ssm整合shiro

1. web.xml 文件配置filter

<filter>
  	<filter-name>shiroFilter</filter-name>
  	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  	<init-param>
  		<param-name>targetFilterLifecycle</param-name>
  		<param-value>true</param-value>
  	</init-param>
  	<init-param>
  		<param-name>targetBeanName</param-name>
  		<param-value>shiroFilter</param-value>
  	</init-param>
  </filter>
  
  <filter-mapping>
  	<filter-name>shiroFilter</filter-name>
  	<url-pattern>/*</url-pattern>
  </filter-mapping>

2. applicationContext.xml配置shiro Bean

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        		<property name="realm" ref="userRealm"></property>
        </bean>
        
       <bean id="userRealm" class="'">
        	<property name="credentialsMatcher " ref="credentialsMatcher"></property>
        </bean>
        <!-- 配置凭证匹配器 -->
        <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        	<property name="hashAlgorithmName" value="md5"></property>
        	<property name="hashIterations" value="2"></property>
        </bean>
        
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        	<property name="securityManager"  ref="securityManager"></property>
        	<property name="loginUrl" value="/login"></property>
        		<!-- 配置认证成功后跳转地址，如果没有配置则跳转上一个路径 -->
        		<property name="successUrl" value="/index"></property>
        		<!-- 权限认证不通过访问路径 -->
        		<property name="unauthorizedUrl " value="/logingUrl"></property>
        		<!-- shiro过滤器链 -->
        		<property name="filterChainDefinitions">
        				<value>
        					/index=anon
        					/login=authc
        					/logout=logout
        					/images/**=anon
        					/js/**=anon
        					/css/**=anon
        					/**=authc
        				</value>
        		</property>
        		
        </bean>
            <!-- 配置logout过滤器 -->
        <bean id="logout" class="org.apache.shiro.web.filter.authc.LogoutFilter">
        		<property name="redirectUrl " value="/login"></property>
        </bean>

3. 创建实体类Realm -> UserRealm

public class UserRealm extends AuthorizingRealm{
	...
}

4. 配置权限三种方式
   注解方式
   标签
   过滤器

缓存管理

可以使用ehcache 或者redis集成

ehcache

引用ehcache.jar文件

ehcacee.xml

<ehcache>

    <diskStore path="java.io.tmpdir/shiro-ehcache"/>


    <defaultCache
            maxElementsInMemory="10000"
            eternal="false"
            timeToIdleSeconds="120"
            timeToLiveSeconds="120"
            overflowToDisk="false"
            diskPersistent="false"
            diskExpiryThreadIntervalSeconds="120"
            />

    

</ehcache>

配置applicationContext.xml

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        		<property name="realm" ref="userRealm"></property>
        		<property name="cacheManager" ref="cacheManager"/>
        </bean>
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"  >
        	<property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
        </bean>

SessionManager

  <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        	<property name="globalSessionTimeout" value="1800000"/>
        	<property name="deleteInvalidSessions" value="true"/>
        </bean>

RemeberMe