springmvc+shiro

来源：互联网发布：java图形输出的编程题编辑：程序博客网时间：2024/05/21 10:54

web.xml配置shiroFilter

    <!-- Apache Shiro -->    <filter>        <filter-name>shiroFilter</filter-name>        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>        <init-param>            <param-name>targetFilterLifecycle</param-name>            <param-value>true</param-value>        </init-param>    </filter>    <filter-mapping>        <filter-name>shiroFilter</filter-name>        <url-pattern>/*</url-pattern>    </filter-mapping>

配置文件：spring-content-shiro.xml

配置SecurityManager

    <!-- 定义Shiro安全管理配置 -->    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">        <property name="realm" ref="systemAuthorizingRealm" />        <property name="sessionManager" ref="sessionManager" />        <property name="cacheManager" ref="shiroCacheManager" />    </bean>

配置realm（自定义数据源）

    <!-- 項目自定义的Realm -->    <bean id="systemAuthorizingRealm" class="com.plife.sys.security.SystemAuthorizingRealm">        <property name="sysUserService" ref="sysUserServiceImple" />        <property name="sessionDAO" ref="sessionDAO" />    </bean>//sysUserService操作数据库 用户、密码表//sessionDAO 操作自定义的session

自定义会话管理配置sessionManager

    <!-- 自定义会话管理配置 -->    <bean id="sessionManager" class="com.plife.base.session.SessionManager">        <property name="sessionDAO" ref="sessionDAO"/>        <!-- 会话超时时间，单位：毫秒  -->        <property name="globalSessionTimeout" value="${session.sessionTimeout}"/>        <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->        <property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>        <!--        <property name="sessionValidationSchedulerEnabled" value="false"/> -->        <property name="sessionValidationSchedulerEnabled" value="true"/>        <property name="sessionIdCookie" ref="sessionIdCookie"/>        <property name="sessionIdCookieEnabled" value="true"/>    </bean>

配置session实际操作bean：sessionDAO

    <!-- 自定义Session存储容器 -->    <!--    <bean id="sessionDAO" class="com.thinkgem.jeesite.common.security.shiro.session.JedisSessionDAO"> -->    <!--        <property name="sessionIdGenerator" ref="idGen" /> -->    <!--        <property name="sessionKeyPrefix" value="${redis.keyPrefix}_session_" /> -->    <!--    </bean> -->    <bean id="sessionDAO" class="com.plife.base.session.CacheSessionDAO">        <property name="sessionIdGenerator" ref="idGen" />        <property name="activeSessionsCacheName" value="activeSessionsCache" />        <property name="cacheManager" ref="shiroCacheManager" />    </bean>

配置session的缓存shiroCacheManager

    <!-- 自定义系统缓存管理器-->    <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">        <property name="cacheManager" ref="cacheManager"/>    </bean>    <!-- 缓存配置 -->    <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">        <property name="configLocation" value="classpath:${ehcache.configFile}" />    </bean>

配置session id的生成策略

public class IdGen implements IdGenerator, SessionIdGenerator

aop 检测

    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>    <!-- AOP式方法级权限检查  -->    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">        <property name="proxyTargetClass" value="true" />    </bean>    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">        <property name="securityManager" ref="securityManager"/>    </bean>

这里写图片描述

0 0