设置拦截器 ShiroFilterFactoryBean
方法1. JAVA中设置
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/index");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/ajaxLogin", "anon");
filterChainDefinitionMap.put("/项目的Namespace/userlogin", "anon");
filterChainDefinitionMap.put("/swagger-ui.html#", "anon");
// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问;user:remember me的可以访问-->
filterChainDefinitionMap.put("/fine", "user");
filterChainDefinitionMap.put("/项目的Namespace/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
System.out.println("Shiro拦截器工厂类注入成功");
return shiroFilterFactoryBean;
}
方法2. applicationContext.xml 中设置
<bean id="securityManager"
class="com.key.common.plugs.security.MyDefaultWebSecurityManager">
<property name="realm" ref="shiroDbRealm" />
<property name="rememberMeManager" ref="rememberMeManager" />
</bean>
<bean id="formAuthFilter"
class="com.key.common.plugs.security.FormAuthenticationWithLockFilter">
<property name="maxLoginAttempts" value="100" />
<property name="successAdminUrl" value="/main.action?menu=3"