spring-shiro.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"
default-lazy-init="true">
<description>Shiro安全配置(SpringMVC整合Shiro,Shiro是一个强大易用的Java安全框架,提供了认证、授权、加密和会话管理等功能)</description>
<!-- Shiro默认会使用Servlet容器的Session,可通过sessionMode属性来指定使用Shiro原生Session -->
<!-- 即<property name="sessionMode" value="native"/>,详细说明见官方文档 -->
<!-- 这里主要是设置自定义的单jdbcRealm应用,若有多个Realm,可使用'realms'属性代替 -->
<!-- Shiro's main business-tier object for web-enabled applications -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="jdbcRealm" />
<property name="cacheManager" ref="shiroEhcacheManager" />
</bean>
<!-- 继承自AuthorizingRealm的自定义Realm,即指定Shiro验证用户登录的类为自定义的jdbcRealm.java -->
<!-- 自定义的Realm -->
<bean id="jdbcRealm" class="cn.**.JdbcRealm">
<property name="authorizationCachingEnabled" value="true" />
<property name="cacheManager" ref="shiroEhcacheManager" />
<!--<property name="credentialsMatcher" ref="hashedCredentialsMatcher" />-->
</bean>
<!-- 密码保存方式 -->
<bean id="hashedCredentialsMatcher"
class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="MD5" />
<property name="storedCredentialsHexEncoded" value="true" />
<property name="hashIterations" value="1" />
</bean>
<!-- 用户授权信息Cache, 采用EhCache -->
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:spring/ehcache-shiro.xml" />
</bean>
<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<!-- 未授权时要跳转的连接 -->
<property name="unauthorizedUrl" value="/sys/turn403" />
<property name="filterChainDefinitions">
<value>
/login = authc
/logout = logout
/js/** = anon
/css/** = anon
/img/** = anon
/easyui/** = anon
/jquery/** = anon
/jquery-jbox/** = anon
/jquery-ztree/** = anon
/treeTable/** = anon
/user/main = authc
</value>
</property>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- AOP式方法级权限检查 spring aop 支持shiro的注解功能 -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
</beans>
参考 jdbcRealm.java
public class jdbcRealm extends AuthorizingRealm {
@Override
public void setName(String name) {
super.setName("customRealm");
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws AuthenticationException {
}
// 用于授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
String userCode = (String) principals.getPrimaryPrincipal();
//模拟从数据库获取到数据
List permissions = new ArrayList();
permissions.add("user:create");//用户的创建
permissions.add("items:add");//商品添加权限
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.addStringPermissions(permissions);
return simpleAuthorizationInfo;
}
}
扫一扫
1265
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
