基于Spring框架的Shiro配置方法
发布时间:2020-12-14 05:05:53 所属栏目:Java 来源:网络整理
导读:一、在web.xml中添加shiro过滤器 !-- Shiro filter--filterfilter-nameshiroFilter/filter-namefilter-classorg.springframework.web.filter.DelegatingFilterProxy/filter-class/filterfilter-mappingfilter-nameshiroFilter/filter-nameurl-pattern/*/url-
|
一、在web.xml中添加shiro过滤器 <!-- Shiro filter--> <filter> <filter-name>shiroFilter</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 二、在Spring的applicationContext.xml中添加shiro配置 1、添加shiroFilter定义 <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <property name="successUrl" value="/user/list" /> <property name="unauthorizedUrl" value="/login" /> <property name="filterChainDefinitions"> <value> /login = anon /user/** = authc /role/edit/* = perms[role:edit] /role/save = perms[role:edit] /role/list = perms[role:view] /** = authc </value> </property> </bean> 2、添加securityManager定义 复制代码 代码如下: <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm" /> </bean> 3、添加realm定义 复制代码 代码如下: <bean id=" myRealm" class="com...MyRealm" /> 三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
public class MyRealm extends AuthorizingRealm{
private AccountManager accountManager;
public void setAccountManager(AccountManager accountManager) {
this.accountManager = accountManager;
}
/**
* 授权信息
*/
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
String username=(String)principals.fromRealm(getName()).iterator().next();
if( username != null ){
User user = accountManager.get( username );
if( user != null && user.getRoles() != null ){
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for( SecurityRole each: user.getRoles() ){
info.addRole(each.getName());
info.addStringPermissions(each.getPermissionsAsString());
}
return info;
}
}
return null;
}
/**
* 认证信息
*/
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken ) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String userName = token.getUsername();
if( userName != null && !"".equals(userName) ){
User user = accountManager.login(token.getUsername(),String.valueOf(token.getPassword()));
if( user != null )
return new SimpleAuthenticationInfo(
user.getLoginName(),user.getPassword(),getName());
}
return null;
}
}
参考资料:让Apache Shiro保护你的应用 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |