一、在web.xml中添加shiro过滤器
<!-- Filter Shiro--><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter -pemetaan><nama-filter>shiroFilter</nama-filter><url-pattern>/*</url-pattern></filter-mapping>
二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义
<!-- Shiro Filter --><bean id="shiroFilter"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <nama properti= "successUrl" value="/user/list" /> <nama properti="unauthorizedUrl" value="/login" /> <nama properti="filterChainDefinitions"> <nilai> /login = segera /pengguna/** = authc /role/edit/* = perms[role:edit] /role/save = perms[role:edit] /role/list = perms[role:view] / ** = authc </value> </property></bean>
2、添加securityManager定义
复制代码代码如下:
<bean id="manajer keamanan">
<nama properti="realm" ref="myRealm" />
</kacang>
3、添加alam定义
复制代码代码如下:
<bean id="myRealm" />
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
kelas publik MyRealm memperluas AuthorizingRealm{ private AccountManager accountManager; public void setAccountManager(AccountManager accountManager) { this.accountManager = accountManager; } /** * 授权信息 */ protected AuthorizationInfo doGetAuthorizationInfo( PrinsipalCollection kepala sekolah) { String nama pengguna=(String)principals.fromRealm(getName()).iterator().next(); if( nama pengguna != null ){ Pengguna pengguna = accountManager.get( nama pengguna ); if( pengguna != null && pengguna.getRoles() != null ){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for( SecurityRole masing-masing: pengguna.getRoles() ){ info.addRole(each.getName()); info.addStringPermissions(masing-masing.getPermissionsAsString()); } info pengembalian; } } mengembalikan nol; } /** * 认证信息 */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken ) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String nama pengguna = token.getUsername(); if( nama pengguna != null && !"".equals(userName) ){ Pengguna pengguna = accountManager.login(token.getUsername(), String.valueOf(token.getPassword())); if( pengguna != null ) mengembalikan SimpleAuthenticationInfo baru( pengguna.getLoginName(),user.getPassword(), getName()); } mengembalikan nol; }}Panduan Pengguna Apache Shiro