一、在web.xml中添加shiro过滤器
二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义
2、添加securityManager定义
3、添加realm定义
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
- <!-- Shiro filter-->
- < filter >
- < filter-name > shiroFilter </ filter-name >
- < filter-class >
- org.springframework.web.filter.DelegatingFilterProxy
- </ filter-class >
- </ filter >
- < filter-mapping >
- < filter-name > shiroFilter </ filter-name >
- < url-pattern > /* </ url-pattern >
- </ filter-mapping >
二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义
- <!-- Shiro Filter -->
- < bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean" >
- < property name = "securityManager" ref = "securityManager" />
- < property name = "loginUrl" value = "/login" />
- < property name = "successUrl" value = "/user/list" />
- < property name = "unauthorizedUrl" value = "/login" />
- < property name = "filterChainDefinitions" >
- < value >
- /login = anon
- /user/** = authc
- /role/edit/* = perms[role:edit]
- /role/save = perms [role:edit]
- /role/list = perms [role:view]
- /** = authc
- </ value >
- </ property >
- </ bean >
2、添加securityManager定义
- < bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager" >
- < property name = "realm" ref = "myRealm" />
- </ bean >
3、添加realm定义
- < bean id = " myRealm" class = "com...MyRealm" />
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
- public class MyRealm extends AuthorizingRealm{
- private AccountManager accountManager;
- public void setAccountManager(AccountManager accountManager) {
- this .accountManager = accountManager;
- }
- /**
- * 授权信息
- */
- protected AuthorizationInfo doGetAuthorizationInfo(
- PrincipalCollection principals) {
- String username=(String)principals.fromRealm(getName()).iterator().next();
- if ( username != null ){
- User user = accountManager.get( username );
- if ( user != null && user.getRoles() != null ){
- SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
- for ( SecurityRole each: user.getRoles() ){
- info.addRole(each.getName());
- info.addStringPermissions(each.getPermissionsAsString());
- }
- return info;
- }
- }
- return null ;
- }
- /**
- * 认证信息
- */
- protected AuthenticationInfo doGetAuthenticationInfo(
- AuthenticationToken authcToken ) throws AuthenticationException {
- UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
- String userName = token.getUsername();
- if ( userName != null && ! "" .equals(userName) ){
- User user = accountManager.login(token.getUsername(),
- String.valueOf(token.getPassword()));
- if ( user != null )
- return new SimpleAuthenticationInfo(
- user.getLoginName(),user.getPassword(), getName());
- }
- return null ;
- }
- }
参考资料:
让Apache Shiro保护你的应用
(http://kdboy.iteye.com/blog/1103794)