第一:在web.xml 中配置过滤器 <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 第二: 2.1 <!-- 用户授权信息Cache --> <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />
<!-- 加密方式 -->
<bean id="credentialsMatcher"
class="org.apache.shiro.authc.credential.SimpleCredentialsMatcher">
<!--property name="hashAlgorithmName" value="MD5" /-->
</bean>
2.2 <!-- 项目自定义的Realm --> <bean id="metisRealm" class="cn.org.metis.service.impl.MetisRealm"> <property name="credentialsMatcher" ref="credentialsMatcher" /> <property name="metisSecurityService" ref="metisSecurityService" /> </bean>
2.3 配置管理器 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="metisRealm" /> <property name="cacheManager" ref="cacheManager" /> </bean> 2.4 <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- 将安全管理器注入到安全工具类的静态方法中去,用于保证全局环境中有且只有一个安全管理器 -->
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager" />
<property name="arguments" ref="securityManager" />
</bean>
2.5
<!-- Shiro Filter过滤链 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="unauthorizedUrl" value="/default.jsp" />
<property name="filterChainDefinitions">
<value>
/index.jsp = authc
/jsp/** = authc
/savin/** = authc
/fin/** = authc
/am/** = authc
/alarm/** = authc
/logout.do = logout
<!-- /am/** = authc
/cem/** = authc
/energycost/** = authc
/ec/** = authc
/rtm/** = authc
/sa/** = authc
/logout.do = logout -->
</value>
</property>
</bean>