一、项目说明
项目环境:jdk1.7+tomcat7+idea2018+maven+shiro1.3.2
源代码github地址:https://github.com/tmAlj/shiro/tree/master/ssms
实现目标:通过shiro与spring+springmvc+mybatis整合,完成shiro的简单应用
综合实例:基于shiro的按钮级别的权限管理系统
二、整合流程
三、整合步骤(默认spring+springmvc+mybatis已整合)
(1)新建maven工程,名称为ssms(spring+springmvc+mybatis+shiro)
(2)配置pom.xml中依赖(下载地址:http://mvnrepository.com/)
<!-- shiro依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
<!-- end -->
(3)配置web.xml
<!-- shiro过滤器配置 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
(4)配置sping-shiro-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<!-- 配置shiro的核心securityManager -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="cacheManager" ref="cacheManager"/>
<!--<property name="sessionMode" value="native"/>-->
<!--<property name="realm" ref="jdbcRealm"/>-->
</bean>
<!-- 配置ehcache缓存 -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
</bean>
<!-- 配置shiro的重要的元素Reaml(验证的数据源),可自定义 -->
<!-- <bean id="jdbcRealm" class="org.apache.shiro.samples.spring.realm.SaltAwareJdbcRealm">
</bean>-->
<!-- 配置shiro中bean生命周期管理器 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<!-- shiro过滤器配置,与web.xml中shiro过滤器同名 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- 需要登录成功后跳转的页面 -->
<property name="loginUrl" value="login.jsp"/>
<!-- 登录成功后跳转的页面 -->
<property name="successUrl" value="/s/index"/>
<!-- 访问未授权页面跳转的页面 -->
<property name="unauthorizedUrl" value="unauthor.jsp"/>
<property name="filterChainDefinitions">
<!-- 静态资源需要设置为anon,否则找不到 -->
<value>
/statics/** = anon
/login.jsp = anon
/welcom.jsp = authc
</value>
</property>
</bean>
</beans>
(5)测试整合
注:启动项目成功后加载登录页面,同时访问localhost:8080/ssms/welcom.jsp会跳转到登录首页,说明shiro与spring的基本整合没有问题