SpringMVC + Shiro 权限控制

采用springMVC 和 shiro框架实现用户登录权限管理

package org.shiro.demo.controller;

import java.awt.Color;
import java.awt.image.BufferedImage;
import java.io.IOException;

import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.shiro.demo.entity.User;
import org.shiro.demo.util.ValidateCode;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class LoginController {
	
	@RequestMapping（value = “/login“）
	public String login（User userHttpSession session HttpServletRequest request）{
		// 判断验证码
		String code = （String） session.getAttribute（“validateCode“）;
		String submitCode = WebUtils.getCleanParam（request “validateCode“）;
		
		if （StringUtils.isEmpty（submitCode） || !StringUtils.equals（codesubmitCode.toLowerCase（））） {
			return “redirect:/“;
		}
		
		//获取当前的Subject  
		Subject curUser = SecurityUtils.getSubject（）;
		UsernamePasswordToken token = new UsernamePasswordToken（user.getAccount（）user.getPassword（））;
		token.setRememberMe（true）;
		try {
			 //在调用了login方法后SecurityManager会收到AuthenticationToken并将其发送给已配置的Realm执行必须的认证检查  
            //每个Realm都能在必要时对提交的AuthenticationTokens作出反应  
            //所以这一步在调用login（token）方法时它会走到ShiroDbRealm.doGetAuthenticationInfo（）方法中
			curUser.login（token）;
			
			return “/system/main“;
		}catch （AuthenticationException e） {
			//通过处理Shiro的运行时AuthenticationException就可以控制用户登录失败或密码错误时的情景
			token.clear（）;
			return “redirect:/“;
		}
	}

	/**
	 * 生成验证码
	 * @param request
	 * @param response
	 * @throws IOException
	 */
	@RequestMapping（value = “/validateCode“）
	public void validateCode（HttpServletRequest request HttpServletResponse response） throws IOException {
		 //设置页面不缓存  
		response.setHeader（“Cache-Control“ “no-cache“）;
		String verifyCode = ValidateCode.generateTextCode（ValidateCode.TYPE_NUM_ONLY 4 null）;
		
		 //将验证码放到HttpSession里面
		request.getSession（）.setAttribute（“validateCode“ verifyCode）;
		 //设置输出的内容的类型为JPEG图像
		response.setContentType（“image/jpeg“）;
		BufferedImage bim = ValidateCode.generateImageCode（verifyCode 90 30 3 true Color.WHITE Color.BLACK null）;
		
		//写给浏览器 
		ImageIO.write（bim “JPEG“ response.getOutputStream（））;
	}
}

 属性            大小     日期    时间   名称
----------- ---------  ---------- -----  ----

     文件       6115  2013-10-26 11:17  ShiroHibernateSpringDemo\.classpath

     文件        345  2013-11-01 14:21  ShiroHibernateSpringDemo\.mymetadata

     文件       1767  2013-10-17 21:02  ShiroHibernateSpringDemo\.project

     文件        500  2013-10-17 21:02  ShiroHibernateSpringDemo\.settings\.jsdtscope

     文件       1009  2013-10-17 21:02  ShiroHibernateSpringDemo\.settings\com.genuitec.eclipse.j2eedt.core.prefs

     文件         57  2013-10-17 21:07  ShiroHibernateSpringDemo\.settings\org.eclipse.core.resources.prefs

     文件        364  2013-10-17 21:02  ShiroHibernateSpringDemo\.settings\org.eclipse.jdt.core.prefs

     文件        587  2013-10-17 21:02  ShiroHibernateSpringDemo\.settings\org.eclipse.wst.common.component

     文件        252  2013-10-17 21:02  ShiroHibernateSpringDemo\.settings\org.eclipse.wst.common.project.facet.core.xml

     文件         49  2013-10-17 21:02  ShiroHibernateSpringDemo\.settings\org.eclipse.wst.jsdt.ui.superType.container

     文件          6  2013-10-17 21:02  ShiroHibernateSpringDemo\.settings\org.eclipse.wst.jsdt.ui.superType.name

     文件       4231  2013-10-29 11:11  ShiroHibernateSpringDemo\config\applicationContext-shiro.xml

     文件       3699  2013-10-29 12:41  ShiroHibernateSpringDemo\config\applicationContext.xml

     文件        351  2013-10-27 16:28  ShiroHibernateSpringDemo\config\ehcache-shiro.xml

     文件        689  2013-10-18 17:27  ShiroHibernateSpringDemo\config\ehcache.xml

     文件        524  2013-10-26 21:51  ShiroHibernateSpringDemo\config\jdbc.properties

     文件        626  2013-06-11 00:01  ShiroHibernateSpringDemo\config\log4j.properties

     文件       3402  2013-10-28 20:07  ShiroHibernateSpringDemo\config\spring-mvc.xml

     文件       1205  2013-10-18 16:21  ShiroHibernateSpringDemo\readme.txt

     文件       2972  2013-10-28 20:57  ShiroHibernateSpringDemo\src\org\shiro\demo\controller\LoginController.java

     文件       1161  2013-10-28 20:57  ShiroHibernateSpringDemo\src\org\shiro\demo\controller\UserController.java

     文件       4815  2013-10-18 15:41  ShiroHibernateSpringDemo\src\org\shiro\demo\dao\IbaseDao.java

     文件       9049  2013-10-18 12:56  ShiroHibernateSpringDemo\src\org\shiro\demo\dao\impl\DefultbaseDao.java

     文件        711  2013-06-11 00:23  ShiroHibernateSpringDemo\src\org\shiro\demo\dao\util\CustomDateSerializer.java

     文件       4108  2013-06-11 00:23  ShiroHibernateSpringDemo\src\org\shiro\demo\dao\util\Pagination.java

     文件       1950  2013-06-11 00:23  ShiroHibernateSpringDemo\src\org\shiro\demo\dao\util\QueryCondition.java

     文件       2278  2013-10-26 21:45  ShiroHibernateSpringDemo\src\org\shiro\demo\entity\Permission.java

     文件       1969  2013-10-26 21:44  ShiroHibernateSpringDemo\src\org\shiro\demo\entity\Role.java

     文件       2231  2013-10-26 21:45  ShiroHibernateSpringDemo\src\org\shiro\demo\entity\User.java

     文件       2647  2013-10-26 21:47  ShiroHibernateSpringDemo\src\org\shiro\demo\junit\testInitSystemData.java

............此处省略237个文件信息