首先配置Web.xml filter要放到最上
<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping>
spring-mvc.xml 如果将spring.xml中的配置信息配置到spring-mvc文件中将会出现找不到beanName异常
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> <property name="exceptionMappings"> <props> <prop key="org.apache.shiro.authz.UnauthorizedException">error/unauthorized</prop> </props> </property> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- AOP式方法级权限检查 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
spring.xml 如果将spring-mvc.xml配置文件中的信息配置到spring.xml中将会出现注解失效的情况,因为会造成springmvc扫描不到注解
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="ShiroRealm" /> <!-- <property name="sessionManager" ref="sessionManager"/> --> <!-- 使用下面配置的缓存管理器 --> <!-- <property name="cacheManager" ref="cacheManager" /> --> </bean> <!-- 項目自定义的Realm --> <bean id="ShiroRealm" class="com.iyspace.base.shiro.MyRealm" ></bean> <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login/loginPage.do" /> <!-- <property name="successUrl" value="/main.do" /> --> <!-- <property name="unauthorizedUrl" value= />--> <!-- anon:匿名拦截器,即不需要登录即可访问;一般用于静态资源过滤 authc:如果没有登录会跳到相应的登录页面登录 user:用户拦截器,用户已经身份验证/记住我登录的都可 --> <property name="filterChainDefinitions"> <value> /login/* = anon /* = authc </value> </property> </bean>