shiro拦截器的两种配置，以及shiro拦截器不拦截的问题

先讲一下shiro拦截器不拦截的问题

原因：shiro拦截器是基于session（会话）拦截的，如果成功登陆服务器，且不关闭浏览器的窗口，就会一直默认为登陆状态。
所以给人一种没拦截的假象

shiro拦截器配置，一种是通过xml文件配置，一种是通过实现类来配置
实现类的配置麻烦一点：
可以参考https://blog.csdn.net/ybt_c_index/article/details/78707531
说的很详细

xml配置如下

<?xml version="1.0" encoding="UTF-8"?>

<!-- 配置緩存管理器 -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <!-- 指定 ehcache 的配置文件，下面会给到 -->
    <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/>
</bean>

<!-- 配置进行授权和认证的 Realm，要新增一个java类来实现，下面会有，class=包名.类名，init-methood是初始化的方法 -->
<!-- <bean id="animationRealm" class="com.javen.shiro.AnimationRealm" init-method="setCredentialMatcher"></bean> -->
 <bean id="animationRealm" class="com.javen.shiro.AnimationRealm">
 </bean>
<!-- 配置 Shiro 的 SecurityManager Bean. -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="cacheManager" ref="cacheManager"/>
    <property name="realm" ref="animationRealm"/>
</bean>

<!-- 配置 Bean 后置处理器: 会自动的调用和 Spring 整合后各个组件的生命周期方法. -->
<bean id="lifecycleBeanPostProcessor"  class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
    
    
 <!-- 配置 ShiroFilter bean: 该 bean 的 id 必须和 web.xml 文件中配置的 shiro filter 的 name 一致  -->
 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  <!-- 装配 securityManager -->
  <property name="securityManager" ref="securityManager"/>
   <!-- 配置登陆页面 -->
   <property name="loginUrl" value="/login.jsp"/>
   <!-- 登陆成功后的一面 --> 
   <property name="successUrl" value="/index.jsp"/>
   <!--没有权限的页面  -->
   <property name="unauthorizedUrl" value="/unauthorized.jsp"/> 
    <!-- 具体配置需要拦截哪些 URL, 以及访问对应的 URL 时使用 Shiro 的什么 Filter 进行拦截.  -->
    <property name="filterChainDefinitions">
        <value>
            <!-- 配置登出: 使用 logout 过滤器 -->
            /shiro-logout = logout
            /css/**= anon
            /img/**= anon
            /js/**= anon
            /register.jsp=anon
            /register.action=anon
            /login.action=anon
            /findPassword.jsp=anon
            /update.action=anon
            /** = authc
        </value>
    </property>
</bean>

用到的ehcache-shiro.xml如下

<!-- Sets the path to the directory where cache .data files are created.

If the path is a Java System Property it is replaced by
its value in the running VM.

The following properties are translated:
user.home - User’s home directory
user.dir - User’s current working directory
java.io.tmpdir - Default temp file path -->

<!--Default Cache configuration. These will applied to caches programmatically created through
the CacheManager.

The following attributes are required:

maxElementsInMemory            - Sets the maximum number of objects that will be created in memory
eternal                        - Sets whether elements are eternal. If eternal,  timeouts are ignored and the
                                 element is never expired.
overflowToDisk                 - Sets whether elements can overflow to disk when the in-memory cache
                                 has reached the maxInMemory limit.

The following attributes are optional:
timeToIdleSeconds              - Sets the time to idle for an element before it expires.
                                 i.e. The maximum amount of time between accesses before an element expires
                                 Is only used if the element is not eternal.
                                 Optional attribute. A value of 0 means that an Element can idle for infinity.
                                 The default value is 0.
timeToLiveSeconds              - Sets the time to live for an element before it expires.
                                 i.e. The maximum time between creation time and when an element expires.
                                 Is only used if the element is not eternal.
                                 Optional attribute. A value of 0 means that and Element can live for infinity.
                                 The default value is 0.
diskPersistent                 - Whether the disk store persists between restarts of the Virtual Machine.
                                 The default value is false.
diskExpiryThreadIntervalSeconds- The number of seconds between runs of the disk expiry thread. The default value
                                 is 120 seconds.
memoryStoreEvictionPolicy      - Policy would be enforced upon reaching the maxElementsInMemory limit. Default
                                 policy is Least Recently Used (specified as LRU). Other policies available -
                                 First In First Out (specified as FIFO) and Less Frequently Used
                                 (specified as LFU)
-->

<defaultCache
        maxElementsInMemory="10000"
        eternal="false"
        timeToIdleSeconds="120"
        timeToLiveSeconds="120"
        overflowToDisk="false"
        diskPersistent="false"
        diskExpiryThreadIntervalSeconds="120"
        />

<!-- We want eternal="true" (with no timeToIdle or timeToLive settings) because Shiro manages session

expirations explicitly. If we set it to false and then set corresponding timeToIdle and timeToLive properties,
ehcache would evict sessions without Shiro’s knowledge, which would cause many problems
(e.g. “My Shiro session timeout is 30 minutes - why isn’t a session available after 2 minutes?”
Answer - ehcache expired it due to the timeToIdle property set to 120 seconds.)

diskPersistent=true since we want an enterprise session management feature - ability to use sessions after
even after a JVM restart. -->

<cache name="org.apache.shiro.realm.SimpleAccountRealm.authorization"
       maxElementsInMemory="100"
       eternal="false"
       timeToLiveSeconds="600"
       overflowToDisk="false"/>

另外在你的applicationContext.xml中引入shiro的配置文件

完毕