完成sql语句的上传

out/artifacts/Shiro_war_exploded/WEB-INF/classes/config/shiro-ehcache.xml

@@ -0,0 +1,16 @@
+<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="../config/ehcache.xsd">
+    <!--diskStore：缓存数据持久化的目录 地址  -->
+    <diskStore path="/Users/codingboy/develop/ehcache" />
+    <defaultCache
+            maxElementsInMemory="1000"
+            maxElementsOnDisk="10000000"
+            eternal="false"
+            overflowToDisk="false"
+            diskPersistent="false"
+            timeToIdleSeconds="120"
+            timeToLiveSeconds="120"
+            diskExpiryThreadIntervalSeconds="120"
+            memoryStoreEvictionPolicy="LRU">
+    </defaultCache>
+</ehcache>

out/artifacts/Shiro_war_exploded/WEB-INF/classes/config/spring/applicationContext-shiro.xml

@@ -0,0 +1,136 @@
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+		http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
+		http://www.springframework.org/schema/mvc
+		http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
+		http://www.springframework.org/schema/context
+		http://www.springframework.org/schema/context/spring-context-3.2.xsd
+		http://www.springframework.org/schema/aop
+		http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
+		http://www.springframework.org/schema/tx
+		http://www.springframework.org/schema/tx/spring-tx-3.2.xsd ">
+
+
+    <!--web.xml中shiro的filter对应的bean-->
+    <!-- Shiro 的Web过滤器 -->
+    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
+        <property name="securityManager" ref="securityManager" />
+        <!-- loginUrl认证提交地址，如果没有认证将会请求此地址进行认证，请求此地址将由formAuthenticationFilter进行表单认证 -->
+        <property name="loginUrl" value="/login.action" />
+        <!--认证成功统一跳转到first.actio，建议不配置，不配置的话shiro认证成功会自动到上一个请求路径-->
+       <property name="successUrl" value="/first.action"/>
+        <property name="unauthorizedUrl" value="/refuse.jsp" />
+
+        <!--自定义filter-->
+        <property name="filters">
+            <map>
+                <!-- 将自定义的FormAuthenticationFilter注入shiroFiler中 -->
+                <entry key="authc" value-ref="formAuthenticationFilter" />
+            </map>
+        </property>
+
+        <!-- 过虑器链定义，从上向下顺序执行，一般将/**放在最下边 -->
+        <property name="filterChainDefinitions">
+            <value>
+                <!--对静态资源设置匿名访问-->
+                /images/**=anon
+                /js/**=anon
+                /style/**=anon
+
+                <!--验证码-->
+                /validatecode.jsp=anon
+
+                <!--请求这个地址就自动退出-->
+                /logout.action=logout
+
+                <!--商品查询需要商品查询权限，取消url拦截配置，采用注解授权-->
+                <!--/items/queryItems.action=perms[item:query]-->
+                <!--&lt;!&ndash;商品修改需要商品修改权限&ndash;&gt;-->
+                <!--/items/editItems.action=perms[item:edit]-->
+
+                <!--配置记住我或认证通过可以访问的地址-->
+                /index.jsp=user
+                /first.action=user
+
+                <!-- -/**=authc 表示所有的url都必须认证通过才可以访问- -->
+                /** = authc
+
+
+                <!--/**=anon 表示所有的url都可以匿名访问-->
+
+            </value>
+        </property>
+    </bean>
+
+    <!--securityManage-->
+    <!-- 安全管理器 -->
+    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
+        <property name="realm" ref="customRealm" />
+
+        <!--注入缓存管理器-->
+        <property name="cacheManager" ref="cacheManager"/>
+
+        <!--注入会话管理器-->
+        <property name="sessionManager" ref="sessionManager" />
+
+        <!-- 记住我 -->
+        <property name="rememberMeManager" ref="rememberMeManager"/>
+
+
+    </bean>
+
+    <!--自定义realm-->
+    <bean id="customRealm" class="shiro.CustomRealm">
+        <!--将凭证匹配器设置到realm中，realm按照凭证匹配器要求进行散列-->
+        <property name="credentialsMatcher" ref="credentialsMatcher"/>
+    </bean>
+
+    <!-- 凭证匹配器 -->
+    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
+        <property name="hashAlgorithmName" value="md5" />
+        <property name="hashIterations" value="1" />
+    </bean>
+
+    <!-- 缓存管理器 -->
+    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
+        <property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml"/>
+    </bean>
+
+
+    <!-- 会话管理器 -->
+    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
+        <!-- session的失效时长，单位毫秒 -->
+        <property name="globalSessionTimeout" value="600000"/>
+        <!-- 删除失效的session -->
+        <property name="deleteInvalidSessions" value="true"/>
+    </bean>
+
+
+    <!--自定义form认证过滤器-->
+    <bean id="formAuthenticationFilter"
+          class="shiro.CustomFromAuthenticationFilter">
+        <!-- 表单中账号的input名称 -->
+        <property name="usernameParam" value="username" />
+        <!-- 表单中密码的input名称 -->
+        <property name="passwordParam" value="password" />
+        <!--记住我input的名称-->
+        <property name="rememberMeParam" value="rememberMe"/>
+    </bean>
+
+    <!-- rememberMeManager管理器 -->
+    <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
+        <property name="cookie" ref="rememberMeCookie" />
+    </bean>
+    <!-- 记住我cookie -->
+    <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
+        <!--rememberMe时cookie的名字-->
+        <constructor-arg value="rememberMe" />
+        <!-- 记住我cookie生效时间30天 -->
+        <property name="maxAge" value="2592000" />
+    </bean>
+
+</beans>

out/artifacts/Shiro_war_exploded/WEB-INF/classes/config/spring/applicationContext-transaction.xml

@@ -1,7 +1,8 @@
     <beans xmlns="http://www.springframework.org/schema/beans"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
            xmlns:context="http://www.springframework.org/schema/context"
-           xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
+           xmlns:aop="http://www.springframework.org/schema/aop"
+		   xmlns:tx="http://www.springframework.org/schema/tx"
            xsi:schemaLocation="http://www.springframework.org/schema/beans
 		http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
 		http://www.springframework.org/schema/mvc
@@ -12,6 +13,7 @@
 		http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
 		http://www.springframework.org/schema/tx
 		http://www.springframework.org/schema/tx/spring-tx-3.2.xsd ">
+
 		<!--使用声明式的控制配置，可以有效的规范代码-->
 		<!--事务管理器的配置-->
 		<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">

out/artifacts/Shiro_war_exploded/WEB-INF/classes/config/spring/springmvc.xml

@@ -9,6 +9,7 @@
 		http://www.springframework.org/schema/context
 		http://www.springframework.org/schema/context/spring-context-3.2.xsd
 		http://www.springframework.org/schema/aop
+		http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
 		http://www.springframework.org/schema/tx
 		http://www.springframework.org/schema/tx/spring-tx-3.2.xsd ">
 
@@ -18,6 +19,14 @@
     一次性配置此包下所有的Handler-->
     <context:component-scan base-package="controller"/>
 
+    <!-- 开启aop，对类代理 -->
+    <aop:config proxy-target-class="true"> </aop:config>
+    <!-- 开启shiro注解支持 -->
+    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
+        <property name="securityManager" ref="securityManager" />
+    </bean>
+
+
 
 
     <!--mvc的注解驱动器，通过它可以替代下边的处理器映射器和适配器-->
@@ -34,22 +43,22 @@
 
 
 
-    <!--拦截器 -->
-    <mvc:interceptors>
-        <!--多个拦截器,顺序执行 -->
-        <mvc:interceptor>
-            <!--/**可以拦截路径不管有多少层-->
-            <mvc:mapping path="/**"/>
-            <bean class="controller.interceptor.LoginInterceptor"></bean>
-        </mvc:interceptor>
-        <mvc:interceptor>
-            <!--/**可以拦截路径不管有多少层-->
-            <mvc:mapping path="/**"/>
-            <bean class="controller.interceptor.PermissionInterceptor"></bean>
-        </mvc:interceptor>
+    <!--&lt;!&ndash;拦截器 &ndash;&gt;-->
+    <!--<mvc:interceptors>-->
+        <!--&lt;!&ndash;多个拦截器,顺序执行 &ndash;&gt;-->
+        <!--<mvc:interceptor>-->
+            <!--&lt;!&ndash;/**可以拦截路径不管有多少层&ndash;&gt;-->
+            <!--<mvc:mapping path="/**"/>-->
+            <!--<bean class="controller.interceptor.LoginInterceptor"></bean>-->
+        <!--</mvc:interceptor>-->
+        <!--<mvc:interceptor>-->
+            <!--&lt;!&ndash;/**可以拦截路径不管有多少层&ndash;&gt;-->
+            <!--<mvc:mapping path="/**"/>-->
+            <!--<bean class="controller.interceptor.PermissionInterceptor"></bean>-->
+        <!--</mvc:interceptor>-->
 
 
-    </mvc:interceptors>
+    <!--</mvc:interceptors>-->
 
 
 

out/artifacts/Shiro_war_exploded/WEB-INF/jsp/first.jsp

@@ -96,7 +96,7 @@
 
 		</SPAN> <SPAN style="padding-left: 10px; font-size: 16px;"><IMG
 			align="absmiddle" src="images/blocks.gif" width="20" height="20">
-			医药集中采购系统</SPAN> <SPAN style="padding-left: 15px;" id="News"></SPAN>
+			商品查询购买系统</SPAN> <SPAN style="padding-left: 15px;" id="News"></SPAN>
 	</DIV>
 
 	<DIV style="background: rgb(210, 224, 242); height: 30px;" split="false"

out/artifacts/Shiro_war_exploded/WEB-INF/jsp/itemsList.jsp

@@ -2,6 +2,7 @@
     pageEncoding="UTF-8"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt"  prefix="fmt"%>
+<%@ taglib uri="http://shiro.apache.org/tags" prefix="shiro" %>
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
@@ -61,7 +62,12 @@
 	<td><fmt:formatDate value="${item.createtime}" pattern="yyyy-MM-dd HH-mm-ss"/></td>
 	<td>${item.detail }</td>
 
-	<td><a href="${pageContext.request.contextPath }/items/editItems.action?id=${item.id}">修改</a></td>
+	<td>
+		<!--有item:update权限才现实修改链接，没有权限则不显示修改链接-->
+		<shiro:hasPermission name="item:update">
+			<a href="${pageContext.request.contextPath }/items/editItems.action?id=${item.id}">修改</a>
+		</shiro:hasPermission>
+	</td>
 	<td><a href="${pageContext.request.contextPath }/items/viewItems/${item.id}">商品查看</a></td>
 
 

out/artifacts/Shiro_war_exploded/WEB-INF/jsp/login.jsp

@@ -3,7 +3,7 @@
 <%@ include file="/WEB-INF/jsp/tag.jsp"%>
 <html>
 <head>
-<TITLE>药品采购平台</TITLE>
+<TITLE>商品查询购买系统</TITLE>
 <meta http-equiv="pragma" content="no-cache">
 <meta http-equiv="cache-control" content="no-cache">
 <meta http-equiv="content-type" content="text/html; charset=UTF-8">
@@ -62,7 +62,7 @@
 						<TR>
 							<TD>用户名：</TD>
 							<TD colSpan="2"><input type="text" id="usercode"
-								name="usercode" style="WIDTH: 130px" /></TD>
+								name="username" style="WIDTH: 130px" /></TD>
 						</TR>
 						<TR>
 							<TD>密 码：</TD>
@@ -77,6 +77,11 @@
 								href=javascript:randomcode_refresh()>刷新</a></TD>
 						</TR>
 
+						<tr>
+							<td></td>
+							<td><input type="checkbox" name="rememberMe"/>自动登录</td>
+						</tr>
+
 						<TR>
 							<TD colSpan="2" align="center"><input type="button"
 								class="btnalink" onclick="loginsubmit()" value="登&nbsp;&nbsp;录" />

out/artifacts/Shiro_war_exploded/WEB-INF/web.xml

@@ -11,7 +11,7 @@
             <param-name>contextConfigLocation</param-name>
             <!--配置文件的地址
             如果不配置contextConfigLocation，默认查找的配置文件名称是classpath下的:servlet名称+"-servlet.xml"即springmvc-servlet.xml-->
-            <param-value>classpath:config/spring/springmvc.xml</param-value>
+            <param-value> classpath:config/spring/springmvc.xml </param-value>
         </init-param>
     </servlet>
     <servlet-mapping>
@@ -24,6 +24,29 @@
     </servlet-mapping>
 
 
+    <!--在这里配置shiro的filter-->
+    <!-- shiro过虑器，DelegatingFilterProxy通过代理模式将spring容器中的bean和此filter关联起来 -->
+    <filter>
+        <filter-name>shiroFilter</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+        <!-- 设置true由servlet容器控制filter的生命周期 -->
+        <init-param>
+            <param-name>targetFilterLifecycle</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- 设置spring容器filter的bean id，如果不设置则找与filter-name一致的bean-->
+        <init-param>
+            <param-name>targetBeanName</param-name>
+            <param-value>shiroFilter</param-value>
+        </init-param>
+    </filter>
+    <filter-mapping>
+        <filter-name>shiroFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+
+
     <!--配置spring容器监听器-->
     <context-param>
         <param-name>contextConfigLocation</param-name>

out/artifacts/Shiro_war_exploded/refuse.jsp

@@ -0,0 +1,12 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>拒绝访问</title>
+</head>
+<body>
+无权访问！
+</body>
+</html>

src/config/shiro-ehcache.xml

@@ -0,0 +1,16 @@
+<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="../config/ehcache.xsd">
+    <!--diskStore：缓存数据持久化的目录 地址  -->
+    <diskStore path="/Users/codingboy/develop/ehcache" />
+    <defaultCache
+            maxElementsInMemory="1000"
+            maxElementsOnDisk="10000000"
+            eternal="false"
+            overflowToDisk="false"
+            diskPersistent="false"
+            timeToIdleSeconds="120"
+            timeToLiveSeconds="120"
+            diskExpiryThreadIntervalSeconds="120"
+            memoryStoreEvictionPolicy="LRU">
+    </defaultCache>
+</ehcache>