spring 集成shiro 之 自定义过滤器

 

在web.xml中加入

<!-- 过期时间配置 -->    
<session-config>
<session-timeout>3</session-timeout>
</session-config> 

 <!--指定文件加载路径 -->  
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
                classpath:spring/*.xml
            </param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    
     <!-- Shiro配置 -->    
  <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

 

在项目 pom.xml中引入需要的依赖包

<!-- Spring 整合Shiro需要的依赖 -->
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-ehcache</artifactId>
            <version>1.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
            <version>1.2.1</version>
        </dependency>

 

 

新建文件 shiro-spring.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd   
    http://www.springframework.org/schema/util 
    http://www.springframework.org/schema/util/spring-util-3.0.xsd">
    <description>Shiro 配置</description>
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/login.jsp" />
        <property name="successUrl" value="/login.jsp" />
        <property name="unauthorizedUrl" value="/error/noperms.jsp" />
        <property name="filterChainDefinitions">
            <value>
                /login.jsp* = anon
                /login.do* = anon
                /index.jsp*= anon
                /error/noperms.jsp*= anon
                /*.jsp* = authc
                /*.do* = authc
            </value>
        </property>
    </bean>

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!--设置自定义realm -->
<!--         <property name="realm" ref="monitorRealm" /> -->
    </bean>

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

    <!--自定义Realm 继承自AuthorizingRealm -->
<!--     <bean id="monitorRealm" class="com.shiro.service.MonitorRealm"></bean> -->
    <!-- securityManager -->
    <bean
        class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod"
            value="org.apache.shiro.SecurityUtils.setSecurityManager" />
        <property name="arguments" ref="securityManager" />
    </bean>

    <!-- Enable Shiro Annotations for Spring-configured beans. Only run after -->
    <!-- the lifecycleBeanProcessor has run: -->
    <bean
        class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
        depends-on="lifecycleBeanPostProcessor" />
    <bean
        class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />

    </bean>

</beans>

 获取保存的session 信息

Subject subject = SecurityUtils.getSubject();
         Object staffInfo = subject.getSession().getAttribute("user");

 

posted @ 2016-06-10 15:23  ice.ko  阅读(4354)  评论(0编辑  收藏  举报