您的位置:首页 > 其它

ssm项目集成shiro

2017-12-11 12:44 232 查看
首先,这是创建ssm项目的地址:http://blog.csdn.net/qq_40706089/article/details/78707234,今天打算将shiro安全框架也给集成进来,网上对shiro的介绍非常之多,在这也不多赘述了,直接开始集成。

step1:通过pom文件管理shiro框架所需的jar包

<!--整合shiro需要的依赖-->

<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.2.2</version>
</dependency>

step2:在web.xml中添加shiro安全过滤器

<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

这个要注意两个小问题:a.一般shiro过滤器配置在编码过滤器之后,这样在对编码进行过滤后就走shiro的过滤器。b.
<filter-name>shiroFilter</filter-name>

此处的名字要和下一步的spring-shiro.XML中
ShiroFilterFactoryBean 的id一样,如果不一样 会创建shiroFilter失败


step3:在resourse目录下建立spring-shiro.XML文件(此处名字 随意)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd" default-lazy-init="true">

<description>Shiro Configuration</description>

<!-- Shiro's main business-tier object for web-enabled applications -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="MyRealm" />
<property name="cacheManager" ref="cacheManager" />
</bean>

<!-- 項目自定义的Realm -->
<bean id="MyRealm" class="com.lsd.shiro.MyRealm">
<property name="cacheManager" ref="cacheManager" />
</bean>
<!--自定义LogoutFilter,退出-->
<bean id="logoutFilter" class="com.lsd.shiro.SystemLogoutFilter">
<property name="redirectUrl" value="/userController/login"/>
</bean>

<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value=" /userController/login" />
<property name="successUrl" value="userController/index" />
<property name="filters">
<map>

<entry key="logout" value-ref="logoutFilter"/>
</map>
</property>

<property name="filterChainDefinitions">
<value>
/userController/login = anon

/userController/index =authc
/userController/logout = logout

</value>
</property>
</bean>

<!-- 用户授权信息Cache -->
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />

<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

<!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>

<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>

</beans>


配置解释:

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value=" /userController/login" />
<property name="successUrl" value="userController/index" />
<property name="filters">
<map>

<entry key="logout" value-ref="logoutFilter"/>
</map>
</property>

<property name="filterChainDefinitions">
<value>
/userController/login = anon

/userController/index =authc
/userController/logout = logout

</value>
</property>
</bean>

securityManager:是shiro 的安全管理器

loginUrl:登录页面,也可以当成是项目的首页
successUrl:登录成功后的页面
后面跟的都是访问页面的路由,然后在value里面进行配置
路径1 = anon 代表不需要经过登录验证即可访问,即无拦截。
路径2 = authc 代表必须通过登录验证才可访问,如果不登录直接访问 则返回loginUrl


注意:配置成功后先注释掉自定义的realm,下篇博客会用到

step4:

在web.xml文件中引入shiro的配置文件让他随项目启动时就加载

<display-name>web-ssm</display-name>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mybatis.xml,classpath:spring-shiro.xml</param-value>
</context-param>

<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>


至此,shiro框架就集成进来了 ,测试是否集成成功,可以将某个页面的地址加上 authc 权限 不登录访问的时候如果能拦截,跳到loginUrl,代表集成成功,具体用法还需要深入的学习,在这推荐开涛大神的跟我学shiro。
                                            

                                        

                        
                        内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息 
                    

                    

                    

                        

                         标签: 
                                                

                        

                    


                

            


            

                
相关文章推荐

                

                
            

        

        

            

            
            

                

                    
新的分享

                    

                        
                    

                

            


            

                

                    
章节导航