shiro入门配置

基础配置

使用shiro的步骤
1. 导入JAR包
2. web.xml配置

    <!-- Shiro配置 -->    
    <filter>    
        <filter-name>shiroFilter</filter-name>    
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    
    </filter>    
    <filter-mapping>    
        <filter-name>shiroFilter</filter-name>    
        <url-pattern>/*</url-pattern>    
    </filter-mapping>

1. applicationContext.xml配置

    <!-- ehcache 的配置 -->
    <cache:annotation-driven cache-manager="cacheManager" />
    <bean id="cacheManagerFactory"
        class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
        <property name="configLocation">
            <value>classpath:ehcache.xml</value>
        </property>
    </bean>
    <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
        <property name="cacheManager" ref="cacheManagerFactory" />
    </bean>

    <!-- 自定义Realm实现 -->
    <bean id="myRealm" class="com.lbs.login.myRealm">
        <!-- <property name="cacheManager" ref="shiroEhcacheManager" /> -->
    </bean>
    <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->
    <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <property name="cacheManagerConfigFile" value="classpath:ehcache.xml" />
        <!-- <property name="cacheManager" ref="cacheManager" /> -->
    </bean>
    <!-- securityManager -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="myRealm" />
        <property name="cacheManager" ref="shiroEhcacheManager" />
    </bean>

    <!-- Shiro生命周期处理器,保证实现了Shiro内部lifecycle函数的bean执行 -->    
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

    <!-- Shiro Filter 拦截器相关配置 -->
    <!--shiro过滤器配置，bean的id值须与web中的filter-name的值相同 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <!-- securityManager -->
        <property name="securityManager" ref="securityManager" />
        <!-- 登录路径 -->
        <property name="loginUrl" value="/login.jsp" />
        <!-- 登录成功后跳转路径 -->
        <property name="successUrl" value="/manager/index.jsp" />
        <!-- 授权失败跳转路径 -->
        <property name="unauthorizedUrl" value="/login.jsp" />
        <!-- 过滤链定义 -->
        <property name="filterChainDefinitions">
            <value>
                /login.jsp* = anon
                /logout* = anon
                /*.js = anon
                /*.css = anon
                /manager/** = authc,roles["管理员"]<!-- 表示需要认证的链接 -->
                /index.jsp = authc
            </value>
        </property>
    </bean>

1. 
   
2. 建立myRealm.java，重写以下两种方法
   

doGetAuthorizationInfo()方法可以理解为是权限验证
doGetAuthenticationInfo(AuthenticationToken token)理解为登陆验证。

shiro 授权

Shiro支持三种方式实现授权过程：
- 编码实现
- 注解实现
- JSP Taglig实现

角色授权

当需要验证用户是否拥有某个角色时，可以调用Subject实例的hasRole*方法验证。

Subject currentUser = SecurityUtils.getSubject();
if (currentUser.hasRole("administrator")) {
    //show the admin button
} else {
    //don't show the button?  Grey it out?
}

具体见[shiro入门]一文，原文不定时更新(http://chen1218chen.github.io/2016/03/30/shiro%E5%85%A5%E9%97%A8/)