基于Spring框架的Shiro配置

一、在web.xml中添加shiro过滤器

    <!-- Shiro filter-->      <filter>          <filter-name>shiroFilter</filter-name>          <filter-class>              org.springframework.web.filter.DelegatingFilterProxy          </filter-class>      </filter>      <filter-mapping>          <filter-name>shiroFilter</filter-name>          <url-pattern>/*</url-pattern>      </filter-mapping>  

二、在Spring的applicationContext.xml中添加shiro配置

1、添加shiroFilter定义

<!-- Shiro Filter -->  <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">      <property name="securityManager" ref="securityManager" />      <property name="loginUrl" value="/login" />      <property name="successUrl" value="/user/list" />      <property name="unauthorizedUrl" value="/login" />      <property name="filterChainDefinitions">          <value>              /login = anon              /user/** = authc              /role/edit/* = perms[role:edit]              /role/save = perms[role:edit]              /role/list = perms[role:view]              /** = authc          </value>      </property>  </bean> 

2、添加securityManager定义

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">      <property name="realm" ref="myRealm" />  </bean>

3、添加realm定义

    <bean id=" myRealm" class="com...MyRealm" />  

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法

    public class MyRealm extends AuthorizingRealm{                private AccountManager accountManager;          public void setAccountManager(AccountManager accountManager) {              this.accountManager = accountManager;          }                /**          * 授权信息          */          protected AuthorizationInfo doGetAuthorizationInfo(                      PrincipalCollection principals) {              String username=(String)principals.fromRealm(getName()).iterator().next();              if( username != null ){                  User user = accountManager.get( username );                  if( user != null && user.getRoles() != null ){                      SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();                      for( SecurityRole each: user.getRoles() ){                              info.addRole(each.getName());                              info.addStringPermissions(each.getPermissionsAsString());                      }                      return info;                  }              }              return null;          }                /**          * 认证信息          */          protected AuthenticationInfo doGetAuthenticationInfo(                      AuthenticationToken authcToken ) throws AuthenticationException {              UsernamePasswordToken token = (UsernamePasswordToken) authcToken;              String userName = token.getUsername();              if( userName != null && !"".equals(userName) ){                  User user = accountManager.login(token.getUsername(),                                  String.valueOf(token.getPassword()));                        if( user != null )                      return new SimpleAuthenticationInfo(                                  user.getLoginName(),user.getPassword(), getName());              }              return null;          }            }