一、web.xml 中配置:
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
二、 通过反射在spring bean工厂中获取id=“shiroFilter”的bean
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="filters">
<util:map>
<entry key="authc" value-ref="formAuthenticationFilter"/>
<entry key="sysUser" value-ref="sysUserFilter"/>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/login = authc
/logout = logout
/authenticated = authc
/** = user,sysUser
</value>
</property>
</bean>
三、securityManager 安全管理
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="userRealm"/> //自定义userRealm 权限用户认证
<property name="sessionManager" ref="sessionManager"/>//session管理
<property name="cacheManager" ref="cacheManager"/>//缓存管理
<property name="rememberMeManager" ref="rememberMeManager"/>//记住密码实现
</bean>
四、自定义userRealm
public class UserRealm extends AuthorizingRealm {
//俩方法自己实现
doGetAuthorizationInfo(PrincipalCollection principals);
doGetAuthenticationInfo(AuthenticationToken token)
}