Shiro入门到精通之集成spring

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3     xmlns="http://java.sun.com/xml/ns/javaee"
 4     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 5     id="WebApp_ID" version="2.5">
 6     <context-param>
 7         <param-name>contextConfigLocation</param-name>
 8         <param-value>classpath:applicationContext.xml</param-value>
 9     </context-param>
10 
11     <listener>
12         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
13     </listener>
14 
15     <servlet>
16         <servlet-name>spring</servlet-name>
17         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
18         <load-on-startup>1</load-on-startup>
19     </servlet>
20 
21     
22     <servlet-mapping>
23         <servlet-name>spring</servlet-name>
24         <url-pattern>/</url-pattern>
25     </servlet-mapping>
26       <!--shiro的拦截器 -->
27     <filter>
28         <filter-name>shiroFilter</filter-name>
29         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
30         <init-param>
31             <param-name>targetFilterLifecycle</param-name>
32             <param-value>true</param-value>
33         </init-param>
34     </filter>
35 
36     <filter-mapping>
37         <filter-name>shiroFilter</filter-name>
38         <url-pattern>/*</url-pattern>
39     </filter-mapping>
40 
41 
42 </web-app>

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <beans xmlns="http://www.springframework.org/schema/beans"
 3     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4     xmlns:context="http://www.springframework.org/schema/context"
 5     xmlns:mvc="http://www.springframework.org/schema/mvc"
 6     xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
 7         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
 8         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
 9         
10     <context:component-scan base-package="com.spring.shiro"></context:component-scan>
11     
12     <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
13         <property name="prefix" value="/"></property>
14         <property name="suffix" value=".jsp"></property>
15     </bean>
16     
17     <mvc:annotation-driven></mvc:annotation-driven>
18     <mvc:default-servlet-handler/>
19 </beans>

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
                    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
                    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
    <!--2. 配置 securityManager-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="cacheManager" ref="cacheManager" />
        <property name="realm" ref="jdbcRealm" />
    </bean>

    <!-- 配置cacheManager -->
    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
     <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> 
     </bean>
     <!-- 自定义realm 
         直接配置实现了realm接口的bean
     -->
    <bean id="jdbcRealm" class="com.spring.shiro.realms.ShiroRealm">    
    </bean>
        
    <!-- 
    配置lifecycleBeanPostProcessor 可以自动的调用配置在spring IOC容器中shirobean的生命周期方法
     -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
     <!-- 启用IOC容器 shiro注解  仅在配置了生命周期方法后有效-->
    <bean
        class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
        depends-on="lifecycleBeanPostProcessor" />
    <bean
        class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />
    </bean>  

    
    <!-- 这儿的id必须和web.xml中的shiro-filter  name名称一致 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/login.jsp" />
        <property name="successUrl" value="/list.jsp" />
        <property name="unauthorizedUrl" value="/unauthorized.jsp" />
        <!-- anon匿名访问 authc 登录后才可以访问 不登录的页面访问会进行重定向到login.jsp -->
        <property name="filterChainDefinitions">
            <value>
                /login.jsp = anon
                # everything else requires authentication:
                /** = authc
            </value>
        </property>
    </bean>

</beans>

login.jsp 页面代码
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
        <h2>Login Page</h2>
</body>
</html>

 1 package com.spring.shiro.realms;
 2 
 3 import org.apache.shiro.authc.AuthenticationException;
 4 import org.apache.shiro.authc.AuthenticationInfo;
 5 import org.apache.shiro.authc.AuthenticationToken;
 6 import org.apache.shiro.realm.Realm;
 7 
 8 public class ShiroRealm  implements Realm{
 9 
10     @Override
11     public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
12         return null;
13     }
14 
15     @Override
16     public String getName() {
17         return null;
18     }
19 
20     @Override
21     public boolean supports(AuthenticationToken arg0) {
22         return false;
23     }
24 
25 }

 1 <ehcache>
 2     <diskStore path="java.io.tmpdir"/>
 3     <cache name="authorizationCache"
 4            eternal="false"
 5            timeToIdleSeconds="3600"
 6            timeToLiveSeconds="0"
 7            overflowToDisk="false"
 8            statistics="true">
 9     </cache>
10     <cache name="authenticationCache"
11            eternal="false"
12            timeToIdleSeconds="3600"
13            timeToLiveSeconds="0"
14            overflowToDisk="false"
15            statistics="true">
16     </cache>
17     <cache name="shiro-activeSessionCache"
18            eternal="false"
19            timeToIdleSeconds="3600"
20            timeToLiveSeconds="0"
21            overflowToDisk="false"
22            statistics="true">
23     </cache>
24     <defaultCache
25         maxElementsInMemory="10000"
26         eternal="false"
27         timeToIdleSeconds="120"
28         timeToLiveSeconds="120"
29         overflowToDisk="true"
30         />
31     <cache name="sampleCache1"
32         maxElementsInMemory="10000"
33         eternal="false"
34         timeToIdleSeconds="300"
35         timeToLiveSeconds="600"
36         overflowToDisk="true"
37         />
38     <cache name="sampleCache2"
39         maxElementsInMemory="1000"
40         eternal="true"
41         timeToIdleSeconds="0"
42         timeToLiveSeconds="0"
43         overflowToDisk="false"
44         /> 
45 </ehcache>