Shiro spring MVC 配置

配置securityManager

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!--设置自定义realm -->
        <property name="realm" ref="mysqlRealm" />
</bean>

<bean id="mysqlRealm" class="cn.com.Nsquare.chatweb.shiro.MyRealm"></bean>

<bean

配置ShiroFilterFactoryBean

 1 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
 2         <property name="securityManager" ref="securityManager" />
 3         <!-- 没有登录的用户请求需要登录的页面时自动跳转到登录页面，不是必须的属性，不输入地址的话会自动寻找项目web项目的根目录下的”/login.jsp”页面。 -->
 4         <property name="loginUrl" value="/login" />
 5         <!-- 登录成功默认跳转页面，不配置则跳转至”/”。如果登陆前点击的一个需要登录的页面，则在登录自动跳转到那个需要登录的页面。不跳转到此。 -->
 6         <property name="successUrl" value="/success.jsp" />
 7         <!-- 没有权限默认跳转的页面。 -->
 8         <property name="unauthorizedUrl" value="/noperms.jsp" />
 9          <!-- Shiro连接约束配置,即过滤链的定义 -->  
10         <!-- 下面value值的第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的 -->  
11         <!-- anon：它对应的过滤器里面是空的,什么都没做,这里.do和.jsp后面的*表示参数,比方说login.jsp?main这种 -->  
12         <!-- authc：该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter -->
13         <property name="filterChainDefinitions">
14             <value>
15                 
16                 /login* = anon
17                 
18                 /resources/**= anon
19                 /app/**= anon
20                 /test/**= anon
21                 /** = authc
22             </value>
23         </property>
24     </bean>

配置其它

 1 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
 2 <bean
 3         class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
 4         <property name="staticMethod"
 5             value="org.apache.shiro.SecurityUtils.setSecurityManager" />
 6         <property name="arguments" ref="securityManager" />
 7     </bean>
 8 <bean
 9         class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
10         depends-on="lifecycleBeanPostProcessor" />
11     <bean
12         class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
13         <property name="securityManager" ref="securityManager" />
14 
15     </bean>

Ream

 1 package cn.com.Nsquare.chatweb.shiro;
 2 
 3 import javax.annotation.Resource;
 4 
 5 import org.apache.shiro.SecurityUtils;
 6 import org.apache.shiro.authc.AuthenticationException;
 7 import org.apache.shiro.authc.AuthenticationInfo;
 8 import org.apache.shiro.authc.AuthenticationToken;
 9 import org.apache.shiro.authc.SimpleAuthenticationInfo;
10 import org.apache.shiro.authc.UsernamePasswordToken;
11 import org.apache.shiro.authz.AuthorizationInfo;
12 import org.apache.shiro.authz.SimpleAuthorizationInfo;
13 import org.apache.shiro.realm.AuthorizingRealm;
14 import org.apache.shiro.subject.PrincipalCollection;
15 import org.apache.shiro.subject.Subject;
16 
17 import cn.com.Nsquare.chatweb.model.UserPo;
18 import cn.com.Nsquare.chatweb.service.UserService;
19 
20 public class MyRealm extends AuthorizingRealm {
21 
22     @Resource
23     private UserService userService;
24     
25     /**
26      * 为当限前登录的用户授予角色和权
27      */
28     @Override
29     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
30         String userName=(String)principals.getPrimaryPrincipal();
31         SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
32         authorizationInfo.setRoles(userService.getRoles(userName));
33         authorizationInfo.setStringPermissions(userService.getPermissions(userName));
34         return authorizationInfo;
35     }
36 
37     /**
38      * 验证当前登录的用户
39      */
40     @Override
41     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
42             UsernamePasswordToken authcToken = (UsernamePasswordToken)token;  
43             UserPo user=userService.getByUserName(authcToken.getUsername());
44             if(null!=user){
45                 AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getAccount(),user.getPassword(),"MyRealm");
46                
47                 return authcInfo;
48             }else{
49                 return null;                
50             }
51     }
52 
53 }

web.xml

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
 3        <!-- 指定Spring的配置文件 -->  
 4     <!-- 否则Spring会默认从WEB-INF下寻找配置文件,contextConfigLocation属性是Spring内部固定的 -->  
 5     <!-- 通过ContextLoaderListener的父类ContextLoader的第120行发现CONFIG_LOCATION_PARAM固定为contextConfigLocation -->  
 6   <context-param>
 7     <param-name>contextConfigLocation</param-name>
 8     <param-value>classpath:spring-application.xml,classpath:spring-shiro.xml</param-value>
 9   </context-param>
10   <!-- 实例化Spring容器 -->  
11   <!-- 应用启动时,该监听器被执行,它会读取Spring相关配置文件,其默认会到WEB-INF中查找applicationContext.xml -->  
12   <listener>
13     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
14   </listener>
15   <!-- 解决乱码问题 -->  
16   <filter>
17     <filter-name>Set Character Encoding</filter-name>
18     <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
19     <init-param>
20       <param-name>encoding</param-name>
21       <param-value>UTF-8</param-value>
22     </init-param>
23   </filter>
24   <filter-mapping>
25     <filter-name>Set Character Encoding</filter-name>
26     <url-pattern>/*</url-pattern>
27   </filter-mapping>
28    <!-- 配置Shiro过滤器,先让Shiro过滤系统接收到的请求 -->  
29     <!-- 这里filter-name必须对应applicationContext.xml中定义的<bean id="shiroFilter"/> -->  
30     <!-- 使用[/*]匹配所有请求,保证所有的可控请求都经过Shiro的过滤 -->  
31     <!-- 通常会将此filter-mapping放置到最前面(即其他filter-mapping前面),以保证它是过滤器链中第一个起作用的 -->  
32   <filter>
33     <filter-name>shiroFilter</filter-name>
34     <filter-class>
35             org.springframework.web.filter.DelegatingFilterProxy
36         </filter-class>
37     <init-param>
38     <!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -->  
39       <param-name>targetFilterLifecycle</param-name>
40       <param-value>true</param-value>
41     </init-param>
42   </filter>
43   <filter-mapping>
44     <filter-name>shiroFilter</filter-name>
45     <url-pattern>/*</url-pattern>
46   </filter-mapping>
47   <filter>
48     <filter-name>HiddenHttpMethodFilter</filter-name>
49     <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
50   </filter>
51   <filter-mapping>
52     <filter-name>HiddenHttpMethodFilter</filter-name>
53     <servlet-name>springMVC</servlet-name>
54   </filter-mapping>
55     <filter>
56        <filter-name>HttpMethodFilter</filter-name>
57        <filter-class>org.springframework.web.filter.HttpPutFormContentFilter</filter-class>
58    </filter>
59  
60    <filter-mapping>
61        <filter-name>HttpMethodFilter</filter-name>
62        <servlet-name>springMVC</servlet-name>
63    </filter-mapping>
64   <!-- SpringMVC核心分发器 -->
65   <servlet>
66     <servlet-name>springMVC</servlet-name>
67     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
68     <init-param>
69       <param-name>contextConfigLocation</param-name>
70       <param-value>classpath:spring-mvc.xml</param-value>
71     </init-param>
72     <load-on-startup>1</load-on-startup>
73   </servlet>
74   <servlet-mapping>
75     <servlet-name>springMVC</servlet-name>
76     <url-pattern>/</url-pattern>
77   </servlet-mapping>
78   <error-page>  
79     <error-code>404</error-code>  
80     <location>/404.jsp</location>  
81 </error-page> 
82 </web-app>

posted on 2018-03-22 12:46 想飞一号阅读(238) 评论(0) 编辑收藏举报