Shiro 基本依赖配置
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
Shiro 核心过滤器配置
在注解启动类中,重写onStartup方法,完成过滤器的注册
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
System.out.println("onStartup");
//super.onStartup(servletContext);
registerContextLoaderListener(servletContext);
registerFilter(servletContext);
registerDispatcherServlet(servletContext);
}
private void registerFilter(ServletContext servletContext) {
//注册Filter对象
//什么时候需要采用此方式进行注册?
//项目没有web.xml并且此filter不是自己写的
FilterRegistration.Dynamic dy=
servletContext.addFilter("filterProxy",
DelegatingFilterProxy.class);
dy.setInitParameter("targetBeanName","shiroFilterFactoryBean");
dy.addMappingForUrlPatterns(
null,//EnumSet<DispatcherType>
false,"/*");//url-pattern
}
Shiro 基本组件配置—AppShiroConfig
@Bean(“securityManager”)
public DefaultWebSecurityManager newDefaultWebSecurityManager(
AuthorizingRealm userRealm){
DefaultWebSecurityManager sManager=
new DefaultWebSecurityManager();
//此时必须保证realm对象已经存在了
sManager.setRealm(userRealm);
return sManager;
}
@Bean("shiroFilterFactoryBean")
public ShiroFilterFactoryBean newShiroFilterFactoryBean(
SecurityManager securityManager){//shiro 包
ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
bean.setSecurityManager(securityManager);
//当此用户是一个非认证用户,需要先登陆进行认证
bean.setLoginUrl("/doLoginUI.do");
LinkedHashMap<String,String> fcMap=
new LinkedHashMap<>();
fcMap.put("/bower_components/**","anon");//anon表示允许匿名访问
fcMap.put("/build/**", "anon");
fcMap.put("/dist/**","anon");
fcMap.put("/plugins/**","anon");
fcMap.put("/doLogin.do","anon");
fcMap.put("/doLogout.do ","logout");
fcMap.put("/**", "anon");//必须授权才能访问 默认用户登录
//fcMap.put("/**", "authc");//必须授权才能访问
bean.setFilterChainDefinitionMap(fcMap);
return bean;
}
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor newLifecycleBeanPostProcessor(){
return new LifecycleBeanPostProcessor();
}
@DependsOn(value="lifecycleBeanPostProcessor")
@Bean
public DefaultAdvisorAutoProxyCreator newDefaultAdvisorAutoProxyCreator(){
return new DefaultAdvisorAutoProxyCreator();
}
@Bean
public AuthorizationAttributeSourceAdvisor newAuthorizationAttributeSourceAdvisor(
SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor bean=
new AuthorizationAttributeSourceAdvisor();
bean.setSecurityManager(securityManager);
return bean;
}
Shiro 核心过滤器配置
在注解启动类中,重写onStartup方法,完成过滤器的注册
@Override
public void onStartup(ServletContext servletContext)
throws ServletException {
System.out.println("onStartup");
//super.onStartup(servletContext);
registerContextLoaderListener(servletContext);
registerFilter(servletContext);
registerDispatcherServlet(servletContext);
}
private void registerFilter(ServletContext servletContext) {
//注册Filter对象
//什么时候需要采用此方式进行注册?
//项目没有web.xml并且此filter不是自己写的
FilterRegistration.Dynamic dy=
servletContext.addFilter("filterProxy",
DelegatingFilterProxy.class);
dy.setInitParameter("targetBeanName","shiroFilterFactoryBean");
dy.addMappingForUrlPatterns(
null,//EnumSet<DispatcherType>
false,"/*");//url-pattern
}
Dao接口实现
SysUser findUserByUserName(String username);
Mapper元素定义
根据SysUserDao中定义的方法,添加元素定义
<select id="findUserByUserName"
resultType="sysUser">
select *
from sys_users
where username=#{username}
</select>
Shiro 缓存配置
添加ehcache 依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
Spring 中配置ehcache 配置文件
将cacheManager添加到securityManager中
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="cacheManager" ref="cacheManager"/>
<property name="realm" ref="userRealm"></property>
</bean>