spring shiro配置

<span style="color: rgb(51, 51, 51); font-family: Arial; font-size: 14px; line-height: 26px;">一、在web.xml配制shiroFilter</span> 

<!-- Shiro filter start --><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><init-param><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- Shiro filter end -->

er在spring的application.xml中添加配制

<!-- ================ Shiro start ================ --><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="realm" ref="ShiroRealm" /></bean><!-- 項目自定义的Realm -->    <bean id="ShiroRealm" class="com.fh.interceptor.shiro.ShiroRealm" ></bean><!-- Shiro Filter --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><property name="securityManager" ref="securityManager" /><property name="loginUrl" value="/" /><property name="successUrl" value="/main/index" /><property name="unauthorizedUrl" value="/login_toLogin" /><property name="filterChainDefinitions"><value>/static/login/** = anon/static/js/myjs/** = authc/static/js/** = anon/uploadFiles/uploadImgs/** = anon           /code.do = anon           /login_login = anon           /app**/** = anon           /weixin/** = anon           /**= authc</value></property></bean><!-- ================ Shiro end ================ -->

三、ShiroRealm文件基本代码

import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;/** * @author fh *  2015-3-6 */public class ShiroRealm extends AuthorizingRealm {/* * 登录信息和用户验证信息验证(non-Javadoc) * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) */@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String)token.getPrincipal();  //得到用户名      String password = new String((char[])token.getCredentials()); //得到密码     if(null != username && null != password){     return new SimpleAuthenticationInfo(username, password, getName());     }else{     return null;     }     }/* * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用,负责在应用程序中决定用户的访问控制的方法(non-Javadoc) * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {System.out.println("========2");return null;}}