一、在web.xml中添加shiro过滤器
<!-- Filtro Shiro--><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter -mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
二、在Spring的applicationContext.xml中添加shiro配置
1、添加shiroFilter定义
<!-- Filtro Shiro --><bean id="shiroFilter"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <property name= "successUrl" value="/user/list" /> <property name="unauthorizedUrl" value="/login" /> <property name="filterChainDefinitions"> <value> /login = anon /usuário/** = authc /role/edit/* = perms[role:edit] /role/save = perms[role:edit] /role/list = perms[role:view] /** = autenticação </value> </property></bean>
2. Use o securityManager
复制代码代码如下:
<bean id="securityManager">
<property name="realm" ref="myRealm" />
</bean>
3、添加realm定义
复制代码代码如下:
<bean id="meuRealm" />
三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法
classe pública MyRealm estende AuthorizingRealm{ private AccountManager accountManager; public void setAccountManager(AccountManager accountManager) { this.accountManager = accountManager; } /** * 授权信息 */ protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principais) { String username=(String)principals.fromRealm(getName()).iterator().next(); if (nome de usuário! = nulo) {Usuário usuário = accountManager.get (nome de usuário); if(usuário!= null && user.getRoles() != null){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for(SecurityRole cada: user.getRoles() ){ info.addRole(each.getName()); info.addStringPermissions(each.getPermissionsAsString()); } retornar informações; } } retornar nulo; } /** * 认证信息 */ protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken ) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String nome_do_usuário = token.getUsername(); if(userName != null && !"".equals(userName) ){ Usuário usuário = accountManager.login(token.getUsername(), String.valueOf(token.getPassword())); if(usuário!=nulo) retorna novo SimpleAuthenticationInfo(usuário.getLoginName(),usuário.getPassword(), getNome()); } retornar nulo; }}参考资料:Apache Shiro保护你的应用