shiro 认证 配置单个realm和多个realm时的写法
来源:互联网 发布:手机桌面图标转换软件 编辑:程序博客网 时间:2024/06/07 22:03
认证:
配置单个realm时,不涉及modularRealmAuthenticator, 因此,也就不涉及认证策略
注意:applicationContext.xml配置中的MyRealm和SecondRealm是我定义的两个Realm
配置单个realm时.
applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"> <!-- ========================================================= Shiro Core Components - Not Spring Specific ========================================================= --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --> <property name="sessionMode" value="native"/> <property name="realm" ref="realm"/> </bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> </bean><!-- MD5校验 --><bean id="realm" class="com.qx.realm.MyRealm"><property name="credentialsMatcher"><bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"><property name="hashAlgorithmName" value="MD5"></property><property name="hashIterations" value="1024"></property></bean></property></bean> <!-- ========================================================= Shiro Spring-specific integration ========================================================= --> <!-- Post processor that automatically invokes init() and destroy() methods for Spring-configured Shiro objects so you don't have to 1) specify an init-method and destroy-method attributes for every bean definition and 2) even know which Shiro objects require these methods to be called. --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated with a Subject for security checks. --> <bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="successUrl" value="/success.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> <property name="filterChainDefinitions"> <!-- anon代表所有人都可以访问,authc必须登陆认证后才可以访问 --> <value> /login.jsp = anon /user/login.action = anon /success.jsp = authc /index.jsp = anon /logout=logout /list.jsp=roles[user] /admin.jsp=roles[admin] # everything else requires authentication: /** = authc </value> </property> </bean></beans>
配置多个realm时:--配置多个realm时,就涉及到modularRealmAuthenticator, 因此,也就涉及到配置何种认证策略
applicationContext.xml写法1:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"> <!-- ========================================================= Shiro Core Components - Not Spring Specific ========================================================= --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --> <property name="sessionMode" value="native"/> <property name="authenticator" ref="modularRealmAuthenticator"></property> <property name="realms"> <!-- 在这里的配置,其实最终设置给了org.apache.shiro.authc.pam.ModularRealmAuthenticator,注意这是在有多个realm的情况 --> <list> <ref bean="realm"/> <ref bean="secondRealm"/> </list> </property> </bean> <!-- 配置多个realm的时候如何认证 (给modularRealmAuthernticator设置id,是因为,在securityManager中要配置authenticator,需要ref它)--> <bean id="modularRealmAuthenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="authenticationStrategy"> <!-- 认证策略 --> <bean class="org.apache.shiro.authc.pam.AllSuccessfulStrategy"></bean> </property> </bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> </bean> <!-- MD5校验 --> <bean id="realm" class="com.qx.realm.MyRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="MD5"></property> <property name="hashIterations" value="1024"></property> </bean> </property> </bean> <!-- SHA1校验 --> <bean id="secondRealm" class="com.qx.realm.SecondRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="SHA1"></property> <property name="hashIterations" value="1024"></property> </bean> </property> </bean> <!-- ========================================================= Shiro Spring-specific integration ========================================================= --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated with a Subject for security checks. --> <bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="successUrl" value="/success.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> <property name="filterChainDefinitions"> <!-- anon代表所有人都可以访问,authc必须登陆认证后才可以访问 --> <value> /login.jsp = anon /user/login.action = anon /success.jsp = authc /index.jsp = anon /logout=logout /list.jsp=roles[user] /admin.jsp=roles[admin] # everything else requires authentication: /** = authc </value> </property> </bean> </beans>
applicationContext.xml写法2:---严重不推荐,会出现各种问题提示realm没有配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"> <!-- ========================================================= Shiro Core Components - Not Spring Specific ========================================================= --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --> <property name="sessionMode" value="native"/> <property name="authenticator" ref="modularRealmAuthenticator"></property> </bean> <!-- 配置多个realm的时候如何认证 (给modularRealmAuthernticator设置id,是因为,在securityManager中要配置authenticator,需要ref它) --> <bean id="modularRealmAuthenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"> <property name="authenticationStrategy"> <!-- 认证策略 --> <bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy"></bean> </property> <!-- 可以配置到securityManager上面 --> <property name="realms"> <list> <ref bean="realm"/> <ref bean="secondRealm"/> </list> </property> </bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> </bean> <!-- MD5校验 --> <bean id="realm" class="com.qx.realm.MyRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="MD5"></property> <property name="hashIterations" value="1024"></property> </bean> </property> </bean> <!-- SHA1校验 --> <bean id="secondRealm" class="com.qx.realm.SecondRealm"> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="SHA1"></property> <property name="hashIterations" value="1024"></property> </bean> </property> </bean> <!-- ========================================================= Shiro Spring-specific integration ========================================================= --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated with a Subject for security checks. --> <bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- 配置shiro的 filter id 必须和web.xml中的配置的shiroFilter的filter-name一致 ,否则一定会报错--> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="successUrl" value="/success.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> </property> --> <property name="filterChainDefinitions"> <!-- anon代表所有人都可以访问,authc必须登陆认证后才可以访问 --> <value> /login.jsp = anon /user/login.action = anon /success.jsp = authc /index.jsp = anon /logout=logout /list.jsp=roles[user] /admin.jsp=roles[admin] # everything else requires authentication: /** = authc </value> </property> </bean> </beans>
applicationContext.xml写法3:
---需要在shiroFilter中注入filterChainDefinitionMap,因此,需要自己定义一个RolesMapFactory,访问那个url需要什么权限在 RolesMapFactory中定义,放在一个LinkedHashMap中,定义一个init方法返回该map.
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"> <!-- ========================================================= Shiro Core Components - Not Spring Specific ========================================================= --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="cacheManager" ref="cacheManager"/> <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --> <property name="sessionMode" value="native"/> <!-- <property name="realm" ref="realm"/> --> <property name="authenticator" ref="modularRealmAuthenticator"></property> <!-- 可以配置到securityManager上面 --><property name="realms"><list> <ref bean="realm"/> <ref bean="secondRealm"/> </list></property> </bean> <!-- 配置多个realm的时候如何认证 --><bean id="modularRealmAuthenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator"><property name="authenticationStrategy"><!-- 认证策略 --><bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy"></bean></property><!-- 可以配置到securityManager上面<property name="realms"><list> <ref bean="realm"/> <ref bean="secondRealm"/> </list></property> --></bean> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <!-- Set a net.sf.ehcache.CacheManager instance here if you already have one. If not, a new one will be creaed with a default config: <property name="cacheManager" ref="ehCacheManager"/> --> <!-- If you don't have a pre-built net.sf.ehcache.CacheManager instance to inject, but you want a specific Ehcache configuration to be used, specify that here. If you don't, a default will be used.: <property name="cacheManagerConfigFile" value="classpath:some/path/to/ehcache.xml"/> --> <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> </bean><!-- MD5校验 --><bean id="realm" class="com.qx.realm.MyRealm"><property name="credentialsMatcher"><bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"><property name="hashAlgorithmName" value="MD5"></property><property name="hashIterations" value="1024"></property></bean></property></bean><!-- SHA1校验 --><bean id="secondRealm" class="com.qx.realm.SecondRealm"><property name="credentialsMatcher"><bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"><property name="hashAlgorithmName" value="SHA1"></property><property name="hashIterations" value="1024"></property></bean></property></bean> <!-- ========================================================= Shiro Spring-specific integration ========================================================= --> <!-- Post processor that automatically invokes init() and destroy() methods for Spring-configured Shiro objects so you don't have to 1) specify an init-method and destroy-method attributes for every bean definition and 2) even know which Shiro objects require these methods to be called. --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated with a Subject for security checks. --> <bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"> <property name="securityManager" ref="securityManager"/> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.jsp"/> <property name="successUrl" value="/success.jsp"/> <property name="unauthorizedUrl" value="/unauthorized.jsp"/> <property name="filterChainDefinitionMap" ref="filterChainDefinitionMap"> </property> <!-- <property name="filterChainDefinitions"> anon代表所有人都可以访问,authc必须登陆认证后才可以访问 <value> /login.jsp = anon /user/login.action = anon /success.jsp = authc /index.jsp = anon /logout=logout /list.jsp=roles[user] /admin.jsp=roles[admin] # everything else requires authentication: /** = authc </value> </property> --> </bean> <bean id="rolesMapFactory" class="com.qx.shiro.controller.RolesMapFactory"></bean> <bean id="filterChainDefinitionMap" factory-bean="rolesMapFactory" factory-method="initRoleMap"></bean></beans>
所需要的RolesMapFactory:
package com.qx.shiro.controller;import java.util.HashMap;import java.util.LinkedHashMap;public class RolesMapFactory {/** * 初始化权限,此处实际项目中应该是从数据库中获取数据 * @return */public HashMap<String, String> initRoleMap(){LinkedHashMap<String, String> map=new LinkedHashMap<>();map.put("/login.jsp", "anon");map.put("/user/login.action", "anon");map.put("/success.jsp", "authc");map.put("/index .jsp", "anon");map.put("/logout", "logout");map.put("/list.jsp", "roles[user]");map.put("/admin.jsp", "roles[admin]");map.put("/**", "authc");return map;}}无论是上述是哪种配置web.xml中都需要配置shiroFilter 且要 注意 filter-name必须和spring中对应的org.apache.shiro.spring.web.ShiroFilterFactoryBean的id一致
web.xml:中这样配置shiroFilter:
<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
阅读全文
0 0
- shiro 认证 配置单个realm和多个realm时的写法
- Shiro多个Realm认证及授权
- Shiro 的身份认证-Realm
- Shiro——多个Realm的配置
- [Shiro]多Realm时,指定登录Realm
- shiro-realm认证
- Shiro 自定义realm认证
- apache-shiro杂记(二) 关于多realm认证的策略
- shiro多登录入口,多realm认证
- 自学-Shiro中多Realm的配置-09
- Shiro之多Realm的认证及认证策略-yellowcong
- Shiro的Realm
- shiro 多realm
- Shiro 自定义realm授权与认证的实现
- 自定义realm shiro加密配置
- Shiro、Realm
- Shiro-Realm
- Shiro身份认证、Realm&JDBC Reaml
- Java运算符优先级
- 华为2017年8月30日校招编程真题01-数字的中文拼音和英文单词之间互相转换
- log4j、slf4j
- spring的bean作用域详解
- Lucene学习使用小结(二)
- shiro 认证 配置单个realm和多个realm时的写法
- python爬虫学习第三十五天
- 优度网(UDUCN):使用微信卡券开展储值相关业务的说明
- 实验吧忘记密码
- Python学习笔记 5--集合、函数
- 【专题】树链剖分
- poj 1101 The Game【BFS+思维】
- String应用杂记
- Node.js安装及环境配置(windows版)
