一、在web.xml中添加shiro过滤器
1
2
3
4
5
6
7
8
9
10
11
|
<!-- Shiro filter--> < filter > < filter-name >shiroFilter</ filter-name > < filter-class > org.springframework.web.filter.DelegatingFilterProxy </ filter-class > </ filter > < filter-mapping > < filter-name >shiroFilter</ filter-name > < url-pattern >/*</ url-pattern > </ filter-mapping > |
二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
<!-- Shiro Filter --> < bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean" > < property name = "securityManager" ref = "securityManager" /> < property name = "loginUrl" value = "/login" /> < property name = "successUrl" value = "/user/list" /> < property name = "unauthorizedUrl" value = "/login" /> < property name = "filterChainDefinitions" > < value > /login = anon /user/** = authc /role/edit/* = perms[role:edit] /role/save = perms[role:edit] /role/list = perms[role:view] /** = authc </ value > </ property > </ bean > |
2、添加securityManager定义
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
</bean>
3、添加realm定义
<bean id=" myRealm" class="com...MyRealm" />
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
public class MyRealm extends AuthorizingRealm{ private AccountManager accountManager; public void setAccountManager(AccountManager accountManager) { this.accountManager = accountManager; } /** * 授权信息 */ protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { String username=(String)principals.fromRealm(getName()).iterator().next(); if( username != null ){ User user = accountManager.get( username ); if( user != null && user.getRoles() != null ){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for( SecurityRole each: user.getRoles() ){ info.addRole(each.getName()); info.addStringPermissions(each.getPermissionsAsString()); } return info; } } return null; } /** * 认证信息 */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken ) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String userName = token.getUsername(); if( userName != null && !"".equals(userName) ){ User user = accountManager.login(token.getUsername(), String.valueOf(token.getPassword())); if( user != null ) return new SimpleAuthenticationInfo( user.getLoginName(),user.getPassword(), getName()); } return null; } } |