SSM整合Shiro
1、依赖
- 所需的依赖
<dependency> Shiro的依赖 <groupId>org.apache.shiro</groupId> <artifactId>shiro-all</artifactId> <version>1.3.2</version> </dependency> <dependency> Shiro缓存的依赖 <groupId>net.sf.ehcache</groupId> <artifactId>ehcache</artifactId> <version>2.10.6</version> </dependency>
2、web.xml
- web.xml
<!-- shiro过滤器:DelegatingFilterProxy通过代理模式将spring容器中的bean和filter关联起来 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <!-- 设置为true:由servlet容器负责filter的生命周期 --> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> <init-param> <!-- 设置spring容器filter的bean id,如果不设置则查找与filter名称一致的bean --> <param-name>targetBeanName</param-name> <param-value>shiroFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3、spring-shiro.xml
- spring-shiro.xml
<!-- shiro的web 过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 认证提交地址,如果没有认证将会请求此地址进行认证,请求此地址将由formAuthenticationFilter进行表单认证 --> <property name="loginUrl" value="/user/login"/> <property name="successUrl" value="/user/main"/> <property name="unauthorizedUrl" value="/user/login"/> <property name="filterChainDefinitions"> <!-- shiro的过滤器链配置 --> <value> /user/logout = logout /static/** = anon /** = authc </value> </property> <property name="securityManager" ref="securityManager"/> <!--设置每次登陆成功以后跳转到对应的successUrl页面--> <property name="filters"> <map> <entry key="authc"> <bean class="com.hdax.filter.MyFormAuthenticationFilter"/> </entry> </map> </property> </bean> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myrealm"/> <property name="cacheManager" ref="cacheManager"/> </bean> <!-- 缓存--> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml"/> </bean> <!-- 自定义Realm --> <bean id="myrealm" class="com.hdax.shiro.real.CustomRealm"> <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> <!-- 凭证匹配器 --> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5"/> <property name="hashIterations" value="2"/> </bean>
4、缓存配置文件
- shiro-ehcache.xml
如果需要开启shiro注解则需要在spring-mvc开启<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd" updateCheck="false"> <!--diskStore:缓存数据持久化的目录 地址 --> <diskStore path="java.io.tmpdir" /> <defaultCache maxElementsInMemory="1000" maxElementsOnDisk="10000000" eternal="false" overflowToDisk="false" diskPersistent="false" timeToIdleSeconds="120" timeToLiveSeconds="120" diskExpiryThreadIntervalSeconds="120" memoryStoreEvictionPolicy="LRU"> </defaultCache> </ehcache>
<!-- 开启AOP,对类代理--> <aop:aspectj-autoproxy proxy-target-class="true"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean>