shiro学习笔记三：shiro与spring集成

一、项目说明

项目环境：jdk1.7+tomcat7+idea2018+maven+shiro1.3.2

源代码github地址：https://github.com/tmAlj/shiro/tree/master/ssms

实现目标：通过shiro与spring+springmvc+mybatis整合，完成shiro的简单应用

综合实例：基于shiro的按钮级别的权限管理系统

二、整合流程

三、整合步骤（默认spring+springmvc+mybatis已整合）

（1）新建maven工程，名称为ssms（spring+springmvc+mybatis+shiro）

（2）配置pom.xml中依赖（下载地址：http://mvnrepository.com/）

<!-- shiro依赖 -->
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.3.2</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-ehcache</artifactId>
    <version>1.3.2</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.3.2</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-web</artifactId>
    <version>1.3.2</version>
</dependency>
<!-- end -->

（3）配置web.xml

<!-- shiro过滤器配置 -->
<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

（4）配置sping-shiro-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	   xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

	<!-- 配置shiro的核心securityManager -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="cacheManager" ref="cacheManager"/>
		<!--<property name="sessionMode" value="native"/>-->
		<!--<property name="realm" ref="jdbcRealm"/>-->
	</bean>

	<!-- 配置ehcache缓存 -->
	<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
	</bean>

	<!-- 配置shiro的重要的元素Reaml(验证的数据源)，可自定义 -->
<!--	<bean id="jdbcRealm" class="org.apache.shiro.samples.spring.realm.SaltAwareJdbcRealm">
	</bean>-->

	<!-- 配置shiro中bean生命周期管理器 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

	<!-- AOP式方法级权限检查 -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
		  depends-on="lifecycleBeanPostProcessor"/>
	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
		<property name="securityManager" ref="securityManager"/>
	</bean>

	<!-- shiro过滤器配置，与web.xml中shiro过滤器同名 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager"/>
		<!-- 需要登录成功后跳转的页面 -->
		<property name="loginUrl" value="login.jsp"/>
		<!-- 登录成功后跳转的页面 -->
		<property name="successUrl" value="/s/index"/>
		<!-- 访问未授权页面跳转的页面 -->
		<property name="unauthorizedUrl" value="unauthor.jsp"/>
		<property name="filterChainDefinitions">
        <!-- 静态资源需要设置为anon，否则找不到 -->
			<value>
				/statics/** = anon
				/login.jsp = anon
				/welcom.jsp = authc
			</value>
		</property>
	</bean>
</beans>

（5）测试整合

        注：启动项目成功后加载登录页面，同时访问localhost:8080/ssms/welcom.jsp会跳转到登录首页，说明shiro与spring的基本整合没有问题

转载于:https://my.oschina.net/tij/blog/1929116