springmvc+shiro

最新推荐文章于 2020-01-12 18:52:58 发布

weixin_34066347

最新推荐文章于 2020-01-12 18:52:58 发布

阅读量49

点赞数

文章标签： java 数据库 web.xml

原文链接：https://yq.aliyun.com/articles/316512

版权

web.xml配置shiroFilter

    <!-- Apache Shiro -->
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

配置文件：spring-content-shiro.xml

配置SecurityManager

    <!-- 定义Shiro安全管理配置 -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="systemAuthorizingRealm" />
        <property name="sessionManager" ref="sessionManager" />
        <property name="cacheManager" ref="shiroCacheManager" />
    </bean>

配置realm（自定义数据源）

    <!-- 項目自定义的Realm -->
    <bean id="systemAuthorizingRealm" class="com.plife.sys.security.SystemAuthorizingRealm">
        <property name="sysUserService" ref="sysUserServiceImple" />
        <property name="sessionDAO" ref="sessionDAO" />

    </bean>

//sysUserService操作数据库 用户、密码表
//sessionDAO 操作自定义的session

自定义会话管理配置sessionManager

    <!-- 自定义会话管理配置 -->
    <bean id="sessionManager" class="com.plife.base.session.SessionManager">
        <property name="sessionDAO" ref="sessionDAO"/>

        <!-- 会话超时时间，单位：毫秒  -->
        <property name="globalSessionTimeout" value="${session.sessionTimeout}"/>

        <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->
        <property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>
        <!--        <property name="sessionValidationSchedulerEnabled" value="false"/> -->
        <property name="sessionValidationSchedulerEnabled" value="true"/>

        <property name="sessionIdCookie" ref="sessionIdCookie"/>
        <property name="sessionIdCookieEnabled" value="true"/>
    </bean>

配置session实际操作bean：sessionDAO

    <!-- 自定义Session存储容器 -->
    <!--    <bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.JedisSessionDAO"> -->
    <!--        <property name="sessionIdGenerator" ref="idGen" /> -->
    <!--        <property name="sessionKeyPrefix" value="${redis.keyPrefix}_session_" /> -->
    <!--    </bean> -->
    <bean id="sessionDAO" class="com.plife.base.session.CacheSessionDAO">
        <property name="sessionIdGenerator" ref="idGen" />
        <property name="activeSessionsCacheName" value="activeSessionsCache" />
        <property name="cacheManager" ref="shiroCacheManager" />
    </bean>

配置session的缓存shiroCacheManager

    <!-- 自定义系统缓存管理器-->
    <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <property name="cacheManager" ref="cacheManager"/>
    </bean>

    <!-- 缓存配置 -->
    <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
        <property name="configLocation" value="classpath:${ehcache.configFile}" />
    </bean>

配置session id的生成策略

public class IdGen implements IdGenerator, SessionIdGenerator

aop 检测


    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

    <!-- AOP式方法级权限检查  -->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
        <property name="proxyTargetClass" value="true" />
    </bean>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

这里写图片描述

weixin_34066347

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
springmvc+shiro

web.xml配置shiroFilter  <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.spr...
复制链接

扫一扫