spring + shiro +ehcache + redis整合自我总结1

通过maven方式添加支持jar包：

xi

<!--shiro-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.0</version>
</dependency>

<!--ehcache-->
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache-core</artifactId>
<version>${ehcache.version}</version>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache-web</artifactId>
<version>${ehcache-web.version}</version>
</dependency>

<!--redis and jedis-->
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<version>
f328
;2.9.0</version>
</dependency>
<dependency>
<groupId>commons-pool</groupId>
<artifactId>commons-pool</artifactId>
<version>1.6</version>
</dependency>

spring + shiro 配置：

web.xml中的配置：

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-common.xml,classpath:spring-mybatis.xml,classpath:spring-shiro.xml</param-value>
</context-param>

<!-- Apache Shiro 1.3.0 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

spring-shiro.xml配置：

<bean id="userFormAuthenticationFilter" class="com.lf.security.UserFormAuthenticationFilter"/>

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login.do" />
<property name="successUrl" value="/main.do" />
<property name="filters">
<map>
<entry key="authc" value-ref="userFormAuthenticationFilter"/>
</map>
</property>
<property name="filterChainDefinitions">
<value>
/login.do = authc
/= authc
</value>
</property>
</bean>

<!-- Shiro security manager -->
<bean id="systemAuthorizingRealm" class="com.lf.security.SystemAuthorizingRealm"></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="systemAuthorizingRealm" />
<property name="cacheManager" ref="shiroEhcacheManager"/>
<property name="sessionManager" ref="sessionManager" />
</bean>

(1)、其中spring-shiro.xml中id=shiroFilter的ID名字和web.xml中的filter-name名字要一致；
(2)、<ptoperty name="filter">表示这样使用authc的时候就是我们自定一个过滤器了，如果觉得用同个名字不好也可以自己定义名字！
 UserFormAuthenticationFilter的配置如下：

public class UserFormAuthenticationFilter extends FormAuthenticationFilter{}

(3)、其中SystemAuthorizingRealm类如下继承关系：

public class SystemAuthorizingRealm extends AuthorizingRealm {}

(4）、整个过滤过程如下：当请求/login.do的时候，shiro进行拦截，进入UserFormAuthenticationFilter类，如上面配置的shiro过滤链，执行的方法有：executeLogin（FormAuthenticationFilter类中的方法）

@Override
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
CustomUsernamePasswordToken cupToken = createToken(request,response);
try{
/**验证码确认*/
doCaptchaValidate(request,cupToken);
/**登录信息验证*/
Subject subject = getSubject(request, response);
subject.login(cupToken);
return onLoginSuccess(cupToken,subject,request,response);
}catch(AuthenticationException authenticationException){
return onLoginFailure(cupToken,authenticationException,request,response);
}
}

在执行subject.login()方法的时候，shiro内部的工作流程，会主动调用上面配置的SystemAuthorizingRealm类中的身份认证方法doGetAuthenticationInfo（），进行身份认证，
认证成功以后就会调用到相应的Controller类中，标注有@RequestMapping(value =  "/login")方法上面，跳转到制定的页面，如果在指定的Controller层方法中有shiro的权限/角色等，如@RequiresPermissions("user")，@RequiresRoles("user")等，那么系统就会进入SystemAuthorizingRealm类中的doGetAuthorizationInfo进行权限认证，更细的信息，请在debug中进行查看。