Shiro安全框架相关配置

来源：互联网发布：ubuntu访问windows盘编辑：程序博客网时间：2024/06/04 18:40

Web.xml配置

   <!-- Shiro Security filter  filter-name这个名字的值将来还会在spring中用到  -->   <!-- 注意：shiro的filter必须在struts2的filter之前，否则action无法创建 -->    <filter>        <filter-name>shiroFilter</filter-name>        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>        <init-param>            <param-name>targetFilterLifecycle</param-name>            <param-value>true</param-value>        </init-param>    </filter>    <filter-mapping>        <filter-name>shiroFilter</filter-name>        <url-pattern>/*</url-pattern>    </filter-mapping>

applicationContext-shiro.xml配置

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"           xmlns:p="http://www.springframework.org/schema/p"      xmlns:context="http://www.springframework.org/schema/context"       xmlns:tx="http://www.springframework.org/schema/tx"      xmlns:aop="http://www.springframework.org/schema/aop"      xsi:schemaLocation="http://www.springframework.org/schema/beans        http://www.springframework.org/schema/beans/spring-beans.xsd        http://www.springframework.org/schema/aop        http://www.springframework.org/schema/aop/spring-aop.xsd        http://www.springframework.org/schema/tx        http://www.springframework.org/schema/tx/spring-tx.xsd        http://www.springframework.org/schema/context        http://www.springframework.org/schema/context/spring-context.xsd">    <description>Shiro的配置</description>    <!-- SecurityManager配置 -->    <!-- 配置Realm域 -->    <!-- 密码比较器 -->    <!-- 代理如何生成？ 用工厂来生成Shiro的相关过滤器-->    <!-- 配置缓存：ehcache缓存 -->    <!-- 安全管理 -->    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">        <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->        <property name="realm" ref="authRealm"/><!-- 引用自定义的realm -->        <!-- 缓存 -->        <property name="cacheManager" ref="shiroEhcacheManager"/>    </bean>    <!-- 自定义权限认证 -->    <bean id="authRealm" class="cn.itcast.jk.shiro.AuthRealm">        <property name="userService" ref="userService"/>        <!-- 自定义密码加密算法  -->        <property name="credentialsMatcher" ref="passwordMatcher"/>    </bean>    <!-- 设置密码加密策略 md5hash -->    <bean id="passwordMatcher" class="cn.itcast.jk.shiro.CustomCredentialsMatcher"/>    <!-- filter-name这个名字的值来自于web.xml中filter的名字 -->    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">        <property name="securityManager" ref="securityManager"/>        <!--登录页面  -->        <property name="loginUrl" value="/index.jsp"></property>        <!-- 登录成功后 -->              <property name="successUrl" value="/home.action"></property>        <property name="filterChainDefinitions">            <!-- /**代表下面的多级目录也过滤 -->            <value>                /index.jsp* = anon                /home* = anon                /sysadmin/login/login.jsp* = anon                /sysadmin/login/logout.jsp* = anon                /login* = anon                /logout* = anon                /components/** = anon                /css/** = anon                /images/** = anon                /js/** = anon                /make/** = anon                /skin/** = anon                /stat/** = anon                /ufiles/** = anon                /validator/** = anon                /resource/** = anon                /** = authc                /*.* = authc            </value>        </property>    </bean>    <!-- 用户授权/认证信息Cache, 采用EhCache  缓存 -->    <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">        <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/>    </bean>    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>    <!-- 生成代理，通过代理进行控制 -->    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"          depends-on="lifecycleBeanPostProcessor">        <property name="proxyTargetClass" value="true"/>    </bean>    <!-- 安全管理器 -->    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">        <property name="securityManager" ref="securityManager"/>    </bean></beans>

ehcache-shiro.xml配置

<?xml version="1.0" encoding="UTF-8"?><ehcache updateCheck="false" name="shiroCache">    <defaultCache            maxElementsInMemory="10000"            eternal="false"            timeToIdleSeconds="120"            timeToLiveSeconds="120"            overflowToDisk="false"            diskPersistent="false"            diskExpiryThreadIntervalSeconds="120"            /></ehcache>

阅读全文

0 0