shiro学习（一）

1、关于shiro的Realm权限执行原理的理解：
1.1、继承AuthorizingRealm定义自己的Realm，realm里面的doGetAuthenticationInfo(AuthenticationToken token)方法是在登录时候做验证，根据token获取用户提交的用户名，然后到数据库查找是否存在该用户，存在则new一个SimpleAuthenticationInfo对象，然后交由给CredentialsMatcher的doCredentialsMatch方法，去匹配密码是否一致。
1.2、当访问有权限限制的url或资源的时候，会调用doGetAuthorizationInfo(PrincipalCollection principals)，该方法也是返回一个预先设置好了role、permission的SimpleAuthorizationInfo，然后判断当前访问的资源需要的权限，是否在SimpleAuthorizationInfo里面。在每次访问有权限的资源（加了@RequiresPermissions，或者url在shiroFilter的filterChainDefinitions里面，有role，perm的资源，如user/* = role[user],user/*=perm[user:*]）的时候都会调用，所以可以考虑将realm里面的授权信息放在缓存里面，避免每次访问数据库。

2、授权信息配置在缓存中：
配合ehcache使用，spring-shiro.xml:

    <bean id="myRealm" class="com.sz.pos.shiro.realm.MyRealm">        <property name="credentialsMatcher" ref="credentialsMatcher" />        <property name="cachingEnabled" value="false" />        <!-- 如需要自定义缓存时间放开以下.修改 ehcache.xml -->        <property name="authenticationCachingEnabled" value="true" />        <property name="authenticationCacheName" value="authenticationCache" />        <property name="authorizationCachingEnabled" value="true" />        <property name="authorizationCacheName" value="authorizationCache" />    </bean>    <!-- shiro缓存管理器 -->    <bean id="cacheManager" class="com.sz.pos.shiro.spring.SpringCacheManagerWrapper">        <property name="cacheManager" ref="springCacheManager" />    </bean>    <bean id="springCacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">        <property name="cacheManager" ref="ehcacheManager" />    </bean>    <!--ehcache -->    <bean id="ehcacheManager"        class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">        <property name="configLocation" value="classpath:config/ehcache.xml" />    </bean>

ehcache.xml增加如下配置:

<cache name="authorizationCache" maxEntriesLocalHeap="2000"        eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0"        overflowToDisk="false" statistics="true">    </cache>    <cache name="authenticationCache" maxEntriesLocalHeap="2000"        eternal="false" timeToIdleSeconds="3600" timeToLiveSeconds="0"        overflowToDisk="false" statistics="true">    </cache>

编写实现了CacheManager接口的SpringCacheManagerWrapper类：

import java.util.ArrayList;import java.util.Collection;import java.util.Collections;import java.util.HashSet;import java.util.List;import java.util.Set;import org.apache.shiro.cache.Cache;import org.apache.shiro.cache.CacheException;import org.apache.shiro.cache.CacheManager;import org.apache.shiro.util.CollectionUtils;import org.springframework.cache.support.SimpleValueWrapper;import net.sf.ehcache.Ehcache;public class SpringCacheManagerWrapper implements CacheManager {    private org.springframework.cache.CacheManager cacheManager;    /**     * 设置spring cache manager     *     * @param cacheManager     */    public void setCacheManager(org.springframework.cache.CacheManager cacheManager) {        this.cacheManager = cacheManager;    }    public <K, V> Cache<K, V> getCache(String name) throws CacheException {        org.springframework.cache.Cache springCache = cacheManager.getCache(name);        return new SpringCacheWrapper(springCache);    }    static class SpringCacheWrapper implements Cache {        private org.springframework.cache.Cache springCache;        SpringCacheWrapper(org.springframework.cache.Cache springCache) {            this.springCache = springCache;        }        public Object get(Object key) throws CacheException {            Object value = springCache.get(key);            if (value instanceof SimpleValueWrapper) {                return ((SimpleValueWrapper) value).get();            }            return value;        }        public Object put(Object key, Object value) throws CacheException {            springCache.put(key, value);            return value;        }        public Object remove(Object key) throws CacheException {            springCache.evict(key);            return null;        }        public void clear() throws CacheException {            springCache.clear();        }        public int size() {            if (springCache.getNativeCache() instanceof Ehcache) {                Ehcache ehcache = (Ehcache) springCache.getNativeCache();                return ehcache.getSize();            }            throw new UnsupportedOperationException("invoke spring cache abstract size method not supported");        }        public Set keys() {            if (springCache.getNativeCache() instanceof Ehcache) {                Ehcache ehcache = (Ehcache) springCache.getNativeCache();                return new HashSet(ehcache.getKeys());            }            throw new UnsupportedOperationException("invoke spring cache abstract keys method not supported");        }        public Collection values() {            if (springCache.getNativeCache() instanceof Ehcache) {                Ehcache ehcache = (Ehcache) springCache.getNativeCache();                List keys = ehcache.getKeys();                if (!CollectionUtils.isEmpty(keys)) {                    List values = new ArrayList(keys.size());                    for (Object key : keys) {                        Object value = get(key);                        if (value != null) {                            values.add(value);                        }                    }                    return Collections.unmodifiableList(values);                } else {                    return Collections.emptyList();                }            }            throw new UnsupportedOperationException("invoke spring cache abstract values method not supported");        }    }}