shiro學習筆記(7)--cacheManager、sessionManager、rememberMe配置
阿新 • • 發佈:2018-11-14
1、授權:在自定義realm的doGetAuthorizationInfo方法中讀取使用者許可權並授權
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { System.out.println("---------------授權----------------"); //模擬授權 List<String> list = new ArrayList<>(); list.add("sys:user:view"); list.add("sys:user:edit"); SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.addStringPermissions(list); return info; }
2、在controller或jsp中新增許可權控制符並檢驗授權情況
1、控制器
@RequiresPermissions("sys:user:edit")
2、jsp頁面
<shiro:hasPermission name="sys:user:view">...</shiro:hasPermission>
3、快取管理
當同一使用者對某一資源的許可權多次授權認證時,可以將其放入快取中。在shiro-all包下預設有一個ehcache的包,也可以單獨新增一個
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.4.0</version> </dependency>
<!-- 安全認證過濾器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm" /> <property name="cacheManager" ref="cacheManager"/> <property name="sessionManager" ref="sessionManager"/> <property name="rememberMeManager" ref="rememberMeManager"/> </bean> <!-- 配置快取管理器 --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache/ehcache.xml"></property> </bean>
注:ehcache.xml配置檔案放在classpath路徑下;xml配置檔案在shiro-ehcache.jar包下或shiro-all.jar包的cache/ehcache目錄下
4、session和rememberMe設定
<!-- 安全認證過濾器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
<property name="cacheManager" ref="cacheManager"/>
**<property name="sessionManager" ref="sessionManager"/>
<property name="rememberMeManager" ref="rememberMeManager"/>**
</bean>
<!-- 配置會話管理器 -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="6000"/>
<property name="deleteInvalidSessions" value="true"/>
</bean>
<!-- 配置rememberMeManager管理器 -->
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<property name="cookie" ref="rememberMeCookie"/>
</bean>
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<property name="maxAge" value="604800"/>
<property name="name" value="rememberMe"/>
</bean>
<!-- FormAuthenticationFilter預設提取的身份資訊是username,password。若要修改需要配置。bean的id必須為authc-->
<bean id="authc" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
<property name="usernameParam" value="name"/>
<property name="passwordParam" value="pwd"/>
<!-- 配置rememberMe域名 -->
**<property name="rememberMeParam" value="rememberMe"/>**
</bean>
login.jsp
<label class="fancy-checkbox element-left">
<input type="checkbox" name="**rememberMe**">
<span>Remember me</span>
</label>