基于Spring框架的Shiro配置

最新推荐文章于 2024-07-22 14:15:06 发布

iteye_18039

最新推荐文章于 2024-07-22 14:15:06 发布

阅读量99

点赞数

分类专栏： shiro spring 文章标签： java web.xml

本文链接：https://blog.csdn.net/iteye_18039/article/details/82175926

版权

spring 同时被 2 个专栏收录

23 篇文章 0 订阅

订阅专栏

shiro

4 篇文章 0 订阅

订阅专栏

一、在web.xml中添加shiro过滤器

	<!-- Shiro filter-->
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>
			org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

二、在Spring的applicationContext.xml中添加shiro配置

<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
	<property name="securityManager" ref="securityManager" />
	<property name="loginUrl" value="/login" />
	<property name="successUrl" value="/user/list" />
	<property name="unauthorizedUrl" value="/login" />
	<property name="filterChainDefinitions">
		<value>
			/login = anon
			/user/** = authc
			/role/edit/* = perms[role:edit]
			/role/save = perms[role:edit]
			/role/list = perms[role:view]
			/** = authc
		</value>
	</property>
</bean>

2、添加securityManager定义

	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="myRealm" />
	</bean>

3、添加realm定义

<bean id=" myRealm" class="com...MyRealm" />

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法

public class MyRealm extends AuthorizingRealm{   
  
    private AccountManager accountManager;   
    public void setAccountManager(AccountManager accountManager) {   
        this.accountManager = accountManager;   
    }   
  
    /**  
     * 授权信息  
     */  
    protected AuthorizationInfo doGetAuthorizationInfo(   
                PrincipalCollection principals) {   
        String username=(String)principals.fromRealm(getName()).iterator().next();   
        if( username != null ){   
            User user = accountManager.get( username );   
            if( user != null && user.getRoles() != null ){   
                SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();   
                for( SecurityRole each: user.getRoles() ){   
                        info.addRole(each.getName());   
                        info.addStringPermissions(each.getPermissionsAsString());   
                }   
                return info;   
            }   
        }   
        return null;   
    }   
  
    /**  
     * 认证信息  
     */  
    protected AuthenticationInfo doGetAuthenticationInfo(   
                AuthenticationToken authcToken ) throws AuthenticationException {   
        UsernamePasswordToken token = (UsernamePasswordToken) authcToken;   
        String userName = token.getUsername();   
        if( userName != null && !"".equals(userName) ){   
            User user = accountManager.login(token.getUsername(),   
                            String.valueOf(token.getPassword()));   
  
            if( user != null )   
                return new SimpleAuthenticationInfo(   
                            user.getLoginName(),user.getPassword(), getName());   
        }   
        return null;   
    }   
  
}