shiro學習筆記(5)--spring整合
阿新 • • 發佈:2018-11-14
spring整合shiro(1)
1、jar
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.3</version>
</dependency>
2、web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath:spring-shiro.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <!-- Apache Shiro --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> <!-- targetBeanName表示shiro配置檔案中宣告的filterBean的id 不配置則預設和filter-name一致 --> <init-param> <param-name>targetBeanName</param-name> <param-value>shiroFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3、spring-shiro.xml
說明:
(1)loginurl:訪問需要認證的資源且沒有認證時跳轉的路徑,不配置預設根路徑下/login.jsp
(2)successUrl:認證成功後跳轉的路徑,不配置則跳轉上一個url
(3)filterChainDefinitions:過濾器鏈配置的是訪問路徑是否需要認證
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd"> <description>Shiro Configuration</description> <!-- 定義Shiro安全管理配置 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!-- 訪問需要認證的資源沒有認證時跳轉的url;如果不配置,則預設訪問根路徑下的/login.jsp --> <property name="loginUrl" value="/login.do" ></property> <!-- 配置認證成功後跳轉url,通常不配置。若不配置則跳轉上一個url(即認證前url) --> <property name="successUrl" value="/index.do" ></property> <property name="filterChainDefinitions"> <value> /tologin.do = anon /login.do = authc /index.do = anon /** = anon </value> </property> </bean> <!-- 安全認證過濾器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm" /> </bean> <bean id="myRealm" class="cn.kexq.commons.security.MyRealm"/> </beans>
4、realm
public class MyRealm extends AuthorizingRealm { @Resource private LoginService loginService; @Override public String getName() { return "myRealm"; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String userName = token.getPrincipal().toString(); User user = null; SimpleAuthenticationInfo info = null; try { if(loginService==null){ loginService = SpringBeanFactoryUtils.getBean(LoginService.class); user = loginService.findUserByUserName(userName); }else{ user = loginService.findUserByUserName(userName); } info = new SimpleAuthenticationInfo(user, user.getPassword(), getName()); }catch (Exception e){ e.printStackTrace(); } return info; ` } //篇幅所限省略授權方法 }