環境搭建與Spring整合(Maven專案中)
1. 匯入依賴
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.2.3</version>
</dependency>
複製程式碼2. 在Web.xml中配置
- 真正處理請求,判斷業務的並不是這個過濾器,這是個spring的委託代理過濾器,攔截器.Tomcat中有自己的容器去管理Filter,Listener以及Servlet,並不是受Spring管理的,因此並不能通過Spring容器直接對Servlet容器進行注入。因此用來攔截請求.把請求處理委託交給Spring的過濾器工廠處理,在Spring的IOC容器中,一定要有一個bean的id是shiroFilter,對應的型別是shiroFilterFactoryBean
<!-- Shiro Security filter filter-name這個名字的值將來還會在spring中用到 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
複製程式碼注意:如果使用的是Struts2的話,該過濾器一定要放到struts2的過濾器之前.因為struts2的過濾器並沒有放行這個說法.
Spring整合Shiro applicationContext.xml
Spring整合shiro物件步驟:
- 建立shiroFilterFactoryBean.注入SecurityManager.
- filterChainDefinitions 過濾器鏈
| 過濾器簡稱 | 對應的java類 |
|---|---|
| anon匿名訪問過濾器.在這裡的資源直接放行 | org.apache.shiro.web.filter.authc.AnonymousFilter |
| authc 認證過濾器 | org.apache.shiro.web.filter.authc.FormAuthenticationFilter |
| authcBasic | org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter |
| perms 授權過濾器 | org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter |
| port | org.apache.shiro.web.filter.authz.PortFilter |
| rest | org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter |
| roles | org.apache.shiro.web.filter.authz.RolesAuthorizationFilter |
| ssl | org.apache.shiro.web.filter.authz.SslFilter |
| user | org.apache.shiro.web.filter.authc.UserFilter |
| logout | org.apache.shiro.web.filter.authc.LogoutFilter |
/index.jsp* = anon
/home* = anon
/sysadmin/login/login.jsp* = anon
/sysadmin/login/loginAction_logout* = anon
/login* = anon
/logout* = anon
/components/** = anon
/css/** = anon
/img/** = anon
/js/** = anon
/plugins/** = anon
/images/** = anon
/js/** = anon
/make/** = anon
/skin/** = anon
/stat/** = anon
/ufiles/** = anon
/validator/** = anon
/resource/** = anon
/** = authc
/*.* = authc
複製程式碼anon - 表示直接放行的資源. authc - 表示該路徑下的資源需要認證
perms - 表示該路徑下的資源需要授權
- 建立SecurityManager.注入realm(區域,領域)
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"></property>
</bean>
複製程式碼
注意:因為Realm並不知道我們使用哪個資料庫,要取什麼資料.因此Realm需要我們自己來建立並指定
- 建立自定義Realm,注入憑證匹配器
<!--3. 建立自定義的Realm-->
<bean id="myRealm" class="com.shirodemo.realm.LoginRealm">
<!--注入憑證匹配器-->
<property name="credentialsMatcher" ref="credentialsMatcher"/>
</bean>
複製程式碼- 建立憑證匹配器,注入加密演算法
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<!--指定加密的演算法-->
<property name="hashAlgorithmName" value="md5"/>
</bean>
複製程式碼
完整版
<!--1. 建立shiroFilterFactoryBean-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!--認證失敗跳轉的頁面-->
<property name="loginUrl" value="/login.jsp"/>
<!--認證成功的頁面.如果程式碼中指定了,以程式碼跳轉的地址為準,通常會以登入成功跳轉的頁面為準-->
<property name="successUrl" value="/home.jsp"/>
<!--未授權校驗的頁面-->
<property name="unauthorizedUrl" value="/login.jsp"/>
<!--過濾器鏈-->
<property name="filterChainDefinitions">
<value>
/index.jsp* = anon
/home* = anon
/sysadmin/login/login.jsp* = anon
/sysadmin/login/loginAction_logout* = anon
/login* = anon
/logout* = anon
/components/** = anon
/css/** = anon
/img/** = anon
/js/** = anon
/plugins/** = anon
/images/** = anon
/js/** = anon
/make/** = anon
/skin/** = anon
/stat/** = anon
/ufiles/** = anon
/validator/** = anon
/resource/** = anon
/** = authc
</value>
</property>
</bean>
<!--2. 建立securityManager-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"></property>
</bean>
<!--3. 建立自定義的Realm-->
<bean id="myRealm" class="com.shirodemo.realm.LoginRealm">
<!--注入憑證匹配器-->
<property name="credentialsMatcher" ref="credentialsMatcher"/>
</bean>
<!--4. 建立憑證匹配器-->
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<!--指定加密的演算法-->
<property name="hashAlgorithmName" value="md5"/>
</bean>
複製程式碼