集成 Spring
- pom.xml 添加shiro相关的依赖
我使用的版本是
${version.shiro}—> 1.3.2
<!-- shiro配置 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${version.shiro}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${version.shiro}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-aspectj</artifactId>
<version>${version.shiro}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${version.shiro}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${version.shiro}</version>
</dependency>
-
在 web.xml 中作如下配置:
<!-- 配置 shiro 的 shiroFilter--> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> <!-- 可以配置 targetBeanName 属性,指定 applicationContext-shiro 中的 ShiroFilterFactoryBean id值 --> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> -
在
spring配置文件中添加如下配置一般都是新建一个配置文件,比如博主这里是新建一个
applicationContext-shiro.xml<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <!-- Sample RDBMS data source that would exist in any application - not Shiro related. --> <!--<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">--> <!--<property name="driverClassName" value="org.hsqldb.jdbcDriver"/>--> <!--<property name="url" value="jdbc:hsqldb:mem:shiro-spring"/>--> <!--<property name="username" value="sa"/>--> <!--</bean>--> <!-- ========================================================= 配置 securityManager ,配置三个属性 ========================================================= --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --> <!--<property name="sessionMode" value="native"/>--> <property name="realm" ref="jdbcRealm"/> </bean> <!-- 解决 Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance. 问题出现的原因:好像是cookie名字冲突了 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="sessionIdCookieEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> </bean> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg name="name" value="jeesite.session.id"/> </bean> <!-- ========================================================= 配置 cacaheManager ,内部可以配置自己想用的缓存框架,这里配置成 hibernate 的 ehcache ========================================================= --> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> </bean> <!-- ========================================================= 配置 Realm 这里配置自己实现的 Realm ========================================================= --> <bean id="jdbcRealm" class="cn.hyc.shiro.realm.ShiroRealm"/> <!-- ========================================================= 管理 springIOC 容器中的 shiro bean 生命周期方法 ========================================================= --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- ========================================================= 启用 IOC 容器中 shiro 的注解,但是必须在配置了 lifecycleBeanPostProcessor 以后,该项配置才会生效 ========================================================= --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- ========================================================= 配置 shiroFilter, 细节: 1、这里的 id 的值,必须和在 web.xml 中配置的 DelegatingFilterProxy 的过滤器的名字一样 2、如果 web.xml DelegatingFilterProxy 指定了targetBeanName属性,则跟属性值一样 ========================================================= --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <!--下面三个属性依次为,登陆页面(入口),登陆成功页面、没有权限页面--> <property name="loginUrl" value="/login.jsp"/> <property name="successUrl" value="/index.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> <!-- 配置哪些页面需要受保护,以及访问这些页面需要的权限 1、anon 可以匿名访问,即不用登陆也能访问 2、authc 需要认证(登陆)才能访问,如果没有登陆访问这些页面,shiro 会自动的重定向到入口文件; 3、logout 退出 其中URL,页面需要写出后缀名,访问控制器不需要写出具体的后缀名 --> <property name="filterChainDefinitions"> <value> /login.jsp = anon /index.jsp = authc / = authc /** = authc /logout = logout </value> </property> </bean> </beans>
集成中的坑
-
每次启动项目,
ehcache都去访问官网,检验是否更新,在<ehcache>里面添加如下配置即可;<ehcache name="ehcache" updateCheck="false"> -
启动报错
org.apache.shiro.session.UnknownSessionException: There is no session with id这是cookie 名字冲突导致的;做如下更改:
<!-- ========================================================= 配置 securityManager ,配置三个属性 ========================================================= --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <!-- 一定一定要注释掉这个属性,否则添加下面的 cookie 名字配置,也无效 --> <!--<property name="sessionMode" value="native"/>--> <property name="realm" ref="jdbcRealm"/> </bean>自定义
cookie的名字:<!-- 解决 Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance. 问题出现的原因:好像是cookie名字冲突了 --> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <property name="sessionIdCookieEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> </bean> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg name="name" value="jeesite.session.id"/> </bean>
shiroFilter 的工作原理
shiroFilter 是一个拦截器,浏览器的任何访问都会被拦截到;
其中 loginUrl 是入口,在配置文件中进行配置;
权限配置细节
在上面配置 shiroFilter 的时候,使用了如下配置:
注意写出后缀名:
<property name="filterChainDefinitions">
<value>
/logout.action = logout
/index.jsp = anon
/shiro/isAllowLogin.action = anon
/ = authc
/** = authc
</value>
</property>
其具体规则如下:
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
