Shiro - 与Spring集成
本文是针对web应用
web.xml:html
<filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <!-- Make sure any request you want accessible to Shiro is filtered. /* catches all --> <!-- requests. Usually this filter mapping is defined first (before all others) to --> <!-- ensure that Shiro works in subsequent filters in the filter chain: --> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
参数TargetFilterLifecycle:缺省值为false,即生命周期由Spring app context管理。设置为true时由servlet container管理。web
配置applicationContext.xml:spring
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <!-- 配置要跳转的URL --> <property name="loginUrl" value="/login.jsp"/> <property name="successUrl" value="/main.jsp"/> <property name="unauthorizedUrl" value="/err404.jsp"/> <!-- 配置过滤策略 切记这是FIRST MATCH WINS --> <property name="filterChainDefinitions"> <value> /download/** = user /images/** = anon /admin/** = authc, roles[admin] /docs/** = authc, perms[document:read] /** = authc /logout.html = logout </value> </property> </bean> <bean id="myRealm" class="king.common.security.MyRealm"></bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="myRealm" /> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
另外,DefaultSecurityManager继承RealmSecurityManager。所以,当须要多个realm时能够使用"realms"property。
ShiroFilterFactoryBean提供了Filters属性,关于Filters:
This property is optional: this {@code FactoryBean} implementation will discover all beans in the web application context that implement the {@link Filter} interface and automatically add them to this filter map under their bean name.apache
若是须要的话能够配置一下,如:app
<property name="filters"> <util:map> <entry key="myAlias1" value-ref="myFilter1"/> </util:map> </property>
filterChainDefinitions这一property的set方法是这样定义的:jsp
public void setFilterChainDefinitions(String definitions) { Ini ini = new Ini(); ini.load(definitions); //did they explicitly state a 'urls' section? Not necessary, but just in case: Ini.Section section = ini.getSection(IniFilterChainResolverFactory.URLS); if (CollectionUtils.isEmpty(section)) { //no urls section. Since this _is_ a urls chain definition property, just assume the //default section contains only the definitions: section = ini.getSection(Ini.DEFAULT_SECTION_NAME); } setFilterChainDefinitionMap(section); }
因而咱们即可以使用filterChainDefinitionMap这一property。咱们能够写一个继承FactoryBean<Section>的类动态构成一个filterChainDefinitionMap。(Ps:Section是实现Map<String,String>的Ini的静态内部类。)this
另外,若是但愿使用注解:url
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean>
- 1. shiro认证 -Spring与Shiro集成
- 2. Java-Shiro(三):Shiro与Spring MVC集成
- 3. Shiro集成Spring
- 4. Shiro-集成Spring
- 5. spring boot 集成 shiro
- 6. Shiro集成 Spring (一)
- 7. Spring Boot [集成-Shiro]
- 8. shiro和Spring集成
- 9. spring集成shiro Part05
- 10. Shiro简介及与spring集成
- 更多相关文章...
- • Rust 集合与字符串 - RUST 教程
- • MyBatis与Spring的整合实例 - MyBatis教程
- • Spring Cloud 微服务实战(三) - 服务注册与发现
- • ☆技术问答集锦(13)Java Instrument原理
-
每一个你不满意的现在,都有一个你没有努力的曾经。