SSM整合Shiro

SSM整合Shiro

1、依赖

• 所需的依赖

  <dependency>
  		Shiro的依赖
          <groupId>org.apache.shiro</groupId>
          <artifactId>shiro-all</artifactId>
          <version>1.3.2</version>
  </dependency>
  <dependency>
      	Shiro缓存的依赖
          <groupId>net.sf.ehcache</groupId>
          <artifactId>ehcache</artifactId>
          <version>2.10.6</version>
  </dependency>
  

2、web.xml

• web.xml

  <!-- shiro过滤器：DelegatingFilterProxy通过代理模式将spring容器中的bean和filter关联起来 -->
  <filter>
      <filter-name>shiroFilter</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      <init-param>
          <!-- 设置为true：由servlet容器负责filter的生命周期 -->
          <param-name>targetFilterLifecycle</param-name>
          <param-value>true</param-value>
      </init-param>
      <init-param>
          <!-- 设置spring容器filter的bean id，如果不设置则查找与filter名称一致的bean -->
          <param-name>targetBeanName</param-name>
          <param-value>shiroFilter</param-value>
      </init-param>
  </filter>
  <filter-mapping>
      <filter-name>shiroFilter</filter-name>
      <url-pattern>/*</url-pattern>
  </filter-mapping>
  

3、spring-shiro.xml

• spring-shiro.xml

   <!-- shiro的web 过滤器 -->
  <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
      <!-- 认证提交地址，如果没有认证将会请求此地址进行认证，请求此地址将由formAuthenticationFilter进行表单认证 -->
      <property name="loginUrl" value="/user/login"/>
      <property name="successUrl" value="/user/main"/>
      <property name="unauthorizedUrl" value="/user/login"/>
      <property name="filterChainDefinitions">
          <!-- shiro的过滤器链配置 -->
          <value>
              /user/logout = logout
              /static/** = anon
              /** = authc
          </value>
      </property>
      <property name="securityManager" ref="securityManager"/>
      <!--设置每次登陆成功以后跳转到对应的successUrl页面-->
      <property name="filters">
          <map>
              <entry key="authc">
                  <bean class="com.hdax.filter.MyFormAuthenticationFilter"/>
              </entry>
          </map>
      </property>
  </bean>
  
  <!-- 安全管理器 -->
  <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
      <property name="realm" ref="myrealm"/>
      <property name="cacheManager" ref="cacheManager"/>
  </bean>
  
  <!-- 缓存-->
  <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
      <property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml"/>
  </bean>
  
  <!-- 自定义Realm -->
  <bean id="myrealm" class="com.hdax.shiro.real.CustomRealm">
      <property name="credentialsMatcher" ref="credentialsMatcher"/>
  </bean>
  
  <!-- 凭证匹配器 -->
  <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
      <property name="hashAlgorithmName" value="md5"/>
      <property name="hashIterations" value="2"/>
  </bean>
  

4、缓存配置文件

• shiro-ehcache.xml

  <ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd"
       updateCheck="false">
  <!--diskStore：缓存数据持久化的目录 地址 -->
  <diskStore path="java.io.tmpdir" />
  <defaultCache
          maxElementsInMemory="1000"
          maxElementsOnDisk="10000000"
          eternal="false"
          overflowToDisk="false"
          diskPersistent="false"
          timeToIdleSeconds="120"
          timeToLiveSeconds="120"
          diskExpiryThreadIntervalSeconds="120"
          memoryStoreEvictionPolicy="LRU">
  </defaultCache>
  </ehcache>
  

  如果需要开启shiro注解则需要在spring-mvc开启

  <!--    开启AOP，对类代理-->
  <aop:aspectj-autoproxy proxy-target-class="true"/>
  <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
      <property name="securityManager" ref="securityManager"/>
  </bean>