ssm整合shiro

1、导入shiro相应jar包，也可下载shiro-all.jar; 

2、web.xml添加shiroFilter配置，类似于mvc

 <!-- shiro 安全过滤器-->    <filter>        <filter-name>shiroFilter</filter-name>        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>        <async-supported>true</async-supported>        <init-param>            <param-name>targetFilterLifecycle</param-name>            <param-value>true</param-value>        </init-param>    </filter>    <filter-mapping>        <filter-name>shiroFilter</filter-name>        <url-pattern>/*</url-pattern>        <dispatcher>REQUEST</dispatcher>    </filter-mapping>

3、添加shiro配置文件，在spring-conf.xml导入

<import resource="classpath*:conf/spring-shiro.xml"/> 

<description>Shiro安全配置</description>    <!-- 扫描service注入realm -->    <context:component-scan base-package="com.myssm.yuan.service" use-default-filters="false">        <context:include-filter type="annotation" expression="org.springframework.stereotype.Service"/>    </context:component-scan>    <!--securityManager是shiro的核心，初始化时协调各个模块运行-->    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">       <!--单个realm使用realm,如果有多个realm，使用realms属性代替-->        <property name="realm" ref="userRealm" />       <property name="cacheManager" ref="shiroEhcacheManager" />    </bean>    <!--realm配置，realm是shiro的桥梁，它主要是用来判断subject是否可以登录及权限等-->    <bean id="userRealm" class="com.myssm.yuan.shiro.UserRealm" />    <!-- <property name="userService" ref="userService"/></bean> 不扫描可采用此方法注入-->    <!--shiro过滤器配置，bean的id值须与web中的filter-name的值相同-->    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">    <property name="securityManager" ref="securityManager" />         <!-- 没有权限或者失败后跳转的页面 -->     <property name="loginUrl" value="/login.jsp" />      <property name="successUrl" value="/WEB-INF/page/index.jsp" />     <property name="unauthorizedUrl" value="/login/unauthorized" />        <property name="filterChainDefinitions">            <value>                /login/logout=logout                /login/**=anon                /**=authc,rest            </value>        </property>    </bean>    <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->    <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">        <property name="cacheManagerConfigFile" value="classpath:conf/ehcache-shiro.xml"/>    </bean>    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

3.1 添加shiro缓存配置文件

<?xml version="1.0" encoding="UTF-8"?><ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd">    <diskStore path="java.io.tmpdir"/>    <defaultCache maxElementsInMemory="10000" eternal="false"     timeToIdleSeconds="900" timeToLiveSeconds="1800"     overflowToDisk="false"     memoryStoreEvictionPolicy="LFU" />    <cache name="testEhcache"         maxElementsInMemory="10000"         eternal="false"        overflowToDisk="false"         timeToIdleSeconds="900"        timeToLiveSeconds="1800"        memoryStoreEvictionPolicy="LFU" /> </ehcache>

4、添加配置文件中配置的自定义realm,继承AuthorizingRealm

    /**      * 授权     * <p>Title: doGetAuthorizationInfo</p>      * <p>Description: </p>      * @param principals     * @return      * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)     */        @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();//未进行授权处理        return authorizationInfo;    }    /**      * 认证     * <p>Title: doGetAuthenticationInfo</p>      * <p>Description: </p>      * @param token     * @return     * @throws AuthenticationException      * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)     */        @Override    protected AuthenticationInfo doGetAuthenticationInfo(            AuthenticationToken token) throws AuthenticationException {        UsernamePasswordToken usernamePasswordToke = (UsernamePasswordToken)token;         String account = usernamePasswordToke.getUsername();        String pwd = String.valueOf(usernamePasswordToke.getPassword());        User user = this.userService.getUserByAccount(account);        if( user == null ){            throw new UnknownAccountException();        }        if( !user.getPassword().equals(pwd)){            throw new IncorrectCredentialsException();        }//if(Boolean.TRUE.equals( user.getLocked())){//  throw new LockedAccountException(); //帐号锁定//}        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(                account,pwd,this.getName()); //此处未进行密码加密处理        return authenticationInfo;    }

5、增加登录jsp及controller进行测试，java培训机构结果:未登录自动跳到login.jsp,登录成功调到index.jsp

以上为简单的整合shiro，如有错误或好的建议，敬请提出。