Shiro spring MVC 配置
配置securityManager
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--设置自定义realm --> <property name="realm" ref="mysqlRealm" />
</bean>
<!--自定义Realm 继承自AuthorizingRealm -->
<bean id="mysqlRealm" class="cn.com.Nsquare.chatweb.shiro.MyRealm"></bean>
<!-- securityManager -->
<bean
配置ShiroFilterFactoryBean
1 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 2 <property name="securityManager" ref="securityManager" /> 3 <!-- 没有登录的用户请求需要登录的页面时自动跳转到登录页面,不是必须的属性,不输入地址的话会自动寻找项目web项目的根目录下的”/login.jsp”页面。 --> 4 <property name="loginUrl" value="/login" /> 5 <!-- 登录成功默认跳转页面,不配置则跳转至”/”。如果登陆前点击的一个需要登录的页面,则在登录自动跳转到那个需要登录的页面。不跳转到此。 --> 6 <property name="successUrl" value="/success.jsp" /> 7 <!-- 没有权限默认跳转的页面。 --> 8 <property name="unauthorizedUrl" value="/noperms.jsp" /> 9 <!-- Shiro连接约束配置,即过滤链的定义 --> 10 <!-- 下面value值的第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的 --> 11 <!-- anon:它对应的过滤器里面是空的,什么都没做,这里.do和.jsp后面的*表示参数,比方说login.jsp?main这种 --> 12 <!-- authc:该过滤器下的页面必须验证后才能访问,它是Shiro内置的一个拦截器org.apache.shiro.web.filter.authc.FormAuthenticationFilter --> 13 <property name="filterChainDefinitions"> 14 <value> 15 16 /login* = anon 17 18 /resources/**= anon 19 /app/**= anon 20 /test/**= anon 21 /** = authc 22 </value> 23 </property> 24 </bean>
配置其它
1 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> 2 <bean 3 class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> 4 <property name="staticMethod" 5 value="org.apache.shiro.SecurityUtils.setSecurityManager" /> 6 <property name="arguments" ref="securityManager" /> 7 </bean> 8 <bean 9 class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" 10 depends-on="lifecycleBeanPostProcessor" /> 11 <bean 12 class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> 13 <property name="securityManager" ref="securityManager" /> 14 15 </bean>
Ream
1 package cn.com.Nsquare.chatweb.shiro; 2 3 import javax.annotation.Resource; 4 5 import org.apache.shiro.SecurityUtils; 6 import org.apache.shiro.authc.AuthenticationException; 7 import org.apache.shiro.authc.AuthenticationInfo; 8 import org.apache.shiro.authc.AuthenticationToken; 9 import org.apache.shiro.authc.SimpleAuthenticationInfo; 10 import org.apache.shiro.authc.UsernamePasswordToken; 11 import org.apache.shiro.authz.AuthorizationInfo; 12 import org.apache.shiro.authz.SimpleAuthorizationInfo; 13 import org.apache.shiro.realm.AuthorizingRealm; 14 import org.apache.shiro.subject.PrincipalCollection; 15 import org.apache.shiro.subject.Subject; 16 17 import cn.com.Nsquare.chatweb.model.UserPo; 18 import cn.com.Nsquare.chatweb.service.UserService; 19 20 public class MyRealm extends AuthorizingRealm { 21 22 @Resource 23 private UserService userService; 24 25 /** 26 * 为当限前登录的用户授予角色和权 27 */ 28 @Override 29 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { 30 String userName=(String)principals.getPrimaryPrincipal(); 31 SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo(); 32 authorizationInfo.setRoles(userService.getRoles(userName)); 33 authorizationInfo.setStringPermissions(userService.getPermissions(userName)); 34 return authorizationInfo; 35 } 36 37 /** 38 * 验证当前登录的用户 39 */ 40 @Override 41 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { 42 UsernamePasswordToken authcToken = (UsernamePasswordToken)token; 43 UserPo user=userService.getByUserName(authcToken.getUsername()); 44 if(null!=user){ 45 AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getAccount(),user.getPassword(),"MyRealm"); 46 47 return authcInfo; 48 }else{ 49 return null; 50 } 51 } 52 53 }
web.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> 3 <!-- 指定Spring的配置文件 --> 4 <!-- 否则Spring会默认从WEB-INF下寻找配置文件,contextConfigLocation属性是Spring内部固定的 --> 5 <!-- 通过ContextLoaderListener的父类ContextLoader的第120行发现CONFIG_LOCATION_PARAM固定为contextConfigLocation --> 6 <context-param> 7 <param-name>contextConfigLocation</param-name> 8 <param-value>classpath:spring-application.xml,classpath:spring-shiro.xml</param-value> 9 </context-param> 10 <!-- 实例化Spring容器 --> 11 <!-- 应用启动时,该监听器被执行,它会读取Spring相关配置文件,其默认会到WEB-INF中查找applicationContext.xml --> 12 <listener> 13 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 14 </listener> 15 <!-- 解决乱码问题 --> 16 <filter> 17 <filter-name>Set Character Encoding</filter-name> 18 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 19 <init-param> 20 <param-name>encoding</param-name> 21 <param-value>UTF-8</param-value> 22 </init-param> 23 </filter> 24 <filter-mapping> 25 <filter-name>Set Character Encoding</filter-name> 26 <url-pattern>/*</url-pattern> 27 </filter-mapping> 28 <!-- 配置Shiro过滤器,先让Shiro过滤系统接收到的请求 --> 29 <!-- 这里filter-name必须对应applicationContext.xml中定义的<bean id="shiroFilter"/> --> 30 <!-- 使用[/*]匹配所有请求,保证所有的可控请求都经过Shiro的过滤 --> 31 <!-- 通常会将此filter-mapping放置到最前面(即其他filter-mapping前面),以保证它是过滤器链中第一个起作用的 --> 32 <filter> 33 <filter-name>shiroFilter</filter-name> 34 <filter-class> 35 org.springframework.web.filter.DelegatingFilterProxy 36 </filter-class> 37 <init-param> 38 <!-- 该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 --> 39 <param-name>targetFilterLifecycle</param-name> 40 <param-value>true</param-value> 41 </init-param> 42 </filter> 43 <filter-mapping> 44 <filter-name>shiroFilter</filter-name> 45 <url-pattern>/*</url-pattern> 46 </filter-mapping> 47 <filter> 48 <filter-name>HiddenHttpMethodFilter</filter-name> 49 <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class> 50 </filter> 51 <filter-mapping> 52 <filter-name>HiddenHttpMethodFilter</filter-name> 53 <servlet-name>springMVC</servlet-name> 54 </filter-mapping> 55 <filter> 56 <filter-name>HttpMethodFilter</filter-name> 57 <filter-class>org.springframework.web.filter.HttpPutFormContentFilter</filter-class> 58 </filter> 59 60 <filter-mapping> 61 <filter-name>HttpMethodFilter</filter-name> 62 <servlet-name>springMVC</servlet-name> 63 </filter-mapping> 64 <!-- SpringMVC核心分发器 --> 65 <servlet> 66 <servlet-name>springMVC</servlet-name> 67 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 68 <init-param> 69 <param-name>contextConfigLocation</param-name> 70 <param-value>classpath:spring-mvc.xml</param-value> 71 </init-param> 72 <load-on-startup>1</load-on-startup> 73 </servlet> 74 <servlet-mapping> 75 <servlet-name>springMVC</servlet-name> 76 <url-pattern>/</url-pattern> 77 </servlet-mapping> 78 <error-page> 79 <error-code>404</error-code> 80 <location>/404.jsp</location> 81 </error-page> 82 </web-app>