基于Spring框架的Shiro配备
发布时间: 2012-06-30 17:20:12 作者: rapoo
基于Spring框架的Shiro配置
一、在web.xml中添加shiro过滤器
<!-- Shiro filter--><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
二、在Spring的applicationContext.xml中添加shiro配置
<!-- Shiro Filter --><bean id="shiroFilter" ref="securityManager" /><property name="loginUrl" value="/login" /><property name="successUrl" value="/user/list" /><property name="unauthorizedUrl" value="/login" /><property name="filterChainDefinitions"><value>/login = anon/user/** = authc/role/edit/* = perms[role:edit]/role/save = perms[role:edit]/role/list = perms[role:view]/** = authc</value></property></bean>
2、添加securityManager定义
<bean id="securityManager" ref="myRealm" /></bean>
3、添加realm定义
<bean id=" myRealm" />
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
public class MyRealm extends AuthorizingRealm{ private AccountManager accountManager; public void setAccountManager(AccountManager accountManager) { this.accountManager = accountManager; } /** * 授权信息 */ protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { String username=(String)principals.fromRealm(getName()).iterator().next(); if( username != null ){ User user = accountManager.get( username ); if( user != null && user.getRoles() != null ){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for( SecurityRole each: user.getRoles() ){ info.addRole(each.getName()); info.addStringPermissions(each.getPermissionsAsString()); } return info; } } return null; } /** * 认证信息 */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken ) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String userName = token.getUsername(); if( userName != null && !"".equals(userName) ){ User user = accountManager.login(token.getUsername(), String.valueOf(token.getPassword())); if( user != null ) return new SimpleAuthenticationInfo( user.getLoginName(),user.getPassword(), getName()); } return null; } }?相关参考:<!-- 可根据项目的URL进行替换 -->
<property name="loginUrl" value="/" />
<property name="successUrl" value="/core/system/index" />
<property name="unauthorizedUrl" value="/core/system/noAuth" />
</bean>
不知道为啥没起作用,希望能指导一下,谢谢了!!!