spring-mvc整合shiro安全框架(身份认证)
程序员文章站
2024-03-05 15:30:37
...
Spring整合Shiro:
1、搭建springMVC环境
1,1引入相关依赖及配置(省略)
2、引入Spring整合shiro的依赖
<!-- shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
3、配置web.xml,配置过滤
<!-- Shiro Filter is defined in the spring application context: -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<!-- 默认是值是false,true代表由spring来管理bean的生命周期-->
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
4、配置applicationContext-shiro.xml
配置放行规则:
左边是路径 右边是拦截器
/login.jsp=anon
/user/login=anon
/js/**=anon
anon放行
authc要认证才能放行
user记住我使用
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Licensed to the Apache Software Foundation (ASF) under one
~ or more contributor license agreements. See the NOTICE file
~ distributed with this work for additional information
~ regarding copyright ownership. The ASF licenses this file
~ to you under the Apache License, Version 2.0 (the
~ "License"); you may not use this file except in compliance
~ with the License. You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="sessionMode" value="native"/>
<property name="realm" ref="myRealm"></property>
</bean>
<!-- =========================================================
Shiro Spring-specific integration
========================================================= -->
<!-- Post processor that automatically invokes init() and destroy() methods
for Spring-configured Shiro objects so you don't have to
1) specify an init-method and destroy-method attributes for every bean
definition and
2) even know which Shiro objects require these methods to be
called. -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml -
web.xml uses the DelegatingFilterProxy to access this bean. This allows us
to wire things with more control as well utilize nice Spring things such as
PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- 登录的请求 -->
<property name="loginUrl" value="login.jsp"/>
<!-- 登录成功后的请求 -->
<property name="successUrl" value="index.jsp"/>
<!-- 没有权限后发送的请求 -->
<property name="unauthorizedUrl" value="nopower.jsp"/>
<!-- 配置shiro过滤规则 -->
<property name="filterChainDefinitions">
<value>
/login.jsp=anon
/user/login=anon
/js/**=anon
/** = authc
</value>
</property>
</bean>
</beans>
5.自定义Realm(用于身份认证和权限设置)
继承AuthorizingRealm类,重写两个方法
doGetAuthorizationInfo(PrincipalCollection principals) 表示根据用户身份获取授权信息
doGetAuthenticationInfo(AuthenticationToken token) 表示获取身份验证信息,该方法里面可以通过token获得登录信息
6.配置Realm
<!-- shiro中核心的组件 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="sessionMode" value="native" />
<!-- 把Realme配置到 securityManager中 -->
<property name="realm" ref="userRelam" />
<!-- 加入会话管理器管理器 -->
<property name="sessionManager" ref="sessionManager" />
</bean>
<!-- 配置自定义Realm -->
<bean id="userRelam" class="com.qf.realm.UserRealm">
</bean>
推荐阅读
-
spring-mvc整合shiro安全框架(身份认证)
-
spring-mvc整合shiro安全框架(权限拦截)
-
springboot windows10风格 activiti 整合项目框架源码 shiro 安全框架 druid
-
springboot activiti 整合项目框架源码 druid 数据库连接池 shiro 安全框架
-
复习之shiro安全框架(一)——初步了解及使用shiro认证
-
springboot windows10风格 activiti 整合项目框架源码 shiro 安全框架 druid 数据库连接池
-
springboot activiti 整合项目框架源码 shiro 安全框架 druid windows10风格
-
shiro安全框架与ssm+maven的整合
-
springboot activiti 整合项目框架源码 shiro 安全框架 druid 数据库连接池
-
Java安全框架——Shiro的使用详解(附springboot整合Shiro的demo)