首页 > 代码库 > shiro 安全管理框架配置

shiro 安全管理框架配置

step1  web.xml 

<!-- Shiro filter start -->
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>
			org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
  	<!-- Shiro filter end -->

 

step2  spring-mvc.xml

设置访问的静态资源(资源目录根据自己的项目需要配置)

	<!-- 对静态资源文件的访问 restful -->
	<mvc:resources mapping="/admin/**" location="/,/admin/" />
	<mvc:resources mapping="/static/**" location="/,/static/" />
	<mvc:resources mapping="/plugins/**" location="/,/plugins/" />
	<mvc:resources mapping="/uploadFiles/**" location="/,/uploadFiles/" />
	<mvc:resources mapping="/swagger/**" location="/,/swagger/" />  
      <mvc:resources mapping="/swagger-ui.html" location="classpath:/META-INF/resources/"/>  
      <mvc:resources mapping="/webjars/**" location="classpath:/META-INF/resources/webjars/"/>  

  

 

shiro 自定义的realm

 

public class ShiroRealm extends AuthorizingRealm {

	/*
	 * 登录信息和用户验证信息验证(non-Javadoc)
	 * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

		 String username = (String)token.getPrincipal();  				//得到用户名 
	     String password = new String((char[])token.getCredentials()); 	//得到密码
		
	     if(null != username && null != password){
	    	 return new SimpleAuthenticationInfo(username, password, getName());
	     }else{
	    	 return null;
	     }
	     
	}
	
	/*
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用,负责在应用程序中决定用户的访问控制的方法(non-Javadoc)
	 * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {

		System.out.println("========2");
		
		return null;
	}

}

  

 

step3 applicationContext.xml 需要拦截的请求路径权限,anon 匿名权限 authc 需要认证权限  认证权限根据的是项目自定义的realm来实现

<!-- ================ Shiro start ================ -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="ShiroRealm" />
	</bean>

	<!-- 項目自定义的Realm -->
	<bean id="ShiroRealm" class="com.fh.interceptor.shiro.ShiroRealm"></bean>

	<!-- Shiro Filter -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />

		<property name="loginUrl" value="http://www.mamicode.com/" />

		<property name="successUrl" value="http://www.mamicode.com/main/index" />

		<property name="unauthorizedUrl" value="http://www.mamicode.com/login_toLogin" />

		<property name="filterChainDefinitions">
			<value>
				/static/login/** = anon
				/static/js/myjs/** = authc
				/static/js/** = anon
				/code.do = anon
				/login_login = anon
				/app**/** = anon
				/weixin/** = anon
				/swagger/** = anon
				/api/** = anon
				/api-docs = anon
				/swagger-ui.html  = anon
				/webjars/** = anon
				/swagger-resources/** = anon
				/v2/** = anon
				/** = authc
			</value>
		</property>
	</bean>
	<!-- ================ Shiro end ================ -->

  

shiro 安全管理框架配置