<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd">
<!-- securityManager安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shiroRealm" />
<property name="cacheManager" ref="cacheManager"/>
<!-- session管理器 -->
<property name="sessionManager" ref="sessionManager" />
</bean>
<!-- realm -->
<bean id="shiroRealm" class="com.hzq.system.service.realm.ShiroRealm">
<property name="credentialsMatcher" ref="credentialsMatcher" />
</bean>
<!-- 凭证匹配器 -->
<bean id="credentialsMatcher" class="com.hzq.system.shiro.ShiroCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-1" />
<property name="hashIterations" value="1024" />
<property name="cacheKey" value="passwordRetryCache"></property>
<property name="cacheManager" ref="cacheManager"></property>
</bean>
<!-- 权限信息,认证信息的缓存缓存管理器 -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/>
</bean>
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- session的失效时长,单位毫秒 -->
<property name="globalSessionTimeout" value="1000000"/>
<!-- 删除失效的session -->
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionDAO" ref="sessionDAO"/>
<property name="sessionIdCookieEnabled" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
</bean>
<!-- 会话Cookie模板 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="sid"/>
<property name="httpOnly" value="true"/>
<property name="maxAge" value="-1"/>
</bean>
<!-- 会话DAO -->
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<bean id="shiroSessionListener" class="com.hzq.system.listener.ShiroSessionListener"></bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<!-- 未认证跳转页面 -->
<property name="loginUrl" value="/login" />
<!-- 认证成功统一跳转页面,若不配置,成功后自动到上一个请求路径 -->
<property name="successUrl" value="index" />
<!-- 没有权限操作时跳转页面-->
<property name="unauthorizedUrl" value="/refuse.jsp" />
<!-- 自定义filter配置 -->
<property name="filters">
<map>
<!-- 将自定义 的FormAuthenticationFilter注入shiroFilter中-->
<entry key="authc" value-ref="formAuthenticationFilter" />
<!-- <entry key="sessionControl" value-ref="onLinePerAccountControlFilter"></entry> -->
</map>
</property>
<property name="filterChainDefinitions">
<value>
<!-- 静态资源,验证码不需要拦截 -->
/images/** = anon
/js/** = anon
/styles/** = anon
/validatecode.jsp = anon
/=anon
/kicked =anon
<!-- 退出url,shiro会自动清除session -->
/logout = logout
<!-- 记住我(user)或认证通过可以访问的地址 -->
<!-- /=user
/index=user -->
/**=authc
</value>
</property>
</bean>
<!-- 基于Form表单的身份验证过滤器,不配置将也会注册此过虑器,表单中的用户账号、密码及loginurl将采用默认值,建议配置 -->
<bean id="formAuthenticationFilter" class="com.hzq.system.shiro.ShiroFormAuthenticationFilter">
<!-- 表单中账号的input名称 -->
<property name="usernameParam" value="username" />
<!-- 表单中密码的input名称 -->
<property name="passwordParam" value="password" />
<!-- 记住我input的名称 -->
<property name="rememberMeParam" value="rememberMe"/>
<property name="cacheKey" value="shiro-kickout-session"></property>
<property name="cacheManager" ref="cacheManager"></property>
<property name="sessionManager" ref="sessionManager"></property>
<property name="kickoutAfter" value="false"/>
<!-- 同一个帐号最大会话数 默认1 -->
<property name="maxSession" value="1"/>
<property name="kickoutUrl" value="/kicked"/>
</bean>
</beans>