一、
在web.xml中添加shiro过滤器
Xml代码
- <!--
Shiro filter--> - <filter>
-
<filter-name>shiroFilter</filter-name> -
<filter-class> -
org.springframework.web.filter.DelegatingFilterProxy -
</filter-class> - </filter>
- <filter-mapping>
-
<filter-name>shiroFilter</filter-name> -
<url-pattern>/*</url-pattern> - </filter-mapping>
二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义,此id的定义必须和web.xml中<filter-mapping>下的filter-name保存一致。
- <!--
Shiro Filter --> - <bean
id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> -
<property name="securityManager" ref="securityManager" /> -
<property name="loginUrl" value="/login" /> -
<property name="successUrl" value="/user/list" /> -
<property name="unauthorizedUrl" value="/login" /> -
<property name="filterChainDefinitions"> -
<value> -
/login = anon -
/user/** = authc -
/role/edit/* = perms[role:edit] -
/role/save = perms[role:edit] -
/role/list = perms[role:view] -
/** = authc -
</value> -
</property> - </bean>
2、添加securityManager定义
- <bean
id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManage r"> -
<property name="realm" ref="myRealm" /> - </bean>
3、添加realm定义
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
- public
class MyRealm extends AuthorizingRealm{ -
-
private AccountManager accountManager; -
public void setAccountManager(AccountManager accountManager) { -
this.accountManager = accountManager; -
} -
-
授权信息 -
protected AuthorizationInfo doGetAuthorizationInfo( -
PrincipalCollection principals) { -
String username=(String)principals.fromRealm(getName()).iterator().next(); -
if( username != null ){ -
User user = accountManager.get( username ); -
if( user != null && user.getRoles() != null ){ -
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); -
for( SecurityRole each: user.getRoles() ){ -
info.addRole(each.getName()); -
info.addStringPermissions(each.getPermissionsAsString()); -
} -
return info; -
} -
} -
return null; -
} -
-
-
认证信息 -
protected AuthenticationInfo doGetAuthenticationInfo( -
AuthenticationToken authcToken ) throws AuthenticationException { -
UsernamePasswordToken token = (UsernamePasswordToken) authcToken; -
String userName = token.getUsername(); -
if( userName != null && !"".equals(userName) ){ -
User user = accountManager.login(token.getUsername(), -
String.valueOf(token.getPassword())); -
-
if( user != null ) -
return new SimpleAuthenticationInfo ( -
user.getLoginName(),user.getPassword(), getName()); -
} -
return null; -
} -
- }