱油用的。因为jsp页面都放在了WEB-INF下, 所以页面都必须经过Controller跳转。 其实我有改成 /** = anon 还是没用。
返回顶部
顶部