Shiro集成 Spring (一)

(1)建立web工程，命名为shiro3;

(2)找到spring包，都须要, 这里是spring 4.0 版本的包；

    引入shiro，日志包：log4j-1.2.15.jar; shiro-all-1.3.2.jar;  slf4j-api-1.6.1.jar; slf4j.log4j12-1.6.1.jar;

    引入ehcache: ehcache-core-2.4.3.jar

将以上的包加入到lib文件下。

(3) 配置web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
  <display-name>Shiro-3</display-name>
  
   <!--配置spring-->
  <context-param>
  	<param-name>contextConfigLocation</param-name>
 	<param-value>classpath:applicationContext.xml</param-value>
  </context-param>
  
  <listener>
 	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>
 
 <!--配置springMVC-->
 <servlet>
 	<servlet-name>spring</servlet-name>
 	<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 	<load-on-startup>1</load-on-startup>
 </servlet>
 
 <servlet-mapping>
 	<servlet-name>spring</servlet-name>
 	<url-pattern>/</url-pattern>
 </servlet-mapping>
 
 <!-- 1.配置shiro的shiroFilter。
 2.DelegatingFilterProxy其实是Filter的一个代理对象，
	 默认状况下，spring会到IOC容器中查找和<filter-name>对应的filter bean，
	 也能够经过targetBeanName 的初始化参数来配置filter bean 的id -->
 <filter>
 	<filter-name>shiroFilter</filter-name>
 	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 
 <filter-mapping>
 	<filter-name>shiroFilter</filter-name>
 	<url-pattern>/*</url-pattern>
 </filter-mapping>
 
  
</web-app>

(4)载WEB-INF目录下配置spring MVC： spring-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">

<context:component-scan base-package="com.atguigu.shiro"></context:component-scan>

<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/"></property>
<property name="suffix" value=".jsp"></property>
</bean>

<mvc:annotation-driven></mvc:annotation-driven>
<mvc:default-servlet-handler/>

</beans>

(5)在src目录下配置application.xml

<!--  1.配置securityManager!
         1.1) cacheManager: 缓存管理器
         1.2)sessionMode:session的管理方式，暂时无论，能够删除
         1.3) -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="cacheManager" ref="cacheManager"/>
<!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
 <!--    <property name="sessionMode" value="native"/>   -->
    <property name="realm" ref="jdbcRealm"/>
</bean>

<!-- 2.配置cacheManager,实际上能够使用企业的一些或缓存产品来实现更好的性能
2.1 须要加入ehcahe的jar包及配置文件
-->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property  name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
</bean>

<!-- Used by the SecurityManager to access security data (users, roles, etc).
Many other realm implementations can be used too (PropertiesRealm,
LdapRealm, etc. -->
<!-- 3.配置Real,如今本身写
   3.1 直接配置实现了org.apache.shiro.realm.Realm接口的bean -->
<bean id="jdbcRealm" class="com.atguigu.shiro.realms.ShiroRealm">
</bean>

<!-- =========================================================
Shiro Spring-specific integration
========================================================= -->
<!-- Post processor that automatically invokes init() and destroy() methods
for Spring-configured Shiro objects so you don't have to
1) specify an init-method and destroy-method attributes for every bean
definition and
2) even know which Shiro objects require these methods to be
called. -->
<!--  
  4.配置LifecycleBeanPostProcessor, 能够自动的来调用配置在spring IOC容器中shiro bean 的生命周期方法。
-->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!-- Enable Shiro Annotations for Spring-configured beans.  Only run after
the lifecycleBeanProcessor has run: -->
<!--
 5.启用IOC容器中使用shiro的注解，但必须在配置了LifecycleBeanPostProcessor 以后才能够使用。
 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>

<!-- 远程调用，暂时不须要-->
<!-- Secure Spring remoting:  Ensure any Spring Remoting method invocations can be associated
with a Subject for security checks. -->
<bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
<property name="securityManager" ref="securityManager"/>
</bean>

<!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml -
web.xml uses the DelegatingFilterProxy to access this bean.  This allows us
to wire things with more control as well utilize nice Spring things such as
PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: -->
<!-- 
  6. 配置shiroFilter.
  6.1  id必须和web.xml 文件中配置的DelegatingFilterProxy的<filter-name>一致。
  6.2  
 -->

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/login.jsp"/>
    <property name="successUrl" value="/list.jsp"/>
    <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
<!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean
defined will be automatically acquired and available via its beanName in chain
definitions, but you can perform overrides or parent/child consolidated configuration
here if you like: -->
<!-- <property name="filters">
<util:map>
<entry key="aName" value-ref="someFilterPojo"/>
</util:map>
</property> -->

<!-- 
配置哪些页面须要受保护。
以及访问这些页面须要的权限。
1)ano 能够被匿名访问
2)Authc 必须认证（即登陆后）才能够访问的页面。
-->
     <property name="filterChainDefinitions">
     <value>
       
       /login.jsp = anon
      /** = authc
    </value>
  </property>
</bean>

因为没有对数据库进行操做，故没有配置数据源：DataSource的bean

(7)在src目录下引入ehcahe.xml

这里参考：hibernate-release-4.2.4.Final ->project -> etc下的ehcache.xml配置。

(8) 在com.atguigu.shiro.realms包下建立实现了org.apache.shiro.realm.Realm接口的ShiroRealm类；

因为只是简单的搭建shiro的架子，故没有在ShiroRealm类中对方法的具体实现。

(9)在webroot目录下建立jsp页面：

login.jsp;   list.jsp;

结果分析： login.jsp能够匿名访问，而对于list.jsp来讲要先到login.jsp没有结果认证以后才能访问到list.jsp