一、web.xml中添加shiro过滤器
<!-- Shiro 필터--><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter -mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
두 번째, Spring의 applicationContext.xml에서 中添加shiro配置
1、添加shiroFilter정수
<!-- Shiro Filter --><bean id="shiroFilter"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <property name= "successUrl" value="/user/list" /> <property name="unauthorizedUrl" value="/login" /> <property name="filterChainDefinitions"> <값> /login = anon /user/** = authc /role/edit/* = perms[role:edit] /role/save = perms[role:edit] /role/list = perms[role:view] / ** = 인증 </value> </property></bean>
2、添加securityManager정확
复代码代码如下:
<bean id="securityManager">
<속성 이름="영역" ref="myRealm" />
</bean>
3、添加영역정정
复代码代码如下:
<빈 id="myRealm" />
3、实现MyRealm:继承AuthorizingRealm,并重写认证授权방법
공개 클래스 MyRealm은 AuthorizingRealm{ private AccountManager accountManager를 확장합니다. 공공 무효 setAccountManager(AccountManager accountManager) { this.accountManager = accountManager; } /** * 授权信息 */ protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection 주체) { String username=(String)principals.fromRealm(getName()).iterator().next(); if( 사용자 이름 != null ){ 사용자 user = accountManager.get( 사용자 이름 ); if( user != null && user.getRoles() != null ){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for( SecurityRole 각각: user.getRoles() ){ info.addRole(each.getName()); info.addStringPermissions(each.getPermissionsAsString()); } 정보를 반환합니다. } } null을 반환합니다. } /** * 认证信息 */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken ) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; 문자열 userName = token.getUsername(); if( userName != null && !"".equals(userName) ){ 사용자 user = accountManager.login(token.getUsername(), String.valueOf(token.getPassword())); if( user != null ) return new SimpleAuthenticationInfo( user.getLoginName(),user.getPassword(), getName()); } null을 반환합니다. }}参考资料:让Apache Shiro保护你의 사용