shiro教程-第十三章

pom.xml

@@ -20,6 +20,7 @@
         <module>shiro-example-chapter10</module>
         <module>shiro-example-chapter11</module>
         <module>shiro-example-chapter12</module>
+        <module>shiro-example-chapter13</module>
     </modules>
 
 

shiro-example-chapter13/pom.xml

@@ -0,0 +1,173 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <parent>
+        <artifactId>shiro-example</artifactId>
+        <groupId>com.github.zhangkaitao</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>shiro-example-chapter13</artifactId>
+    <packaging>war</packaging>
+    <name>shiro-example-chapter13</name>
+    <url>http://maven.apache.org</url>
+
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.9</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+            <version>4.0.0.RELEASE</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>1.1.3</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-core</artifactId>
+            <version>1.2.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-web</artifactId>
+            <version>1.2.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-ehcache</artifactId>
+            <version>1.2.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-quartz</artifactId>
+            <version>1.2.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+            <version>1.2.2</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>5.1.25</version>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid</artifactId>
+            <version>0.2.23</version>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>3.0.1</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet.jsp</groupId>
+            <artifactId>jsp-api</artifactId>
+            <version>2.2</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <version>1.2</version>
+        </dependency>
+
+
+        <!-- aspectj相关jar包-->
+        <dependency>
+            <groupId>org.aspectj</groupId>
+            <artifactId>aspectjrt</artifactId>
+            <version>1.7.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.aspectj</groupId>
+            <artifactId>aspectjweaver</artifactId>
+            <version>1.7.4</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-context</artifactId>
+            <version>4.0.0.RELEASE</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-aop</artifactId>
+            <version>4.0.0.RELEASE</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-jdbc</artifactId>
+            <version>4.0.0.RELEASE</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>4.0.0.RELEASE</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>4.0.0.RELEASE</version>
+        </dependency>
+
+
+    </dependencies>
+
+    <build>
+        <finalName>chapter13</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.mortbay.jetty</groupId>
+                <artifactId>jetty-maven-plugin</artifactId>
+                <version>8.1.8.v20121106</version>
+                <configuration>
+                    <webAppConfig>
+                        <contextPath>/${project.build.finalName}</contextPath>
+                    </webAppConfig>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.tomcat.maven</groupId>
+                <artifactId>tomcat7-maven-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <path>/${project.build.finalName}</path>
+                </configuration>
+
+            </plugin>
+        </plugins>
+
+
+    </build>
+
+</project>

shiro-example-chapter13/src/main/java/com/github/zhangkaitao/shiro/chapter13/credentials/RetryLimitHashedCredentialsMatcher.java

@@ -0,0 +1,46 @@
+package com.github.zhangkaitao.shiro.chapter13.credentials;
+
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.ExcessiveAttemptsException;
+import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
+import org.apache.shiro.cache.Cache;
+import org.apache.shiro.cache.CacheManager;
+
+import java.util.concurrent.atomic.AtomicInteger;
+
+/**
+ * <p>User: Zhang Kaitao
+ * <p>Date: 14-1-28
+ * <p>Version: 1.0
+ */
+public class RetryLimitHashedCredentialsMatcher extends HashedCredentialsMatcher {
+
+    private Cache<String, AtomicInteger> passwordRetryCache;
+
+    public RetryLimitHashedCredentialsMatcher(CacheManager cacheManager) {
+        passwordRetryCache = cacheManager.getCache("passwordRetryCache");
+    }
+
+    @Override
+    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
+        String username = (String)token.getPrincipal();
+        //retry count + 1
+        AtomicInteger retryCount = passwordRetryCache.get(username);
+        if(retryCount == null) {
+            retryCount = new AtomicInteger(0);
+            passwordRetryCache.put(username, retryCount);
+        }
+        if(retryCount.incrementAndGet() > 5) {
+            //if retry count > 5 throw
+            throw new ExcessiveAttemptsException();
+        }
+
+        boolean matches = super.doCredentialsMatch(token, info);
+        if(matches) {
+            //clear retry count
+            passwordRetryCache.remove(username);
+        }
+        return matches;
+    }
+}

shiro-example-chapter13/src/main/java/com/github/zhangkaitao/shiro/chapter13/dao/PermissionDao.java

@@ -0,0 +1,16 @@
+package com.github.zhangkaitao.shiro.chapter13.dao;
+
+import com.github.zhangkaitao.shiro.chapter13.entity.Permission;
+
+/**
+ * <p>User: Zhang Kaitao
+ * <p>Date: 14-1-28
+ * <p>Version: 1.0
+ */
+public interface PermissionDao {
+
+    public Permission createPermission(Permission permission);
+
+    public void deletePermission(Long permissionId);
+
+}

shiro-example-chapter13/src/main/java/com/github/zhangkaitao/shiro/chapter13/dao/PermissionDaoImpl.java

@@ -0,0 +1,47 @@
+package com.github.zhangkaitao.shiro.chapter13.dao;
+
+import com.github.zhangkaitao.shiro.chapter13.entity.Permission;
+import org.springframework.jdbc.core.PreparedStatementCreator;
+import org.springframework.jdbc.core.support.JdbcDaoSupport;
+import org.springframework.jdbc.support.GeneratedKeyHolder;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+
+/**
+ * <p>User: Zhang Kaitao
+ * <p>Date: 14-1-28
+ * <p>Version: 1.0
+ */
+public class PermissionDaoImpl extends JdbcDaoSupport implements PermissionDao {
+
+    public Permission createPermission(final Permission permission) {
+        final String sql = "insert into sys_permissions(permission, description, available) values(?,?,?)";
+
+        GeneratedKeyHolder keyHolder = new GeneratedKeyHolder();
+        getJdbcTemplate().update(new PreparedStatementCreator() {
+            @Override
+            public PreparedStatement createPreparedStatement(Connection connection) throws SQLException {
+                PreparedStatement psst = connection.prepareStatement(sql, new String[]{"id"});
+                psst.setString(1, permission.getPermission());
+                psst.setString(2, permission.getDescription());
+                psst.setBoolean(3, permission.getAvailable());
+                return psst;
+            }
+        }, keyHolder);
+        permission.setId(keyHolder.getKey().longValue());
+
+        return permission;
+    }
+
+    public void deletePermission(Long permissionId) {
+        //首先把与permission关联的相关表的数据删掉
+        String sql = "delete from sys_roles_permissions where permission_id=?";
+        getJdbcTemplate().update(sql, permissionId);
+
+        sql = "delete from sys_permissions where id=?";
+        getJdbcTemplate().update(sql, permissionId);
+    }
+
+}

shiro-example-chapter13/src/main/java/com/github/zhangkaitao/shiro/chapter13/dao/RoleDao.java

@@ -0,0 +1,18 @@
+package com.github.zhangkaitao.shiro.chapter13.dao;
+
+import com.github.zhangkaitao.shiro.chapter13.entity.Role;
+
+/**
+ * <p>User: Zhang Kaitao
+ * <p>Date: 14-1-28
+ * <p>Version: 1.0
+ */
+public interface RoleDao {
+
+    public Role createRole(Role role);
+    public void deleteRole(Long roleId);
+
+    public void correlationPermissions(Long roleId, Long... permissionIds);
+    public void uncorrelationPermissions(Long roleId, Long... permissionIds);
+
+}

shiro-example-chapter13/src/main/java/com/github/zhangkaitao/shiro/chapter13/dao/RoleDaoImpl.java

@@ -0,0 +1,79 @@
+package com.github.zhangkaitao.shiro.chapter13.dao;
+
+import com.github.zhangkaitao.shiro.chapter13.entity.Role;
+import org.springframework.jdbc.core.PreparedStatementCreator;
+import org.springframework.jdbc.core.support.JdbcDaoSupport;
+import org.springframework.jdbc.support.GeneratedKeyHolder;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+
+/**
+ * <p>User: Zhang Kaitao
+ * <p>Date: 14-1-28
+ * <p>Version: 1.0
+ */
+public class RoleDaoImpl extends JdbcDaoSupport implements RoleDao {
+
+    public Role createRole(final Role Role) {
+        final String sql = "insert into sys_roles(role, description, available) values(?,?,?)";
+
+        GeneratedKeyHolder keyHolder = new GeneratedKeyHolder();
+        getJdbcTemplate().update(new PreparedStatementCreator() {
+            @Override
+            public PreparedStatement createPreparedStatement(Connection connection) throws SQLException {
+                PreparedStatement psst = connection.prepareStatement(sql, new String[]{"id"});
+                psst.setString(1, Role.getRole());
+                psst.setString(2, Role.getDescription());
+                psst.setBoolean(3, Role.getAvailable());
+                return psst;
+            }
+        }, keyHolder);
+        Role.setId(keyHolder.getKey().longValue());
+
+        return Role;
+    }
+
+    public void deleteRole(Long roleId) {
+        //首先把和role关联的相关表数据删掉
+        String sql = "delete from sys_users_roles where role_id=?";
+        getJdbcTemplate().update(sql, roleId);
+
+        sql = "delete from sys_roles where id=?";
+        getJdbcTemplate().update(sql, roleId);
+    }
+
+    @Override
+    public void correlationPermissions(Long roleId, Long... permissionIds) {
+        if(permissionIds == null || permissionIds.length == 0) {
+            return;
+        }
+        String sql = "insert into sys_roles_permissions(role_id, permission_id) values(?,?)";
+        for(Long permissionId : permissionIds) {
+            if(!exists(roleId, permissionId)) {
+                getJdbcTemplate().update(sql, roleId, permissionId);
+            }
+        }
+    }
+
+
+    @Override
+    public void uncorrelationPermissions(Long roleId, Long... permissionIds) {
+        if(permissionIds == null || permissionIds.length == 0) {
+            return;
+        }
+        String sql = "delete from sys_roles_permissions where role_id=? and permission_id=?";
+        for(Long permissionId : permissionIds) {
+            if(exists(roleId, permissionId)) {
+                getJdbcTemplate().update(sql, roleId, permissionId);
+            }
+        }
+    }
+
+    private boolean exists(Long roleId, Long permissionId) {
+        String sql = "select count(1) from sys_roles_permissions where role_id=? and permission_id=?";
+        return getJdbcTemplate().queryForObject(sql, Integer.class, roleId, permissionId) != 0;
+    }
+
+}