shiro 用户权限管理（1）----配置 （springmvc+jpa+hibernate+maven环境）

springmvc.xml 配置增加

<!-- 开启Shiro注解的Spring配置方式的beans。在lifecycleBeanPostProcessor之后运行 -->     <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"        depends-on="lifecycleBeanPostProcessor" />   <bean  class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">        <property name="securityManager" ref="securityManager" />   </bean>         <bean id="lifecycleBeanPostProcessor"       class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />    <!-- shiro为集成spring -->     <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">       <property name="exceptionMappings">             <props>    <prop key="org.apache.shiro.authz.UnauthorizedException">/system/error</prop> </props>        </property>     </bean>

---

ehcache.xml配置

<?xml version="1.0" encoding="UTF-8"?><ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:noNamespaceSchemaLocation="ehcache.xsd"         updateCheck="true" monitoring="autodetect"         dynamicConfig="true">  <defaultCache maxElementsInMemory="10000"                    eternal="false"                    timeToIdleSeconds="120"                     timeToLiveSeconds="120"                     overflowToDisk="true"                    maxElementsOnDisk="10000000"                     diskPersistent="false"                    diskExpiryThreadIntervalSeconds="120"                     memoryStoreEvictionPolicy="LRU" /></ehcache>

---

appcationContext.xml :

<!-- 項目自定义的Realm --> <bean id="shiroDbRealm" class="org.shiro.demo.service.realm.ShiroDbRealm" >        <!--fc添加 MD5加密 begin-->    <property name="credentialsMatcher"><bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"><!--加密算法名称-->    <property name="hashIterations" value="2"></property>    <!--配置加密的次数-->            </bean>        </property>        <!--fc添加 MD5加密 end--></bean>    <!-- Shiro Filter -->    <bean id="shiroFilter"<!--要跟web.xml中的名称一致-->    class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">        <property name="securityManager" ref="securityManager" />        <property name="loginUrl" value="/" />        <property name="successUrl" value="/system/main" />        <property name="unauthorizedUrl" value="/system/error" />        <property name="filterChainDefinitions">            <value>            /main/**= anon            /login = anon            /validateCode = anon            /** = authc            </value>        </property>    </bean>

web.xml:

<!-- Shiro filter -->    <filter>        <filter-name>shiroFilter</filter-name>        <filter-class>            org.springframework.web.filter.DelegatingFilterProxy        </filter-class>        <init-param>            <param-name>targetFilterLifecycle</param-name>            <param-value>true</param-value>        </init-param>    </filter>    <filter-mapping>        <filter-name>shiroFilter</filter-name>        <url-pattern>/*</url-pattern>    </filter-mapping>

项目目录结构：

自定义的ShiroDbRealm 类 继承AuthorizingRealm实现验证登录过程