基于Spring框架的Shiro配置

一、在web.xml中添加shiro过滤器

Xml代码  

  
  
    shiroFilter  
      
        org.springframework.web.filter.DelegatingFilterProxy  
      
  
  
    shiroFilter  
    /*  
 

二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义

Xml代码  

      
      
          
          
          
          
          
              
                /login = anon  
                /user/** = authc  
                /role/edit/* = perms[role:edit]  
                /role/save = perms[role:edit]  
                /role/list = perms[role:view]  
                /** = authc  
              
          
      

2、添加securityManager定义

Xml代码  

3、添加realm定义

Xml代码  

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法

Java代码 

public class MyRealm extends AuthorizingRealm{  
  
    private AccountManager accountManager;  
    public void setAccountManager(AccountManager accountManager) {  
        this.accountManager = accountManager;  
    }  
  
    /** 
     * 授权信息 
     */  
    protected AuthorizationInfo doGetAuthorizationInfo(  
                PrincipalCollection principals) {  
        String username=(String)principals.fromRealm(getName()).iterator().next();  
        if( username != null ){  
            User user = accountManager.get( username );  
            if( user != null && user.getRoles() != null ){  
                SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();  
                for( SecurityRole each: user.getRoles() ){  
                        info.addRole(each.getName());  
                        info.addStringPermissions(each.getPermissionsAsString());  
                }  
                return info;  
            }  
        }  
        return null;  
    }  
  
    /** 
     * 认证信息 
     */  
    protected AuthenticationInfo doGetAuthenticationInfo(  
                AuthenticationToken authcToken ) throws AuthenticationException {  
        UsernamePasswordToken token = (UsernamePasswordToken) authcToken;  
        String userName = token.getUsername();  
        if( userName != null && !"".equals(userName) ){  
            User user = accountManager.login(token.getUsername(),  
                            String.valueOf(token.getPassword()));  
  
            if( user != null )  
                return new SimpleAuthenticationInfo(  
                            user.getLoginName(),user.getPassword(), getName());  
        }  
        return null;  
    }  
  
}