因为 Shrio 和整体项目结合的话,细节问题还是比较多。我要侧重讲一些地方。下面我先把我整个项目的 Shiro 配置文件先贴出来,如果你需要哪个类的实现方式,你可以针对性的查找,或者问我。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<description>== Shiro Components ==</description>
<!-- 会话ID生成器 -->
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<!-- 会话Cookie模板 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<!--cookie的name,我故意取名叫xxxxbaidu -->
<constructor-arg value="v_v-s-baidu"/>
<property name="httpOnly" value="true"/>
<!--cookie的有效时间 -->
<property name="maxAge" value="-1"/>
<!-- 配置存储Session Cookie的domain为 一级域名 -->
<property name="domain" value=".itboy.net"/>
</bean>
<!-- custom shiro session listener -->
<bean id="customSessionListener" class="com.sojson.core.shiro.listenter.CustomSessionListener">
<property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
</bean>
<!-- 用户信息记住我功能的相关配置 -->
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="v_v-re-baidu"/>
<property name="httpOnly" value="true"/>
<!-- 配置存储rememberMe Cookie的domain为 一级域名 -->
<property name="domain" value=".itboy.net"/>
<property name="maxAge" value="2592000"/><!-- 30天时间,记住我30天 -->
</bean>
<!-- rememberMe管理器 -->
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<!-- rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)-->
<property name="cipherKey"
value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
<property name="cookie" ref="rememberMeCookie"/>
</bean>
<!-- custom shiro session listener -->
<bean id="customShiroSessionDAO" class="com.sojson.core.shiro.CustomShiroSessionDAO">
<property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>
<!-- 会话验证调度器 -->
<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<property name="interval" value="${session.validate.timespan}"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="sampleRealm"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="rememberMeManager" ref="rememberMeManager"/>
<property name="cacheManager" ref="customShiroCacheManager"/>
</bean>
<!-- 用户缓存 -->
<bean id="customShiroCacheManager" class="com.sojson.core.shiro.cache.impl.CustomShiroCacheManager">
<property name="shiroCacheManager" ref="jedisShiroCacheManager"/>
</bean>
<!-- shiro 缓存实现,对ShiroCacheManager,我是采用redis的实现 -->
<bean id="jedisShiroCacheManager" class="com.sojson.core.shiro.cache.impl.JedisShiroCacheManager">
<property name="jedisManager" ref="jedisManager"/>
</bean>
<!-- redis 的缓存 -->
<bean id="jedisManager" class="com.sojson.core.shiro.cache.JedisManager">
<property name="jedisPool" ref="jedisPool"/>
</bean>
<!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
<!-- 授权 认证 -->
<bean id="sampleRealm" class="com.sojson.core.shiro.token.SampleRealm" ></bean>
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionValidationInterval" value="1800000"/> <!-- 相隔多久检查一次session的有效性 -->
<property name="globalSessionTimeout" value="1800000"/> <!-- session 有效时间为半小时 (毫秒单位)-->
<property name="sessionDAO" ref="customShiroSessionDAO"/>
<property name="sessionListeners">
<list>
<ref bean="customSessionListener"/>
</list>
</property>
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<property name="sessionValidationSchedulerEnabled" value="true"/>
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
</bean>
<bean id="jedisShiroSessionRepository" class="com.sojson.core.shiro.cache.JedisShiroSessionRepository" >
<property name="jedisManager" ref="jedisManager"/>
</bean>
<!--
自定义角色过滤器 支持多个角色可以访问同一个资源 eg:/home.jsp = authc,roleOR[admin,user]
用户有admin或者user角色 就可以访问
-->
<!-- 认证数据库存储-->
<bean id="shiroManager" class="com.sojson.core.shiro.service.impl.ShiroManagerImpl"/>
<bean id="login" class="com.sojson.core.shiro.filter.LoginFilter"/>
<bean id="role" class="com.sojson.core.shiro.filter.RoleFilter"/>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/u/login.shtml" />
<!-- TODO 待提取 -->
<property name="successUrl" value="/" />
<property name="unauthorizedUrl" value="/?login" />
<!-- 初始配置,现采用自定义 -->
<!-- <property name="filterChainDefinitions" >-->
<!-- <value>-->
<!-- /** = anon-->
<!-- /page/login.jsp = anon-->
<!-- /page/register/* = anon-->
<!-- /page/index.jsp = authc-->
<!-- /page/addItem* = authc,roles[数据管理员]-->
<!-- /page/file* = authc,roleOR[普通用户,数据管理员]-->
<!-- /page/listItems* = authc,roleOR[数据管理员,普通用户]-->
<!-- /page/showItem* = authc,roleOR[数据管理员,普通用户]-->
<!-- /page/updateItem*=authc,roles[数据管理员]-->
<!-- </value>-->
<!-- </property>-->
<!-- 读取初始自定义权限内容-->
<property name="filterChainDefinitions" value="#{shiroManager.loadFilterChainDefinitions()}"/>
<property name="filters">
<util:map>
<entry key="login" value-ref="login"></entry>
<entry key="role" value-ref="role"></entry>
</util:map>
</property>
</bean>
<!-- Shiro生命周期处理器-->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- ============================================================================ -->
</beans>