spring mvc shiro 配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:p="http://www.springframework.org/schema/p" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">


<bean id="securityCacheManager" class="com.xxx.security.cache.SecurityCacheManager" />


<!-- 安全框架配置 -->
<bean id="securityService" class="com.xxx.security.service.impl.SecurityServiceDBImpl">
<property name="credentialsMatcher" ref="hashedCredentialsMatcher" />
</bean>


<bean id="sessionIdGenerator" class="com.xxx.security.SessionIdGeneratorImpl" />


<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="activeSessionsCacheName" value="${session.cache.name}" />
<property name="sessionIdGenerator" ref="sessionIdGenerator" />
</bean>
<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<property name="interval" value="${session.clear.interval}" />
<property name="sessionManager" ref="sessionManager" />
</bean>


<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="${session.global.timeout}" />
<property name="sessionDAO" ref="sessionDAO" />
<property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
</bean>


<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="securityService" />
<!--<property name="sessionManager" ref="sessionManager" />-->
<property name="cacheManager" ref="securityCacheManager" />
</bean>


<bean id="hashedCredentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="MD5" />
</bean>


<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean id="formAuthenticationFilter" class="com.xxx.security.CaptchaFormAuthenticationFilter">
<property name="usernameParam" value="username" />
<property name="passwordParam" value="password" />
<property name="captchaParam" value="captcha" />
<property name="rememberMeParam" value="rememberme" />
<property name="failureKeyAttribute" value="loginFailureKey" />
</bean>
<bean id="securityFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login.htm" />
<property name="successUrl" value="/index.htm" />
<property name="unauthorizedUrl" value="/login.htm" />
<property name="filters">
<util:map>
<entry key="authc" value-ref="formAuthenticationFilter" />
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/login.htm* = authc
/**/isCaptcha.htm = anon
/forgotpw.htm* = anon
/favicon.ico = anon
/image/** = anon
/css/** = anon
/js/** = anon
/** = user
</value>
</property>
</bean>
</beans>