shiro配置
- 先配置过滤器 shiroFilter,因为是filter无特殊配置所有请求都要走这个
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="${adminPath}/login" /> <property name="successUrl" value="${adminPath}?login" /> <property name="filters"> <map> <entry key="authc" value-ref="formAuthenticationFilter"/> </map> </property> <property name="filterChainDefinitions"> <ref bean="shiroFilterChainDefinitions"/> </property> </bean> ```
1.1 securityManager:
这个filter包括 securityManager,这个主要是负责登录认证的
定义Shiro安全管理配置 ,systemAuthorizingRealm shiro提供的认证策略,也可以自定义realm
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="systemAuthorizingRealm" />
<property name="sessionManager" ref="sessionManager" />
<property name="cacheManager" ref="shiroCacheManager" />
</bean>
1.1.2 sessionManager:
// 自定义会话管理配置 , 这个是处理shiro缓存存放的配置,类似mybatise的作用
<bean id="sessionManager" class="com.coffer.core.common.security.shiro.session.SessionManager">
<property name="sessionDAO" ref="sessionDAO"/>
会话超时时间,单位:毫秒
<property name="globalSessionTimeout" value="${session.sessionTimeout}"/>
定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话
<property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>
<property name="sessionValidationSchedulerEnabled" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
<property name="sessionIdCookieEnabled" value="true"/>
</bean>
1.1.3 cacheManager:这个是配置缓存存放位置的,这里是配置的 redise存放缓存,也可以用shiro的缓存
<bean id="shiroCacheManager" class="org.crazycake.shiro.RedisCacheManager">
<property name="redisManager" ref="redisManager"/>
<property name="keyPrefix" value="${redis.keyPrefix}:cache:" />
</bean>
1.2 配置登录的url
<property name="loginUrl" value="${adminPath}/login" />
1.3 配置登录 成功跳转的url
<property name="successUrl" value="${adminPath}?login" />
1.4 配置权限的验证,登录角色的权限显示等
<map>
<entry key="authc" value-ref="formAuthenticationFilter"/>
</map>
这里可以有多个,当页面配置
1.5 配置页面过滤,那些页面走shiro过滤那些页面需要放行
<property name="filterChainDefinitions">
<value>
/ = anon
/public/** = anon
/*.jsp = anon
/geo/** = anon
/home.do = cache
/*.do = anon
/demo/** = anon
/user/checkUserName.do = anon
/** = cache
</value>
</property>
或者
<bean name="shiroFilterChainDefinitions" class="java.lang.String">
<constructor-arg>
<value>
${adminPath}/importantBlank/ibAllocateInfo/getBox/** = anon
/static/** = anon
/hardwareService/** = anon
/restfulService = anon
${adminPath}/ipadAjax/** = anon
${adminPath}/wechatAccount/** = anon
${adminPath}/areaCashAjax/** = anon
${adminPath}/autoLogin = anon
${adminPath}/login = authc
${adminPath}/logout = logout
${adminPath}/report/v01/graph/** = anon
${adminPath}/** = user
${adminPath}/importantBlank/ibAllocateInfo/getBox/** = anon
</value>
</constructor-arg>
</bean>