1、spring 配置文件
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"></property> <property name="loginUrl" value="/login.jsp"></property> <property name="filterChainDefinitions"> <value> /validatecode.jsp*=anon /userAction_login.action =anon /page_base_staff.action = roles["staff"] //在 /* =authc之前,否则不管用 /page_base_staff.action =perms["staff"] /* =authc </value> </property> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="realm"></property> </bean> <bean id="realm" class="com.dong.bos.web.realm.BosRealm"></bean>
2、Realm 类
public class BosRealm extends AuthorizingRealm { @Autowired private IUserDao iUserDao; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo(); simpleAuthorizationInfo.addRole("staff"); //addStringPermission
return simpleAuthorizationInfo; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; String username = token.getUsername(); User user = iUserDao.findByUsername(username); if (user != null) { /** * Object principal, 把数据库查询的对象 * Object credentials,证书:写密码自动验证,查询出来的密码 * String realmName,当前的类名 */ //返回AuthenticationInfo对象,【这个对象会自动验证密码】 SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), this.getClass().getSimpleName()); return simpleAuthenticationInfo; } return null; } }