springmvc 整合 shiro

1、pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.datayes.lipengfei</groupId><artifactId>login_shiro</artifactId><version>0.0.1-SNAPSHOT</version><packaging>war</packaging><!-- 属性配置 --><properties><spring.version>4.2.3.RELEASE</spring.version><shiro.version>1.2.2</shiro.version></properties><dependencies><!-- spring核心包 --><dependency><groupId>org.springframework</groupId><artifactId>spring-core</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-oxm</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-aop</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-context-support</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-test</artifactId><version>${spring.version}</version><scope>test</scope></dependency><dependency><groupId>org.apache.commons</groupId><artifactId>commons-lang3</artifactId><version>3.3.1</version></dependency><!-- 解决 jsp question javax.servlet.http.HttpServlet --><dependency><groupId>javax.servlet</groupId><artifactId>servlet-api</artifactId><version>2.5</version><type>jar</type><scope>provided</scope></dependency><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version><scope>provided</scope></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>jsp-api</artifactId><version>2.1</version><scope>provided</scope></dependency><dependency><artifactId>javaee-web-api</artifactId><groupId>javax</groupId><version>6.0</version><scope>provided</scope></dependency><!-- JSTL标签类 --><dependency><groupId>jstl</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><version>1.16.8</version><scope>provided</scope></dependency><!-- shiro --> <dependency>            <groupId>org.apache.shiro</groupId>            <artifactId>shiro-core</artifactId>            <version>${shiro.version}</version>        </dependency>        <dependency>            <groupId>org.apache.shiro</groupId>            <artifactId>shiro-web</artifactId>            <version>${shiro.version}</version>        </dependency>        <dependency>            <groupId>org.apache.shiro</groupId>            <artifactId>shiro-ehcache</artifactId>            <version>${shiro.version}</version>        </dependency>        <dependency>            <groupId>org.apache.shiro</groupId>            <artifactId>shiro-quartz</artifactId>            <version>${shiro.version}</version>        </dependency>        <dependency>            <groupId>org.apache.shiro</groupId>            <artifactId>shiro-spring</artifactId>            <version>${shiro.version}</version>        </dependency></dependencies></project>

2、web.xml

主要是配DispatcherServlet和shirofilter

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"version="3.0" metadata-complete="false"><!-- spring --><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xml,classpath:spring-shiro-web.xml</param-value></context-param><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><!-- spring mvc --><servlet><servlet-name>springmvc</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:spring-mvc.xml</param-value></init-param></servlet><servlet-mapping><servlet-name>springmvc</servlet-name><url-pattern>/</url-pattern></servlet-mapping><!-- shiro --><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><async-supported>true</async-supported><init-param><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping></web-app>

3、spring-mvc.xml

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-3.2.xsdhttp://www.springframework.org/schema/contexthttp://www.springframework.org/schema/context/spring-context-3.2.xsdhttp://www.springframework.org/schema/mvchttp://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd"><mvc:annotation-driven /><!-- 扫描controller（controller层注入） --><context:component-scan base-package="com.datayes" /><!-- 解决shiro注解无效的问题 --><!-- Required for security annotations to work in this servlet --><beanclass="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" /><beanclass="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" /><!-- Enable annotation-based controllers using @Controller annotations --><bean id="annotationUrlMapping"class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"></bean><bean id="annotationMethodHandlerAdapter"class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" /><!-- 对模型视图添加前后缀 --><bean id="viewResolver"class="org.springframework.web.servlet.view.InternalResourceViewResolver"p:prefix="/WEB-INF/view/" p:suffix=".jsp" /><mvc:resources mapping="/view/**" location="/WEB-INF/view/" /><beanclass="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"><property name="exceptionMappings"><props><prop key="org.apache.shiro.authz.UnauthorizedException">unauthorized</prop></props></property></bean></beans>

4、spring-shiro-web.xml

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:util="http://www.springframework.org/schema/util" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"><bean id="EhCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"></bean><!-- 缓存管理器 使用Ehcache实现 --><bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"><property name="cacheManagerConfigFile" value="classpath:ehcache.xml" /></bean><!-- 安全管理器 --><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="realms"><list><!-- 使用配置文件管理 --><bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm"><constructor-arg value="classpath:shiro-simple.ini"></constructor-arg><!-- <property name="resourcePath" value="classpath:shiro-simple.ini" /> --></bean><bean id="ldapRealm" class="com.datayes.lipengfei.realm.LdapRealm"></bean></list></property><property name="cacheManager" ref="cacheManager"></property></bean><!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) --><beanclass="org.springframework.beans.factory.config.MethodInvokingFactoryBean"><property name="staticMethod"value="org.apache.shiro.SecurityUtils.setSecurityManager" /><property name="arguments" ref="securityManager" /></bean><!-- Shiro 的Web过滤器 --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><property name="securityManager" ref="securityManager" /><!-- 如果没有认证将要跳转的登陆地址，http可访问的url，如果不在表单认证过虑器FormAuthenticationFilter中指定此地址就为身份认证地址 --><property name="loginUrl" value="/security/index" /><property name="successUrl" value="/view/success" /><!-- 没有权限跳转的地址 --><property name="unauthorizedUrl" value="/view/unauthorized" /><!-- shiro拦截器配置 --><property name="filters"><map><entry key="authc" value-ref="formAuthenticationFilter" /></map></property><property name="filterChainDefinitions"><value>/security/*=anon/login.jsp=anon/logout = logout<!-- /**放在最下边，如果一个url有多个过虑器则多个过虑器中间用逗号分隔，如：/** = user,roles[admin] --></value></property></bean><!-- 基于Form表单的身份验证过滤器，不配置将也会注册此过虑器，表单中的用户账号、密码及loginurl将采用默认值，建议配置 --><bean id="formAuthenticationFilter"class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"><!-- 表单中账号的input名称 --><property name="usernameParam" value="username" /><!-- 表单中密码的input名称 --><property name="passwordParam" value="password" /><!-- <property name="rememberMeParam" value="rememberMe"/> --><!-- loginurl：用户登陆地址，此地址是可以http访问的url地址 --><property name="loginUrl" value="/view/success" /></bean><!-- 开启Shiro的注解(如@RequiresRoles，@RequiresPermissions)，需借助SpringAOP扫描使用Shiro注解的类， 并在必要时进行安全逻辑验证 --><!-- <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"></bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"></property> </bean> --></beans>

5、源代码见附件