一、在web.xml中添加shiro过滤器
shiroFilter
org.springframework.web.filter.DelegatingFilterProxy
shiroFilter
/*
二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义
/login = anon
/user/** = authc
/role/edit/* = perms[role:edit]
/role/save = perms[role:edit]
/role/list = perms[role:view]
/** = authc
2、添加securityManager定义
3、添加realm定义
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
public class MyRealm extends AuthorizingRealm{
private AccountManager accountManager;
public void setAccountManager(AccountManager accountManager) {
this.accountManager = accountManager;
}
/**
* 授权信息
*/
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
String username=(String)principals.fromRealm(getName()).iterator().next();
if( username != null ){
User user = accountManager.get( username );
if( user != null && user.getRoles() != null ){
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for( SecurityRole each: user.getRoles() ){
info.addRole(each.getName());
info.addStringPermissions(each.getPermissionsAsString());
}
return info;
}
}
return null;
}
/**
* 认证信息
*/
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken ) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String userName = token.getUsername();
if( userName != null && !"".equals(userName) ){
User user = accountManager.login(token.getUsername(),
String.valueOf(token.getPassword()));
if( user != null )
return new SimpleAuthenticationInfo(
user.getLoginName(),user.getPassword(), getName());
}
return null;
}
}