欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

spring-mvc整合shiro安全框架(身份认证)

程序员文章站 2024-03-05 15:30:37
...

Spring整合Shiro:

1、搭建springMVC环境

1,1引入相关依赖及配置(省略)

2、引入Spring整合shiro的依赖

<!-- shiro -->
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring</artifactId>
			<version>1.3.2</version>
		</dependency>

 

3、配置web.xml,配置过滤

<!-- Shiro Filter is defined in the spring application context: -->
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	   <!-- 默认是值是false,true代表由spring来管理bean的生命周期-->
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

4、配置applicationContext-shiro.xml

配置放行规则:

左边是路径 右边是拦截器

/login.jsp=anon

/user/login=anon

/js/**=anon

anon放行

authc要认证才能放行

user记住我使用

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Licensed to the Apache Software Foundation (ASF) under one
  ~ or more contributor license agreements.  See the NOTICE file
  ~ distributed with this work for additional information
  ~ regarding copyright ownership.  The ASF licenses this file
  ~ to you under the Apache License, Version 2.0 (the
  ~ "License"); you may not use this file except in compliance
  ~ with the License.  You may obtain a copy of the License at
  ~
  ~     http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing,
  ~ software distributed under the License is distributed on an
  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  ~ KIND, either express or implied.  See the License for the
  ~ specific language governing permissions and limitations
  ~ under the License.
  -->
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">


    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="sessionMode" value="native"/>
        <property name="realm" ref="myRealm"></property>
    </bean>


    <!-- =========================================================
         Shiro Spring-specific integration
         ========================================================= -->
    <!-- Post processor that automatically invokes init() and destroy() methods
         for Spring-configured Shiro objects so you don't have to
         1) specify an init-method and destroy-method attributes for every bean
            definition and
         2) even know which Shiro objects require these methods to be
            called. -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

    <!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml -
         web.xml uses the DelegatingFilterProxy to access this bean.  This allows us
         to wire things with more control as well utilize nice Spring things such as
         PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <!-- 登录的请求 -->
        <property name="loginUrl" value="login.jsp"/>
        <!-- 登录成功后的请求 -->
        <property name="successUrl" value="index.jsp"/>
        <!-- 没有权限后发送的请求 -->
        <property name="unauthorizedUrl" value="nopower.jsp"/>
        <!-- 配置shiro过滤规则 -->
        <property name="filterChainDefinitions">
            <value>
            	/login.jsp=anon
            	/user/login=anon
            	/js/**=anon
                /** = authc
            </value>
        </property>
    </bean>

</beans>

 

5.自定义Realm(用于身份认证和权限设置)

继承AuthorizingRealm类,重写两个方法

doGetAuthorizationInfo(PrincipalCollection principals) 表示根据用户身份获取授权信息

doGetAuthenticationInfo(AuthenticationToken token) 表示获取身份验证信息,该方法里面可以通过token获得登录信息

6.配置Realm

<!-- shiro中核心的组件 -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="sessionMode" value="native" />
		<!-- 把Realme配置到 securityManager中 -->
		<property name="realm" ref="userRelam" />
		<!-- 加入会话管理器管理器 -->
		<property name="sessionManager" ref="sessionManager" />
	</bean>
	
	<!-- 配置自定义Realm -->
	<bean id="userRelam" class="com.qf.realm.UserRealm">
	</bean>