标签:style blog io color sp for on div log
shiro结合spring进行权限管理,项目还未上线,权限系统还未开启,先把用到的验证码和登陆过滤部分功能记录一下
验证码是否开启:
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager" > <property name="realm" ref="shiroDbRealm" /> <property name="cacheManager" ref="shiroEhcacheManager" /> </bean> <!-- <bean id="userServiceImpl" class="com.joloplay.security.service.impl.UserServiceImpl"></bean> --> <!-- <bean id="userRoleServiceImpl" class="com.joloplay.security.service.impl.UserRoleServiceImpl"></bean> --> <!-- Spring Data Jpa配置 --> <bean id="shiroDbRealm" class="com.joloplay.security.shiro.ShiroDbRealm" depends-on="securityUserDao,userRoleDao"> <property name="userService" ref="userServiceImpl"/> <property name="userRoleService" ref="userRoleServiceImpl"/> <property name="useCaptcha" value="true"/> </bean>
修改下面的bean中的 "useCaptcha"属性的value值即可,TRUE为开启验证码,FALSE为不开启。
2.通过配置,使相应的请求跳过登陆过滤器:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login.do" /> <property name="successUrl" value="/ui/index.do" /> <property name="filters"> <map> <!-- <entry key="authc" value-ref="baseFormAuthenticationFilter"/> --> <!-- 是否启用验证码检验 --> <entry key="authc" value-ref="captchaFormAuthenticationFilter"/> </map> </property> <property name="filterChainDefinitions"> <value> /sdkData/*.do =anon /infoFee/*.do =anon /Captcha.jpg = anon /include/** = anon /login/timeout = anon /login.do = authc /logout = logout /ui/*.do = user /ui/index/*.do = user /ui/** = anon /*.jsp = anon /*.html = anon /** = user </value> </property> </bean>
只需要在filterChainDefinetions属性中,将请求的URL列出即可,设置为anon,即实现不登陆就可访问的效果。
shiro的权限控制还是比较强大的,配置比较简单,有空得好好学学--
标签:style blog io color sp for on div log
原文地址:http://www.cnblogs.com/ljy201992/p/4119372.html
