基于Spring框架的Shiro配置

转载

Bensantan 2023-04-02 11:31:17

文章标签 ci xml spring 文章分类 JavaScript 前端开发

一、在web.xml中添加shiro过滤器

1. <!-- Shiro filter-->
2. <filter>
3. <filter-name>shiroFilter</filter-name>
4. <filter-class>
5.         org.springframework.web.filter.DelegatingFilterProxy  
6. </filter-class>
7. </filter>
8. <filter-mapping>
9. <filter-name>shiroFilter</filter-name>
10. <url-pattern>/*</url-pattern>
11. </filter-mapping>

二、在Spring的applicationContext.xml中添加shiro配置

1、添加shiroFilter定义

1. <!-- Shiro Filter -->
2. <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
3. <property name="securityManager" ref="securityManager" />
4. <property name="loginUrl" value="/login" />
5. <property name="successUrl" value="/user/list" />
6. <property name="unauthorizedUrl" value="/login" />
7. <property name="filterChainDefinitions">
8. <value>
9. login = anon
10.             /user/** = authc  
11.             /role/edit/* = perms[role:edit]  
12. save = perms[role:edit]  
13. list = perms[role:view]  
14.             /** = authc  
15. </value>
16. </property>
17. </bean>

2、添加securityManager定义

1. <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
2. <property name="realm" ref="myRealm" />
3. </bean>

3、添加realm定义

1. <bean id=" myRealm" class="com...MyRealm" />

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法

1. public class MyRealm extends
2.   
3. private
4. public void
5. this.accountManager = accountManager;  
6.     }  
7.   
8. /**
9.      * 授权信息
10.      */
11. protected
12.                 PrincipalCollection principals) {  
13.         String username=(String)principals.fromRealm(getName()).iterator().next();  
14. if( username != null
15.             User user = accountManager.get( username );  
16. if( user != null && user.getRoles() != null
17. new
18. for( SecurityRole each: user.getRoles() ){  
19.                         info.addRole(each.getName());  
20.                         info.addStringPermissions(each.getPermissionsAsString());  
21.                 }  
22. return
23.             }  
24.         }  
25. return null;  
26.     }  
27.   
28. /**
29.      * 认证信息
30.      */
31. protected
32. throws
33.         UsernamePasswordToken token = (UsernamePasswordToken) authcToken;  
34.         String userName = token.getUsername();  
35. if( userName != null && !"".equals(userName) ){  
36.             User user = accountManager.login(token.getUsername(),  
37.                             String.valueOf(token.getPassword()));  
38.   
39. if( user != null
40. return new
41.                             user.getLoginName(),user.getPassword(), getName());  
42.         }  
43. return null;  
44.     }  
45.   
46. }