一.web.xml配置
<!-- shiro -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:spring-shiro.xml
</param-value>
</context-param>
二.spring-shiro.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"
default-lazy-init="true">
<bean id="shiroFilter" class="com.qzsoft.common.shiro.web.ShiroDbFilterFactoryBean">
<property name="securityManager" ref="defaultWebSecurityManager" />
<property name="loginUrl" value="/oauth2/login.do" />
<property name="successUrl" value="/admin" />
<property name="filterChainDefinitions">
<value>
/oauth2/login.do = authc
/redis/* = authc
</value>
</property>
</bean>
<bean id="defaultSecurityManager" class="org.apache.shiro.mgt.DefaultSecurityManager">
<property name="realm" ref="shiroDbRealm" />
<property name="cacheManager" ref="shiroCacheManager" />
<property name="sessionManager" ref="defaultSessionManager" />
</bean>
<bean id="defaultWebSecurityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shiroDbRealm" />
<property name="cacheManager" ref="shiroCacheManager" />
<property name="sessionManager" ref="defaultWebSessionManager"/>
<property name="rememberMeManager" ref="cookieRememberMeManager" />
</bean>
<bean id="shiroDbRealm" class="com.qzsoft.common.shiro.realm.ShiroDbRealm">
<property name="credentialsMatcher" ref="openidCredentialsMatcher" />
</bean>
<!-- <bean id="openidCredentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"/> -->
<!-- <bean id="openidCredentialsMatcher"
class="com.qzsoft.tb.oauth2.shiro.authc.credential.OpenidCredentialsMatcher">
</bean> -->
<bean id="openidCredentialsMatcher" class="com.qzsoft.common.oauth2.client.shiro.authc.credential.OpenidCredentialsMatcher">
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- shiro缓存 -->
<!-- <bean id="shiroCacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" /> -->
<bean id="shiroCacheManager" class="com.qzsoft.common.shiro.cache.redis.RedisCacheManager">
<property name="cacheManager" ref="redisCacheManager"/>
</bean>
<!-- shiro缓存 -->
</beans>
三.类
package com.qzsoft.common.shiro.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import com.alibaba.fastjson.JSON;
//import com.qzsoft.tb.jcaptcha.util.JCaptchaUtils;
/*import com.qzsoft.tb.shiro.authc.IncorrectCaptchaException;
import com.qzsoft.tb.shiro.authc.UsernamePasswordCaptchaToken;
import com.qzsoft.tb.shiro.entity.ShiroUser;
import com.qzsoft.tb.shiro.service.ShiroCaptchaService;
import com.qzsoft.tb.shiro.service.ShiroUserService;*/
import com.qzsoft.common.shiro.entity.ShiroUser;
import com.qzsoft.common.shiro.service.ShiroUserService;
public class ShiroDbRealm extends AuthorizingRealm {
private static final Logger LOG = LoggerFactory.getLogger(ShiroDbRealm.class);
// @Autowired(required = false)
// protected ShiroCaptchaService captchaService;
@Autowired
protected ShiroUserService shiroUserService;
public void clearCachedAuthorizationInfo(Object principal) {
clearCachedAuthorizationInfo(new SimplePrincipalCollection(principal, getName()));
}
public void clearAllCachedAuthorizationInfo() {
Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
if (cache != null) {
cache.clear();
}
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {
// if (authcToken instanceof UsernamePasswordCaptchaToken) {
// if (!captchaService.validate(JCaptchaUtils.getLoginCaptchaID(),
// ((UsernamePasswordCaptchaToken) authcToken).getCaptcha(), true)) {
// throw new IncorrectCaptchaException();
// }
// }
// captchaService.removeCaptcha(JCaptchaUtils.getLoginCaptchaID());
LOG.info("-00---------{}",JSON.toJSONString(authcToken));
String loginName = ((UsernamePasswordToken) authcToken).getUsername();
ShiroUser loginUser = shiroUserService.findUserByLoginName(loginName);
if (loginUser == null) {
throw new UnknownAccountException();
}
if (loginUser.isDisabled()) {
throw new DisabledAccountException();
}
ByteSource salt = ByteSource.Util.bytes(shiroUserService.getSaltBytes(loginUser));
return new SimpleAuthenticationInfo(loginName, loginUser.getPassword(), salt, getName());
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
String loginName = (String) principals.getPrimaryPrincipal();
ShiroUser loginUser = shiroUserService.findUserByLoginName(loginName);
if (loginUser.getRoleNames() != null) {
info.addRoles(loginUser.getRoleNames());
}
if (loginUser.getPermissionNames() != null) {
info.addStringPermissions(loginUser.getPermissionNames());
}
return info;
}
}