技术背景:shiro安全框架,redis作缓存,再整合spring。
1、配置web.xml
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2、配置spring-shiro.xml的配置文件
<!--shiro配置-->
<!--securityManager是shiro核心部分-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="sessionManager" ref="webSessionManager" />
<property name="realm" ref="restfulAuthRealm"/>
<property name="rememberMeManager.cookie.name" value="rememberMe"/>
<property name="rememberMeManager.cookie.maxAge" value="${rememberMeManager.cookie.maxAge}"/>
</bean>
<!--配置shiro的sessionManager-->
<bean id="webSessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="redisSessionDAO"></property>
</bean>
<!--权限操作bean-->
<bean id="permissionManager" class="com.securityframework.local.PermissionManagerLocalImpl" />
<!--账号操作bean-->
<bean id="accountManagerImpl" class="com.securityframework.local.AccountManagerLocalImpl"/>
<!--自定义realm-->
<bean id ="restfulAuthRealm" class="com.isoftstone.securityframework.restful.client.web.shiro.realm.RestAuthRealm">
<property name="accountManagerImpl" ref="accountManagerImpl"></property>
<property name="permissionManagerImpl" ref="permissionManager"></property>
<property name="cacheManager" ref="redisCacheManager"></property>
<property name="platformLabel">
<value>${platformLabel}</value>
</property>
</bean>
<!--动态获取filterchaindefinitions,此处与下面ShiroFilter bean所引用的类对应-->
<bean id="systemUrlChainManager" class="com.securityframework.restful.client.web.shiro.mgt.RestUrlChainManager">
<property name="permissionManager" ref="permissionManager"></property>
<property name="platformLabel">
<value>${platformLabel}</value>
</property>
<property name="systemLabel">
<value>${systemLabel}</value>
</property>
</bean>
<!--与web.xml中配置的filter同名,它对应的类原本是<code class="xml string">org.apache.shiro.spring.web.ShiroFilterFactoryBean,</code>-->
<!--这里为了动态获取filterchaindefinitions改写了<code class="xml string">ShiroFilterFactoryBean类,它们的作用是一样的</code>-->
<bean id="ShiroFilter" class="com.securityframework.restful.client.web.shiro.filter.RestAuthShiroFilter">
<property name="urlChainManager" ref="systemUrlChainManager" />
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="../../res/user/login.html"/>
<property name="unauthorizedUrl" value="/html/413.html"/>
<property name="filters">
<util:map>
<entry key="authc">
<bean class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter"/>
</entry>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/images/** =anon
/help/** =anon
/css/** = anon
/easyui/** =anon
/javascript/** =anon
/commons/** =anon
/jsplugin/** =anon
/ueditor/** =anon
/html/** =anon
/index.html = anon
/ = anon
/** = user
</value>
</property>
</bean>
<span><span class="comments"> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --></span><span></span></span>
<pre name="code" class="java"> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!--redis配置-->
<!-- basic jedis pool configuration -->
<bean id="basicPoolConfig" class="redis.clients.jedis.JedisPoolConfig">
<property name="maxActive" value="${redis.pool.maxActive}" />
<property name="maxIdle" value="${redis.pool.maxIdle}" />
<property name="maxWait" value="${redis.pool.maxWaitTime}" />
<property name="testOnBorrow" value="${redis.pool.testOnBorrow}" />
</bean>
<!-- JedisPool configuration-->
<bean id="j