基于Spring框架的Shiro配置

一、在web.xml中添加shiro过滤器

Xml代码  

<!-- Shiro filter-->  <filter>      <filter-name>shiroFilter</filter-name>      <filter-class>          org.springframework.web.filter.DelegatingFilterProxy      </filter-class>  </filter>  <filter-mapping>      <filter-name>shiroFilter</filter-name>      <url-pattern>/*</url-pattern>  </filter-mapping> 

二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义

Xml代码  

    <!-- Shiro Filter -->      <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">          <property name="securityManager" ref="securityManager" />          <property name="loginUrl" value="/login" />          <property name="successUrl" value="/user/list" />          <property name="unauthorizedUrl" value="/login" />          <property name="filterChainDefinitions">              <value>                  /login = anon                  /user/** = authc                  /role/edit/* = perms[role:edit]                  /role/save = perms[role:edit]                  /role/list = perms[role:view]                  /** = authc              </value>          </property>      </bean>  

2、添加securityManager定义

Xml代码  

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">          <property name="realm" ref="myRealm" />      </bean>  

3、添加realm定义

Xml代码  

    <bean id=" myRealm" class="com...MyRealm" />  

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法

Java代码 

public class MyRealm extends AuthorizingRealm{        private AccountManager accountManager;      public void setAccountManager(AccountManager accountManager) {          this.accountManager = accountManager;      }        /**      * 授权信息      */      protected AuthorizationInfo doGetAuthorizationInfo(                  PrincipalCollection principals) {          String username=(String)principals.fromRealm(getName()).iterator().next();          if( username != null ){              User user = accountManager.get( username );              if( user != null && user.getRoles() != null ){                  SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();                  for( SecurityRole each: user.getRoles() ){                          info.addRole(each.getName());                          info.addStringPermissions(each.getPermissionsAsString());                  }                  return info;              }          }          return null;      }        /**      * 认证信息      */      protected AuthenticationInfo doGetAuthenticationInfo(                  AuthenticationToken authcToken ) throws AuthenticationException {          UsernamePasswordToken token = (UsernamePasswordToken) authcToken;          String userName = token.getUsername();          if( userName != null && !"".equals(userName) ){              User user = accountManager.login(token.getUsername(),                              String.valueOf(token.getPassword()));                if( user != null )                  return new SimpleAuthenticationInfo(                              user.getLoginName(),user.getPassword(), getName());          }          return null;      }    }