apache shiro

 

基于Spring框架的Shiro配置

一、在web.xml中添加shiro过滤器

[html] view plaincopy

1. <!-- Shiro filter-->    
2. <filter>    
3.     <filter-name>shiroFilter</filter-name>    
4.     <filter-class>    
5.         org.springframework.web.filter.DelegatingFilterProxy    
6.     </filter-class>    
7. </filter>
8. <filter-mapping>    
9.     <filter-name>shiroFilter</filter-name>    
10.     <url-pattern>/*</url-pattern>    
11. </filter-mapping>    

二、在Spring的applicationContext.xml中添加shiro配置

1、添加shiroFilter定义

[html] view plaincopy

1. <!-- Shiro Filter -->    
2. <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">    
3.     <property name="securityManager" ref="securityManager" />    
4.     <property name="loginUrl" value="/login" />    
5.     <property name="successUrl" value="/user/list" />    
6.     <property name="unauthorizedUrl" value="/login" />    
7.     <property name="filterChainDefinitions">    
8.         <value>    
9.             /login = anon    
10.             /user/** = authc    
11.             /role/edit/* = perms[role:edit]    
12.             /role/save = perms[role:edit]    
13.             /role/list = perms[role:view]    
14.             /** = authc    
15.         </value>    
16.     </property>    
17. </bean>   

2、添加securityManager定义

[html] view plaincopy

1. <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">    
2.     <property name="realm" ref="myRealm" />    
3. </bean>  

3、添加realm定义

[html] view plaincopy

1. <bean id=" myRealm" class="com...MyRealm" />    

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法

[java] view plaincopy

1. public class MyRealm extends AuthorizingRealm{    
2.     
3.     private AccountManager accountManager;    
4.     public void setAccountManager(AccountManager accountManager) {    
5.         this.accountManager = accountManager;    
6.     }    
7.     
8.     /**  
9.      * 授权信息  
10.      */    
11.     protected AuthorizationInfo doGetAuthorizationInfo(    
12.                 PrincipalCollection principals) {    
13.         String username=(String)principals.fromRealm(getName()).iterator().next();    
14.         if( username != null ){    
15.             User user = accountManager.get( username );    
16.             if( user != null && user.getRoles() != null ){    
17.                 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();    
18.                 for( SecurityRole each: user.getRoles() ){    
19.                         info.addRole(each.getName());    
20.                         info.addStringPermissions(each.getPermissionsAsString());    
21.                 }    
22.                 return info;    
23.             }    
24.         }    
25.         return null;    
26.     }    
27.     
28.     /**  
29.      * 认证信息  
30.      */    
31.     protected AuthenticationInfo doGetAuthenticationInfo(    
32.                 AuthenticationToken authcToken ) throws AuthenticationException {    
33.         UsernamePasswordToken token = (UsernamePasswordToken) authcToken;    
34.         String userName = token.getUsername();    
35.         if( userName != null && !"".equals(userName) ){    
36.             User user = accountManager.login(token.getUsername(),    
37.                             String.valueOf(token.getPassword()));    
38.     
39.             if( user != null )    
40.                 return new SimpleAuthenticationInfo(    
41.                             user.getLoginName(),user.getPassword(), getName());    
42.         }    
43.         return null;    
44.     }    
45.     
46. }