基于Spring框架的Shiro配置

最新推荐文章于 2024-08-14 08:30:00 发布

kdboy

最新推荐文章于 2024-08-14 08:30:00 发布

阅读量114

点赞数

分类专栏：开发文章标签：框架 Spring XML Apache Web

开发专栏收录该内容

19 篇文章 0 订阅

订阅专栏

[color=blue]一、在web.xml中添加shiro过滤器[/color]

	<!-- Shiro filter-->
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>
			org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

[color=blue]二、在Spring的applicationContext.xml中添加shiro配置[/color]
1、添加shiroFilter定义

<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
	<property name="securityManager" ref="securityManager" />
	<property name="loginUrl" value="/login" />
	<property name="successUrl" value="/user/list" />
	<property name="unauthorizedUrl" value="/login" />
	<property name="filterChainDefinitions">
		<value>
			/login = anon
			/user/** = authc
			/role/edit/* = perms[role:edit]
			/role/save = perms[role:edit]
			/role/list = perms[role:view]
			/** = authc
		</value>
	</property>
</bean>

2、添加securityManager定义

	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="myRealm" />
	</bean>

3、添加realm定义

<bean id=" myRealm" class="com...MyRealm" />

[color=blue]三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法[/color]

public class MyRealm extends AuthorizingRealm{

	private AccountManager accountManager;
	public void setAccountManager(AccountManager accountManager) {
		this.accountManager = accountManager;
	}

	/**
	 * 授权信息
	 */
	protected AuthorizationInfo doGetAuthorizationInfo(
				PrincipalCollection principals) {
		String username=(String)principals.fromRealm(getName()).iterator().next();
		if( username != null ){
			User user = accountManager.get( username );
			if( user != null && user.getRoles() != null ){
				SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
				for( SecurityRole each: user.getRoles() ){
						info.addRole(each.getName());
						info.addStringPermissions(each.getPermissionsAsString());
				}
				return info;
			}
		}
		return null;
	}

	/**
	 * 认证信息
	 */
	protected AuthenticationInfo doGetAuthenticationInfo(
				AuthenticationToken authcToken ) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		String userName = token.getUsername();
		if( userName != null && !"".equals(userName) ){
			User user = accountManager.login(token.getUsername(),
							String.valueOf(token.getPassword()));

			if( user != null )
				return new SimpleAuthenticationInfo(
							user.getLoginName(),user.getPassword(), getName());
		}
		return null;
	}

}

参考资料：[url=http://www.infoq.com/cn/articles/apache-shiro]让Apache Shiro保护你的应用[/url]

kdboy

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
基于Spring框架的Shiro配置

[color=blue]一、在web.xml中添加shiro过滤器[/color][code="xml"] shiroFilter org.springframework.web.filter.DelegatingFilterProxy shiroFilter /* [/code][color=blue]二、在Spring的...
复制链接

扫一扫

专栏目录