基于Spring框架的Shiro配置

阅读更多
一、在web.xml中添加shiro过滤器
  1.   
  2. < filter >   
  3.     < filter-name > shiroFilter filter-name >   
  4.     < filter-class >   
  5.         org.springframework.web.filter.DelegatingFilterProxy  
  6.      filter-class >   
  7. filter >   
  8. < filter-mapping >   
  9.     < filter-name > shiroFilter filter-name >   
  10.     < url-pattern > /* url-pattern >   
  11. filter-mapping >   

二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义
  1.   
  2. < bean   id = "shiroFilter"   class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean" >   
  3.     < property   name = "securityManager"   ref = "securityManager"   />   
  4.     < property   name = "loginUrl"   value = "/login"   />   
  5.     < property   name = "successUrl"   value = "/user/list"   />   
  6.     < property   name = "unauthorizedUrl"   value = "/login"   />   
  7.     < property   name = "filterChainDefinitions" >   
  8.         < value >   
  9.             /login  =  anon   
  10.             /user/** = authc  
  11.             /role/edit/* = perms[role:edit]  
  12.             /role/save  =  perms [role:edit]  
  13.             /role/list  =  perms [role:view]  
  14.             /** = authc  
  15.          value >   
  16.      property >   
  17. bean >   

2、添加securityManager定义
  1. < bean   id = "securityManager"   class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager" >   
  2.     < property   name = "realm"   ref = "myRealm"   />   
  3. bean >   

3、添加realm定义
  1. < bean   id = " myRealm"   class = "com...MyRealm"   />   

三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
  1. public   class  MyRealm  extends  AuthorizingRealm{  
  2.   
  3.     private  AccountManager accountManager;  
  4.     public   void  setAccountManager(AccountManager accountManager) {  
  5.         this .accountManager = accountManager;  
  6.     }  
  7.   
  8.     /**  
  9.      * 授权信息  
  10.      */   
  11.     protected  AuthorizationInfo doGetAuthorizationInfo(  
  12.                 PrincipalCollection principals) {  
  13.         String username=(String)principals.fromRealm(getName()).iterator().next();  
  14.         if ( username !=  null  ){  
  15.             User user = accountManager.get( username );  
  16.             if ( user !=  null  && user.getRoles() !=  null  ){  
  17.                 SimpleAuthorizationInfo info = new  SimpleAuthorizationInfo();  
  18.                 for ( SecurityRole each: user.getRoles() ){  
  19.                         info.addRole(each.getName());  
  20.                         info.addStringPermissions(each.getPermissionsAsString());  
  21.                 }  
  22.                 return  info;  
  23.             }  
  24.         }  
  25.         return   null ;  
  26.     }  
  27.   
  28.     /**  
  29.      * 认证信息  
  30.      */   
  31.     protected  AuthenticationInfo doGetAuthenticationInfo(  
  32.                 AuthenticationToken authcToken ) throws  AuthenticationException {  
  33.         UsernamePasswordToken token = (UsernamePasswordToken) authcToken;  
  34.         String userName = token.getUsername();  
  35.         if ( userName !=  null  && ! "" .equals(userName) ){  
  36.             User user = accountManager.login(token.getUsername(),  
  37.                             String.valueOf(token.getPassword()));  
  38.   
  39.             if ( user !=  null  )  
  40.                 return   new  SimpleAuthenticationInfo(  
  41.                             user.getLoginName(),user.getPassword(), getName());  
  42.         }  
  43.         return   null ;  
  44.     }  
  45.   
参考资料: 让Apache Shiro保护你的应用
(http://kdboy.iteye.com/blog/1103794)

你可能感兴趣的:(基于Spring框架的Shiro配置)