一、在web.xml中添加shiro过滤器

  1. <!-- Shiro filter-->
  2. <filter>
  3. <filter-name>shiroFilter</filter-name>
  4. <filter-class>
  5. org.springframework.web.filter.DelegatingFilterProxy
  6. </filter-class>
  7. </filter>
  8. <filter-mapping>
  9. <filter-name>shiroFilter</filter-name>
  10. <url-pattern>/*</url-pattern>
  11. </filter-mapping>

二、在Spring的applicationContext.xml中添加shiro配置 
1、添加shiroFilter定义

  1. <!-- Shiro Filter -->
  2. <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
  3. <property name="securityManager" ref="securityManager" />
  4. <property name="loginUrl" value="/login" />
  5. <property name="successUrl" value="/user/list" />
  6. <property name="unauthorizedUrl" value="/login" />
  7. <property name="filterChainDefinitions">
  8. <value>
  9. /login = anon
  10. /user/** = authc
  11. /role/edit/* = perms[role:edit]
  12. /role/save = perms[role:edit]
  13. /role/list = perms[role:view]
  14. /** = authc
  15. </value>
  16. </property>
  17. </bean>

2、添加securityManager定义

  1. <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
  2. <property name="realm" ref="myRealm" />
  3. </bean>

3、添加realm定义

  1. <bean id=" myRealm" class="com...MyRealm" />

三、实现MyRealm:继承AuthorizingRealm,并重写认证授权方法

    1. public class MyRealm extends AuthorizingRealm{
    2. private AccountManager accountManager;
    3. public void setAccountManager(AccountManager accountManager) {
    4. this.accountManager = accountManager;
    5. }
    6. /**
    7. * 授权信息
    8. */
    9. protected AuthorizationInfo doGetAuthorizationInfo(
    10. PrincipalCollection principals) {
    11. String username=(String)principals.fromRealm(getName()).iterator().next();
    12. if( username != null ){
    13. User user = accountManager.get( username );
    14. if( user != null && user.getRoles() != null ){
    15. SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    16. for( SecurityRole each: user.getRoles() ){
    17. info.addRole(each.getName());
    18. info.addStringPermissions(each.getPermissionsAsString());
    19. }
    20. return info;
    21. }
    22. }
    23. return null;
    24. }
    25. /**
    26. * 认证信息
    27. */
    28. protected AuthenticationInfo doGetAuthenticationInfo(
    29. AuthenticationToken authcToken ) throws AuthenticationException {
    30. UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
    31. String userName = token.getUsername();
    32. if( userName != null && !"".equals(userName) ){
    33. User user = accountManager.login(token.getUsername(),
    34. String.valueOf(token.getPassword()));
    35. if( user != null )
    36. return new SimpleAuthenticationInfo(
    37. user.getLoginName(),user.getPassword(), getName());
    38. }
    39. return null;
    40. }
    41. }
05-11 18:26