pom.xml
添加shiro依赖
<!--shiro-->
<!--shiro和spring整合-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
<!--shiro核心包-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
web.xml
配置过滤器
<!-- shiro 搭建1 :配置过滤器 DelegatingFilterProxy
配置Shiro的过滤器:拦截需要认证或授权的请求 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
创建applicationContext-shiro.xml
添加配信息
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!--shiro搭建2 2.3 配置shiroFilter 认证或授权逻辑处理对象-->
<!--注入:这里的shiroFilter必须和web.xml的filter-name保持一致-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!--注入SecurityManager-->
<property name="securityManager" ref="securityManager"/>
</bean>
<!--2.1.创建 SecurityManager-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--注入Realm-->
<property name="realm" ref="authRealm"/>
</bean>
<!--2.2.创建Realm AuthRealm.java文件路径-->
<bean id="authRealm" class="com.lgp.web.shiro.AuthRealm"/>
</beans>
创建AuthRealm.java
//不需要再添加@Component 因为在xml中使用bean标签配置了
//AuthorizingRealm 认证(登录账号密码)和 授权(查有什么权限)
public class AuthRealm extends AuthorizingRealm {
private Logger l = LoggerFactory.getLogger(this.getClass());
//spring是通过反射调用无参构造函数
public AuthRealm(){
l.info("AuthRealm 加载成功");
}
//授权(查有什么权限)
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
l.info("AuthRealm doGetAuthorizationInfo 函数成功执行");
return null;
}
//认证(登录账号密码)
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
l.info("AuthRealm doGetAuthenticationInfo 函数成功执行");
return null;
}
}
基本配置完成