<!-- security --><dependency>    <groupId>org.apache.shiro</groupId>    <artifactId>shiro-core</artifactId>    <version>1.2.5</version></dependency><dependency>    <groupId>org.apache.shiro</groupId>    <artifactId>shiro-spring</artifactId>    <version>1.2.5</version></dependency><dependency>    <groupId>org.apache.shiro</groupId>    <artifactId>shiro-cas</artifactId>    <version>1.2.5</version></dependency><dependency>    <groupId>org.apache.shiro</groupId>    <artifactId>shiro-web</artifactId>    <version>1.2.5</version></dependency><dependency>    <groupId>org.apache.shiro</groupId>    <artifactId>shiro-ehcache</artifactId>    <version>1.2.5</version></dependency>

<!-- Shiro过滤器 --><filter>    <filter-name>shiroFilter</filter-name>    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    <init-param>        <param-name>targetFilterLifecycle</param-name>        <param-value>true</param-value>    </init-param></filter><filter-mapping>    <filter-name>shiroFilter</filter-name>    <url-pattern>/*</url-pattern></filter-mapping>

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="        http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-4.0.xsd        http://www.springframework.org/schema/context          http://www.springframework.org/schema/context/spring-context-4.0.xsd">         <description>Shiro Configuration</description>         <!-- 加载配置属性文件 -->    <context:property-placeholder ignore-unresolvable="true" location="classpath:demo.properties" />         <!-- 定义安全管理配置 -->    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">        <property name="realm" ref="userRealm" />        <property name="sessionManager" ref="defaultWebSessionManager" />        <!-- <property name="cacheManager" ref="shiroCacheManager" /> -->    </bean>    <bean id="userRealm" class="org.xs.demo1.UserRealm"></bean>         <!-- 自定义会话管理 -->    <bean id="defaultWebSessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">            <!-- 会话超时时间，单位：毫秒 -->        <property name="globalSessionTimeout" value="http://www.mamicode.com/86400000" />        <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话 -->        <property name="sessionValidationInterval" value="http://www.mamicode.com/120000"/>        <!-- 定时检查失效的会话 -->        <property name="sessionValidationSchedulerEnabled" value="http://www.mamicode.com/true"/>    </bean>         <!-- 安全认证过滤器 -->    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">        <property name="securityManager" ref="securityManager" />        <property name="loginUrl" value="http://www.mamicode.com/hello/login" />        <property name="unauthorizedUrl" value="http://www.mamicode.com/hello/login" />        <property name="successUrl" value="http://www.mamicode.com/hello/mysql" />        <property name="filterChainDefinitions">            <value>                /hello/login = anon //anon:允许匿名访问                /hello/auth = anon                /hello/* = authc //authc:需要认证才能访问            </value>        </property>    </bean>         <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->      <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/></beans>

package org.xs.demo1; import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.springframework.stereotype.Service; /** * 安全认证实现类 */@Servicepublic class UserRealm extends AuthorizingRealm {     /**     * 获取授权信息     */    @Override    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {                 //String currentUsername = (String) getAvailablePrincipal(principals);                     SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();        info.addStringPermission("admin");                     return info;    }         /**     * 获取认证信息     */    @Override    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {                     UsernamePasswordToken token = (UsernamePasswordToken) authcToken;                     String username = token.getUsername();          if (username != null && !"".equals(username)) {              return new SimpleAuthenticationInfo("xs", "123", getName());          }        return null;    }}

/** * 登录页 */@RequestMapping("login")public String login() throws Exception {    return "login";} /** * 登录验证 */@RequestMapping("auth")public String auth(String loginName, String loginPwd) throws Exception {         SecurityUtils.getSecurityManager().logout(SecurityUtils.getSubject());         if(!"xs".equals(loginName) || !"123".equals(loginPwd)) {        return "redirect:/hello/login";    }         UsernamePasswordToken token = new UsernamePasswordToken(loginName, loginPwd);    Subject subject = SecurityUtils.getSubject();      subject.login(token);         return "redirect:/hello/mysql";}

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>    <head>        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">        <title>Insert title here</title>        <%            /* 当前基础url地址 */            String path = request.getContextPath();            request.setAttribute("path", path);        %>    </head>    <body>        <form action="${path}/hello/auth" method="post">            登录名称：<input type="text"  name="loginName" value="http://www.mamicode.com/${userInfo.loginName}" />            登录密码：<input type="text"  name="loginPwd" value="http://www.mamicode.com/${userInfo.loginPwd}" />            <input type="submit"  class="btn btn-default btn-xs" value="http://www.mamicode.com/保存" />        </form>    </body></html>