shiro 权限控制
1.增加jar包
<dependency >
<groupId > org.apache.shiro</groupId >
<artifactId > shiro-core</artifactId >
<version > ${shiro.version}</version >
</dependency >
<dependency >
<groupId > org.apache.shiro</groupId >
<artifactId > shiro-web</artifactId >
<version > ${shiro.version}</version >
</dependency >
<dependency >
<groupId > org.apache.shiro</groupId >
<artifactId > shiro-ehcache</artifactId >
<version > ${shiro.version}</version >
</dependency >
<dependency >
<groupId > org.apache.shiro</groupId >
<artifactId > shiro-spring</artifactId >
<version > ${shiro.version}</version >
</dependency >
2.配置xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns ="http://www.springframework.org/schema/beans"
xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation ="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"
default-lazy-init ="false" >
<description > Shiro安全配置</description >
<bean id ="sessionDAO"
class ="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO" />
<bean id ="sessionIdCookie" class ="org.apache.shiro.web.servlet.SimpleCookie" >
<property name ="name" value ="xxxxxx" > </property >
<property name ="path" value ="/" > </property >
</bean >
<bean id ="shiroSessionManager"
class ="org.apache.shiro.web.session.mgt.DefaultWebSessionManager" >
<property name ="sessionDAO" ref ="sessionDAO" />
<property name ="sessionValidationInterval" value ="1800000" />
<property name ="globalSessionTimeout" value ="1800000" />
<property name ="sessionIdUrlRewritingEnabled" value ="false" />
<property name ="sessionIdCookieEnabled" value ="true" />
<property name ="sessionIdCookie" ref ="sessionIdCookie" />
</bean >
<bean id ="securityManager" class ="org.apache.shiro.web.mgt.DefaultWebSecurityManager" >
<property name ="cacheManager" ref ="shiroCacheManager" />
<property name ="sessionManager" ref ="shiroSessionManager" />
<property name ="realms" >
<list >
<ref local ="shiroHttpRealm" />
</list >
</property >
</bean >
<bean id ="shiroHttpRealm" class ="xxx.xx.ShiroHttpRealm" >
</bean >
<bean id ="roleOrFilter"
class ="xxx.CustomRolesAuthorizationFilter" />
<bean id ="updateCurrentInfoFilter"
class ="xxx.ModuleAuthorizationFilter" />
<bean id ="validateFilter"
class ="xxx.ValidateURLFilter" />
<bean id ="productFilter"
class ="xxx.ProductAuthFilter" />
<bean id ="permissionInfoFilter"
class ="xxx.PermissionInfoFilter" />
<bean id ="shiroFilter" class ="org.apache.shiro.spring.web.ShiroFilterFactoryBean" >
<property name ="securityManager" ref ="securityManager" />
<property name ="loginUrl" value ="${APP_URL}/login" />
<property name ="successUrl" value ="/index" />
<property name ="unauthorizedUrl" value ="/unauthorized" />
<property name ="filters" >
<map >
<entry key ="roles" value-ref ="roleOrFilter" />
<entry key ="current" value-ref ="updateCurrentInfoFilter" />
<entry key ="validate" value-ref ="validateFilter" />
<entry key ="productAuth" value-ref ="productFilter" />
<entry key ="permissionInfo" value-ref ="permissionInfoFilter" />
</map >
</property >
<property name ="filterChainDefinitions" >
<value >
/unauthorized = anon
/assets/** = anon
/login/** = anon
/feedback/** = user
/common/**=authc
/**/edit**=roles[1,2,3],productAuth,validate,permissionInfo
/adminSettings/**=roles[1],permissionInfo
/index/**=authc
/** = authc
</value >
</property >
</bean >
<bean id ="lifecycleBeanPostProcessor" class ="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
</beans >
3.编写shiro域
public class ShiroHttpRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo ( PrincipalCollection principals ) {
return null ;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo ( AuthenticationToken token ) throws AuthenticationException {
return null ;
}
}
4.filters
public class ProductAuthFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed ( ServletRequest request, ServletResponse response, Object mappedValue ) throws Exception {
Subject subject = getSubject( request, response );
if ( subject == null ) {
return false ;
}
ShiroUser user = (ShiroUser)subject.getPrincipal();
long userId = user.id;
if ( userId < 0 L ) {
return false ;
}
String productId = request.getParameter( "productId" );
if ( StringUtils.isEmpty( productId ) ) {
return true ;
}
return true ;
}
5.缓存配置
import org.apache.shiro.cache.AbstractCacheManager;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component ( value = "shiroCacheManager" )
public class ShiroCacheManager extends AbstractCacheManager {
@Autowired
private ShiroCache myCache;
@Override
protected Cache createCache (String arg0) throws CacheException {
return myCache;
}
}
import java.util.Collection;
import java.util.Set;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import net.rubyeye.xmemcached.MemcachedClient;
@Component
public class ShiroCache implements Cache<Object, Object> {
public static final int HOUR_TIME_OUT = 60 * 60 * 1 ;
@Autowired
private MemcachedClient memcachedClient;
public Object get ( Object key ) throws CacheException {
if ( key instanceof String ) {
try {
return this .memcachedClient.get ( (String)key );
}
catch ( Exception exception ) {
exception.printStackTrace();
return null ;
}
}
return null ;
}
@Override
public Object put ( Object key, Object value ) throws CacheException {
if ( key instanceof String ) {
try {
this .memcachedClient.set ( (String)key, HOUR_TIME_OUT, value );
}
catch ( Exception e ) {
e.printStackTrace();
return null ;
}
}
return value ;
}
@Override
public Set<Object> keys () {
return null ;
}
@Override
public Object remove (Object arg0) throws CacheException {
return null ;
}
@Override
public int size () {
return 0 ;
}
@Override
public Collection<Object> values () {
return null ;
}
@Override
public void clear () throws CacheException {
}