Apache Shiro配置于Spring
本文是针对web应用web.xml
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<!-- Make sure any request you want accessible to Shiro is filtered. /* catches all -->
<!-- requests.Usually this filter mapping is defined first (before all others) to -->
<!-- ensure that Shiro works in subsequent filters in the filter chain: -->
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
参数TargetFilterLifecycle:缺省值为false,即生命周期由Spring app context管理。设置为true时由servlet container管理。
配置applicationContext.xml:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- 配置要跳转的URL -->
<property name="loginUrl" value="/login.jsp"/>
<property name="successUrl" value="/main.jsp"/>
<property name="unauthorizedUrl" value="/err404.jsp"/>
<!-- 配置过滤策略 切记这是FIRST MATCH WINS -->
<property name="filterChainDefinitions">
<value>
/download/** = user
/images/** = anon
/admin/** = authc, roles
/docs/** = authc, perms
/** = authc
/logout.html = logout
</value>
</property>
</bean>
<bean id="myRealm" class="king.common.security.MyRealm"></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
另外,DefaultSecurityManager继承RealmSecurityManager。因此,当需要多个realm时可以使用"realms"property。
ShiroFilterFactoryBean提供了Filters属性,关于Filters:
This property is optional:this {@code FactoryBean} implementation will discover all beans in the
* web application context that implement the {@link Filter} interface and automatically add them to this filter
* map under their bean name.
如果需要的话可以配置一下,如:
<property name="filters">
<util:map>
<entry key="myAlias1" value-ref="myFilter1"/>
</util:map>
</property>
filterChainDefinitions这一property的set方法是这样定义的:
public void setFilterChainDefinitions(String definitions) {
Ini ini = new Ini();
ini.load(definitions);
//did they explicitly state a 'urls' section?Not necessary, but just in case:
Ini.Section section = ini.getSection(IniFilterChainResolverFactory.URLS);
if (CollectionUtils.isEmpty(section)) {
//no urls section.Since this _is_ a urls chain definition property, just assume the
//default section contains only the definitions:
section = ini.getSection(Ini.DEFAULT_SECTION_NAME);
}
setFilterChainDefinitionMap(section);
}
于是我们便可以使用filterChainDefinitionMap这一property。我们可以写一个继承FactoryBean<Section>的类动态构成一个filterChainDefinitionMap。(Ps:Section是实现Map<String,String>的Ini的静态内部类。)
另外,如果希望使用注解:
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
我身在江湖,江湖里却没有我得传说。 如果跟导师讲不清楚,那么就把他搞胡涂吧! 人生自古谁无死,啊个拉屎不用纸! 路过,支持一下啦 所有刻骨铭心的爱都灵魂游离于床上的瞬间! 爱她,就请为她做无痛人流手术!
页:
[1]