shiro标签在jsp页面报错,使用S2SH + MAVEN + SHIRO, 求解
HTTP Status 500 - An exception occurred processing JSP page /success.jsp at line 13
type Exception report
message An exception occurred processing JSP page /success.jsp at line 13
description The server encountered an internal error that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: An exception occurred processing JSP page /success.jsp at line 13
10:
11:
12: This is Success page.
13:
14:
15: /shiro:hasRole
16:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
sysActiviti
<!-- 配置 OpenSessionInViewFilter 来阻止延迟加载的错误 -->
openSessionInViewFilter
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
openSessionInViewFilter
/*
<!-- 配置 SpringIOC 容器监听器 -->
contextConfigLocation
classpath:applicationContext.xml
<!-- Bootstraps the root web application context before servlet initialization -->
org.springframework.web.context.ContextLoaderListener
<!-- 配置 Shiro 过滤器 -->
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
targetFilterLifecycle
true
shiroFilter
/*
<!-- 配置 Struts2 过滤器 -->
struts2
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
struts2
/*
login.jsp
Struts的配置
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.3//EN"
"http://struts.apache.org/dtds/struts-2.3.dtd">
<!-- 配置模式为开发模式,自动加载struts.xml和显示错误提示信息 -->
<!-- 设置页面主题为简单主题,去掉struts2开发提供的样式 -->
<package name="default" namespace="/" extends="struts-default">
<!-- 拦截器配置 -->
<interceptors>
<!-- 定义了一个用于拦截器登录的拦截器 -->
<interceptor name="loginInterceptor" class="com.syscom.spdb.utils.LoginInteceptor"></interceptor>
<!-- 定义一个拦截器栈 -->
<interceptor-stack name="systemStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="loginInterceptor" />
</interceptor-stack>
</interceptors>
<!-- 定义系统默认拦截器 全局 -->
<default-interceptor-ref name="systemStack" />
<!-- 全局结果视图 -->
<global-results>
<result name="login" type="redirect">
login.jsp
</result>
</global-results>
<action name ="loginAction_*" class ="loginAction" method="login">
<result name ="login">login.jsp</result>
<result name ="success">success.jsp</result>
</action>
<action name="caseAction_*" class="caseAction" method="{1}">
<result name="home">WEB-INF/views/001/new.jsp</result>
<result name="input">WEB-INF/views/001/input.jsp</result>
<result name="save" type="redirectAction">
<param name="actionName">caseAction_home.action</param>
</result>
</action>
<action name="workflowAction_*" class="workflowAction" method="{1}">
<result name="list" type="redirectAction">
<param name="actionName">workflowAction_deployHome.action</param>
</result>
<result name="deployHome">WEB-INF/views/000/admin.jsp</result>
<result name="task">WEB-INF/views/workflow/task.jsp</result>
<result name="completeNew">WEB-INF/views/001/completeStartProcess.jsp</result>
<result name="image">WEB-INF/views/workflow/image.jsp</result>
<result name="listTask" type="redirectAction">
<param name="actionName">workflowAction_listTask.action</param>
</result>
<result name="viewTaskForm" type="redirectAction">
<!-- 从Case.bpmn文件中获取任务节点的url连接 -->
<param name="actionName">workflowAction_listTask.action</param>
</result>
<result name="taskForm">WEB-INF/views/workflow/viewTaskForm.jsp</result>
<result name="viewHisComment">WEB-INF/views/001/taskFormHis.jsp</result>
</action>
</package>
可以登录进去,但是授权有问题
自定义Realm
package com.syscom.spdb.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import com.syscom.spdb.domain.Employee;
import com.syscom.spdb.service.IEmployeeService;
public class MyRealm extends AuthorizingRealm {
private IEmployeeService employeeService;
public void setEmployeeService(IEmployeeService employeeService) {
this.employeeService = employeeService;
}
/**
* 认证方法
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws AuthenticationException {
// 获得身份
String name = (String) token.getPrincipal();
// 通过用户名查询用户
Employee employee= employeeService.findEmployeeByName(name);
if (employee != null) {
System.out.println("MyRealm: username = "+employee.getName()+" password = "+employee.getPassword());
AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(
employee.getName(), employee.getPassword(), "xx");
// 返回认证信息
return authcInfo;
} else {
return null;
}
}
/**
* 授权方法
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
String name = (String) principal.getPrimaryPrincipal();
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
// 设置角色
authorizationInfo.setRoles(employeeService.getRoles(name));
// 设置权限
authorizationInfo.setStringPermissions(employeeService
.getPermissions(name));
// 返回授权信息
return authorizationInfo;
}
}
#Login
@RequestMapping("/login")
public String login() {
// 获取主体
Subject subject = SecurityUtils.getSubject();
// 创造令牌
UsernamePasswordToken token = new UsernamePasswordToken(employee.getName(),employee.getPassword());
// 设置记住我
token.setRememberMe(true);
try {
SessionContext.setUser(employee);
// 通过令牌登录
subject.login(token);
return "success";
} catch (Exception e) {
e.printStackTrace();
return "login";
}
}
DAOImpl
package com.syscom.spdb.dao.impl;
import java.util.List;
import java.util.Set;
import org.apache.struts2.ServletActionContext;
import org.junit.Test;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.syscom.spdb.dao.IEmployeeDao;
import com.syscom.spdb.domain.Employee;
import com.syscom.spdb.service.IEmployeeService;
import com.syscom.spdb.utils.SessionContext;
public class EmployeeDaoImpl extends HibernateDaoSupport implements IEmployeeDao {
/**使用用户名作为查询条件,查询用户对象*/
@Override
public Employee findEmployeeByName(String name) {
String hql = "from Employee o where o.name = ?";
List<Employee> list = this.getHibernateTemplate().find(hql, name);
Employee employee = null;
if(list!=null && list.size()>0){
employee = list.get(0);
}else{
return null;
}
return employee;
}
@Override
public Employee findUserById(Long currentUserId) {
String hql = "from Employee o where o.manager.id = ?";
List<Employee> list = this.getHibernateTemplate().find(hql, currentUserId);
Employee user = null;
if(list!=null && list.size()>0){
user = list.get(0);
}else{
return null;
}
return user;
}
@Override
public Set<String> getRoles(String name) {
String hql = "from Employee o,Role r where o.roleId = r.id and o.name = ?";
List<Employee> list = this.getHibernateTemplate().find(hql, name);
Employee user = null;
if(list!=null && list.size()>0){
user = list.get(0);
}else{
return null;
}
return (Set<String>) user;
}
@Override
public Set<String> getPermissions(String name) {
String hql = "from Employee o, Role r, Permission p where o.roleId = r.id and p.roleId = r.id and o.name = ?";
List<Employee> list = this.getHibernateTemplate().find(hql, name);
Employee user = null;
if(list!=null && list.size()>0){
user = list.get(0);
}else{
return null;
}
return (Set<String>) user;
}
}
数据库
