基于Spring框架的Shiro配置方法

时间:2021-05-19

一、在web.xml中添加shiro过滤器

<!-- Shiro filter--><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>

二、在Spring的applicationContext.xml中添加shiro配置

1、添加shiroFilter定义

<!-- Shiro Filter --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <property name="successUrl" value="/user/list" /> <property name="unauthorizedUrl" value="/login" /> <property name="filterChainDefinitions"> <value> /login = anon /user/** = authc /role/edit/* = perms[role:edit] /role/save = perms[role:edit] /role/list = perms[role:view] /** = authc </value> </property></bean>

2、添加securityManager定义

复制代码 代码如下:
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
</bean>

3、添加realm定义

复制代码 代码如下:
<bean id=" myRealm" class="com...MyRealm" />

三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法

public class MyRealm extends AuthorizingRealm{ private AccountManager accountManager; public void setAccountManager(AccountManager accountManager) { this.accountManager = accountManager; } /** * 授权信息 */ protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { String username=(String)principals.fromRealm(getName()).iterator().next(); if( username != null ){ User user = accountManager.get( username ); if( user != null && user.getRoles() != null ){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for( SecurityRole each: user.getRoles() ){ info.addRole(each.getName()); info.addStringPermissions(each.getPermissionsAsString()); } return info; } } return null; } /** * 认证信息 */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken ) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String userName = token.getUsername(); if( userName != null && !"".equals(userName) ){ User user = accountManager.login(token.getUsername(), String.valueOf(token.getPassword())); if( user != null ) return new SimpleAuthenticationInfo( user.getLoginName(),user.getPassword(), getName()); } return null; }}

参考资料:让Apache Shiro保护你的应用

声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。

相关文章