使用shiro时不只用到一种认证策略,这就需要配置多个realms。
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="authenticator" ref="authenticator" />
<property name="realms" >
<list>
<bean id="Realm1" class="com.Realm1" />
<bean id="Realm2" class="com.Realm2" />
</list>
</property>
<property name="sessionManager" ref="sessionManager"></property>
</bean>
<!-- 认证策略 -->
<bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
<property name="authenticationStrategy">
<bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy" />
</property>
</bean>