基于Spring框架的Shiro配置方法

2019-12-02 14:38mdxy-dxy JAVA教程

这篇文章主要介绍了基于Spring框架的Shiro配置方法,需要的朋友可以参考下

一、在web.xml中添加shiro过滤器

				?

									<!-- Shiro filter-->

									<filter>

									<filter-name>shiroFilter</filter-name>

									<filter-class>

									org.springframework.web.filter.DelegatingFilterProxy

									</filter-class>

									</filter>

									<filter-mapping>

									<filter-name>shiroFilter</filter-name>

									<url-pattern>/*</url-pattern>

									</filter-mapping>

二、在Spring的applicationContext.xml中添加shiro配置

1、添加shiroFilter定义

				?

									<!-- Shiro Filter -->

									<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

									 <property name="securityManager" ref="securityManager" />

									 <property name="loginUrl" value="/login" />

									 <property name="successUrl" value="/user/list" />

									 <property name="unauthorizedUrl" value="/login" />

									 <property name="filterChainDefinitions">

									 <value>

									 /login = anon

									 /user/** = authc

									 /role/edit/* = perms[role:edit]

									 /role/save = perms[role:edit]

									 /role/list = perms[role:view]

									 /** = authc

									 </value>

									 </property>

									</bean>

2、添加securityManager定义

复制代码代码如下:

	
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

	 <property name="realm" ref="myRealm" />

	</bean>

3、添加realm定义

复制代码代码如下:

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法

				?

									public class MyRealm extends AuthorizingRealm{

									 private AccountManager accountManager;

									 public void setAccountManager(AccountManager accountManager) {

									 this.accountManager = accountManager;

									 }

									 /**

									 * 授权信息

									 */

									 protected AuthorizationInfo doGetAuthorizationInfo(

									 PrincipalCollection principals) {

									 String username=(String)principals.fromRealm(getName()).iterator().next();

									 if( username != null ){

									 User user = accountManager.get( username );

									 if( user != null && user.getRoles() != null ){

									 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

									 for( SecurityRole each: user.getRoles() ){

									  info.addRole(each.getName());

									  info.addStringPermissions(each.getPermissionsAsString());

									 }

									 return info;

									 }

									 }

									 return null;

									 }

									 /**

									 * 认证信息

									 */

									 protected AuthenticationInfo doGetAuthenticationInfo(

									 AuthenticationToken authcToken ) throws AuthenticationException {

									 UsernamePasswordToken token = (UsernamePasswordToken) authcToken;

									 String userName = token.getUsername();

									 if( userName != null && !"".equals(userName) ){

									 User user = accountManager.login(token.getUsername(),

									  String.valueOf(token.getPassword()));

									 if( user != null )

									 return new SimpleAuthenticationInfo(

									  user.getLoginName(),user.getPassword(), getName());

									 }

									 return null;

									 }

									}