Shiro教程（五）Shiro整体的配置文件

最新推荐文章于 2023-04-14 08:45:44 发布

纯粹无忧

最新推荐文章于 2023-04-14 08:45:44 发布

阅读量515

点赞数

本文详细介绍了Shiro权限管理系统在项目中的具体配置方法，包括会话管理、记住我功能、缓存管理和自定义过滤器等内容。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

因为 Shrio 和整体项目结合的话，细节问题还是比较多。我要侧重讲一些地方。下面我先把我整个项目的 Shiro 配置文件先贴出来，如果你需要哪个类的实现方式，你可以针对性的查找，或者问我。

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<description>== Shiro Components ==</description>

<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>

<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">

<constructor-arg value="v_v-s-baidu"/>
<property name="httpOnly" value="true"/>

<property name="maxAge" value="-1"/>

<property name="domain" value=".itboy.net"/>
</bean>

<bean id="customSessionListener" class="com.sojson.core.shiro.listenter.CustomSessionListener">
<property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
</bean>

<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="v_v-re-baidu"/>
<property name="httpOnly" value="true"/>

<property name="domain" value=".itboy.net"/>
<property name="maxAge" value="2592000"/>
</bean>

<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">

<property name="cipherKey"
value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
<property name="cookie" ref="rememberMeCookie"/>
</bean>

<bean id="customShiroSessionDAO" class="com.sojson.core.shiro.CustomShiroSessionDAO">
<property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>

<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<property name="interval" value="${session.validate.timespan}"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="sampleRealm"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="rememberMeManager" ref="rememberMeManager"/>
<property name="cacheManager" ref="customShiroCacheManager"/>
</bean>

<bean id="customShiroCacheManager" class="com.sojson.core.shiro.cache.impl.CustomShiroCacheManager">
<property name="shiroCacheManager" ref="jedisShiroCacheManager"/>
</bean>

<bean id="jedisShiroCacheManager" class="com.sojson.core.shiro.cache.impl.JedisShiroCacheManager">
<property name="jedisManager" ref="jedisManager"/>
</bean>

<bean id="jedisManager" class="com.sojson.core.shiro.cache.JedisManager">
<property name="jedisPool" ref="jedisPool"/>
</bean>

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>

<bean id="sampleRealm" class="com.sojson.core.shiro.token.SampleRealm" ></bean>
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionValidationInterval" value="1800000"/> 
<property name="globalSessionTimeout" value="1800000"/> 
<property name="sessionDAO" ref="customShiroSessionDAO"/>
<property name="sessionListeners">
<list>
<ref bean="customSessionListener"/>
</list>
</property>
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<property name="sessionValidationSchedulerEnabled" value="true"/>
<property name="deleteInvalidSessions" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
</bean>
<bean id="jedisShiroSessionRepository" class="com.sojson.core.shiro.cache.JedisShiroSessionRepository" >
<property name="jedisManager" ref="jedisManager"/>
</bean>
<!--
自定义角色过滤器支持多个角色可以访问同一个资源 eg:/home.jsp = authc,roleOR[admin,user]
用户有admin或者user角色就可以访问
-->

<bean id="shiroManager" class="com.sojson.core.shiro.service.impl.ShiroManagerImpl"/>
<bean id="login" class="com.sojson.core.shiro.filter.LoginFilter"/>
<bean id="role" class="com.sojson.core.shiro.filter.RoleFilter"/>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/u/login.shtml" />

<property name="successUrl" value="/" />
<property name="unauthorizedUrl" value="/?login" />















<property name="filterChainDefinitions" value="#{shiroManager.loadFilterChainDefinitions()}"/>
<property name="filters">
<util:map>
<entry key="login" value-ref="login"></entry>
<entry key="role" value-ref="role"></entry>
</util:map>
</property>
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

</beans>