shiro:的配置
1.導包:shiro.All 1.2.3
2.配置過濾器:在web.xml中 ,注意這段過濾器要寫在struts2的過濾器前面。
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3. <!-- 在applicationContext.xml中告訴spring生成shiro代理子類時,采用cglib方式生成 -->
<aop:aspectj-autoproxy proxy-target-class="true" />
4.寫shiro的配置檔案:applicationContext-shiro
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<!-- 配置Spring整合shiro -->
<!-- 密碼比較器類 -->
<bean id="passwordMatcher" class="cn.itcast.web.action.shiro.PasswordMatcher" />
<!-- 編寫realm類 -->
<bean id="authRealm" class="cn.itcast.web.action.shiro.AuthRealm">
<!-- 注入密碼比較器對象 -->
<property name="credentialsMatcher" ref="passwordMatcher" />
</bean>
<!-- 配置安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 自己編寫一個realm域對象 -->
<property name="realm" ref="authRealm" />
</bean>
<!-- Spring架構需要整合shiro安全架構 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 注入安全管理器 -->
<property name="securityManager" ref="securityManager" />
<!-- 登入頁面 -->
<property name="loginUrl" value="/index.jsp" />
<!-- 認證成功了,跳轉的頁面 <property name="successUrl" value=""/> -->
<!-- 沒有權限的跳轉頁面 -->
<property name="unauthorizedUrl" value="/index2.jsp" />
<!-- 定義通路的規則 -->
<property name="filterChainDefinitions">
<!-- /**代表下面的多級目錄也過濾 注意:下面的過濾一定要遵循從小到大原則 ,并且不要寫标點符号在後方,每條資料單獨寫一行,不要換行,盡量不要使用自動調整格式,會造成格式錯誤。
anon, authc :權限攔截器 ,anon:代表可以通路的路徑,authc :代表不可以通路的路徑。
-->
<value>
/index.jsp* = anon
/home* = anon
/sysadmin/login/login.jsp* = anon
/sysadmin/login/loginAction_logout* = anon
/login* = anon
/logout* = anon
/components/** = anon
/css/** = anon
/img/** = anon
/js/** = anon
/plugins/** = anon
/images/** = anon
/js/** = anon
/make/** = anon
/skin/** = anon
/stat/** = anon
/ufiles/** = anon
/validator/** = anon
/resource/** = anon
/** = authc
/*.* = authc
</value>
</property>
</bean>
<!-- 保證實作了Shiro内部lifecycle函數的bean執行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- 生成代理,通過代理進行控制 -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<!-- 安全管理器 -->
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
</beans>
5. 在applicationContext.xml 中加載shiro檔案
<import resource="classpath:applicationContext-shiro.xml"/>
----------------------------------------------------------------------------------
二 shiro的使用方法流程。
1.shiro執行流程圖解:
2.shiro登入的過程圖解: