基于Spring框架的Shiro配置

一、 在web.xml中添加shiro过滤器 

 Xml代码 

1. <!-- Shiro filter-->  
2. <filter>  
3.     <filter-name>shiroFilter</filter-name>  
4.     <filter-class>  
5.         org.springframework.web.filter.DelegatingFilterProxy  
6.     </filter-class>  
7. </filter>  
8. <filter-mapping>  
9.     <filter-name>shiroFilter</filter-name>  
10.     <url-pattern>/*</url-pattern>  
11. </filter-mapping>  

二、在Spring的applicationContext.xml中添加shiro配置  
1、添加shiroFilter定义，此id的定义必须和web.xml中<filter-mapping>下的filter-name保存一致。 

1. <!-- Shiro Filter -->  
2. <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
3.     <property name="securityManager" ref="securityManager" />  
4.     <property name="loginUrl" value="/login" />  
5.     <property name="successUrl" value="/user/list" />  
6.     <property name="unauthorizedUrl" value="/login" />  
7.     <property name="filterChainDefinitions">  
8.         <value>  
9.             /login = anon  
10.             /user/** = authc  
11.             /role/edit/* = perms[role:edit]  
12.             /role/save = perms[role:edit]  
13.             /role/list = perms[role:view]  
14.             /** = authc  
15.         </value>  
16.     </property>  
17. </bean>  

2、添加securityManager定义 

1. <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">  
2.     <property name="realm" ref="myRealm" />  
3. </bean>  

3、添加realm定义 

1. <bean id=" myRealm" class="com...MyRealm" />  

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法  

• public class MyRealm extends AuthorizingRealm{  
•   
•     private AccountManager accountManager;  
•     public void setAccountManager(AccountManager accountManager) {  
•         this.accountManager = accountManager;  
•     }  
•   
•  授权信息 
•     protected AuthorizationInfo doGetAuthorizationInfo(  
•                 PrincipalCollection principals) {  
•         String username=(String)principals.fromRealm(getName()).iterator().next();  
•         if( username != null ){  
•             User user = accountManager.get( username );  
•             if( user != null && user.getRoles() != null ){  
•                 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();  
•                 for( SecurityRole each: user.getRoles() ){  
•                         info.addRole(each.getName());  
•                         info.addStringPermissions(each.getPermissionsAsString());  
•                 }  
•                 return info;  
•             }  
•         }  
•         return null;  
•     }  
•   
• 
  
•  认证信息 
•     protected AuthenticationInfo doGetAuthenticationInfo(  
•                 AuthenticationToken authcToken ) throws AuthenticationException {  
•         UsernamePasswordToken token = (UsernamePasswordToken) authcToken;  
•         String userName = token.getUsername();  
•         if( userName != null && !"".equals(userName) ){  
•             User user = accountManager.login(token.getUsername(),  
•                             String.valueOf(token.getPassword()));  
•   
•             if( user != null )  
•                 return new SimpleAuthenticationInfo(  
•                             user.getLoginName(),user.getPassword(), getName());  
•         }  
•         return null;  
•     }  
•   
• }