Shiro与Spring整合

Posted zhiboluo

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Shiro与Spring整合相关的知识,希望对你有一定的参考价值。

Shiro引入Spring

       添加jar包/maven配置

<!-- shiro支持 -->

       <dependency>

           <groupId>org.apache.shiro</groupId>

           <artifactId>shiro-core</artifactId>

           <version>1.2.4</version>

       </dependency>

       <dependency>

           <groupId>org.apache.shiro</groupId>

           <artifactId>shiro-web</artifactId>

           <version>1.2.4</version>

       </dependency>

       <dependency>

           <groupId>org.apache.shiro</groupId>

           <artifactId>shiro-spring</artifactId>

           <version>1.2.4</version>

       </dependency>

       <!-- 缓存 注解 -->

       <dependency>

           <groupId>org.apache.shiro</groupId>

           <artifactId>shiro-aspectj</artifactId>

           <version>1.2.4</version>

       </dependency>

       <dependency>

           <groupId>org.apache.shiro</groupId>

           <artifactId>shiro-ehcache</artifactId>

           <version>1.2.4</version>

        </dependency>

 

 

添加spring-shiro.xml配置文件

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"

    xmlns:context="http://www.springframework.org/schema/context"

    xmlns:aop="http://www.springframework.org/schema/aop"

    xmlns:tx="http://www.springframework.org/schema/tx"

    xsi:schemaLocation="http://www.springframework.org/schema/beans

        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

        http://www.springframework.org/schema/context

        http://www.springframework.org/schema/context/spring-context-3.0.xsd

        http://www.springframework.org/schema/aop

        http://www.springframework.org/schema/aop/spring-aop-3.0.xsd

        http://www.springframework.org/schema/tx

        http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">

       

    <context:annotation-config />

    <!-- 自定义Realm -->

    <bean id="myRealm" class="shiro03.realm.MyRealm"/>

   

    <!-- 安全管理器 -->

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"

      <property name="realm" ref="myRealm"/> 

    </bean>

   

    <!-- 配置任何角色 -->

    <bean id="anyofroles" class="shiro03.realm.AnyOfRolesAuthorizationFilter"/>

   

    <!-- Shiro过滤器 -->

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"

        <!-- Shiro的核心安全接口,这个属性是必须的 --> 

        <property name="securityManager" ref="securityManager"/>

        <!-- 身份认证失败,则跳转到登录页面的配置 --> 

        <property name="loginUrl" value="/index.jsp"/>

        <!-- 权限认证失败,则跳转到指定页面 --> 

        <property name="unauthorizedUrl" value="/unauthorized.jsp"/>

        <!-- <property name="anyofroles" ref="anyofroles"/> -->

        <!-- Shiro连接约束配置,即过滤链的定义 --> 

        <property name="filterChainDefinitions"

            <value> 

                 /login=anon

              /admin*=authc

              /student=anyofroles["admin,teacher"]

              /teacher=roles[admin]

            </value> 

        </property>

    </bean>

   

    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> 

    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> 

   

    <!-- 开启Shiro注解 -->

    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> 

        <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"

      <property name="securityManager" ref="securityManager"/> 

    </bean>

</beans>

 

 

自定义Realm类MyRealm.java

 

public class MyRealm extends AuthorizingRealm{

    @Resource

    private UserService userService;

    /**

     * 为当限前登录的用户授予角色和权

     */

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

       String userName=(String)principals.getPrimaryPrincipal();

       SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();

       authorizationInfo.setRoles(userService.getRoles(userName));

       authorizationInfo.setStringPermissions(userService.getPermissions(userName));

       return authorizationInfo;

    }

    /**

     * 验证当前登录的用户

     */

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

       String userName=(String)token.getPrincipal();

           User user=userService.getByUserName(userName);

           if(user!=null){

              AuthenticationInfo authcInfo=new SimpleAuthenticationInfo(user.getUserName(),user.getPassword(),"xx");

              return authcInfo;

           }else{

              return null;            

           }

    }

}

 

 

自定义角色过滤器AnyOfRolesAuthorizationFilter.java

       当一个角色有多个功能模块页面的权限时,会出现权限失效问题,无法配置,需要自己定义角色过滤器。

public class AnyOfRolesAuthorizationFilter extends RolesAuthorizationFilter{

    @Override

    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)

           throws IOException {

       Subject subject = getSubject(request, response);

        String[] rolesArray = (String[]) mappedValue;

        if (rolesArray == null || rolesArray.length == 0) {

            return true;

        }

        for (String roleName : rolesArray) {

            if (subject.hasRole(roleName)) {

                return true;

            }

        }

       return false;

    }

}  

 

      

以上是关于Shiro与Spring整合的主要内容,如果未能解决你的问题,请参考以下文章

Shiro与Spring整合

Shiro安全框架 的使用 & Spring 整合 Shiro [2]

shiro权限框架与spring框架轻松整合

007-shiro与spring web项目整合基础搭建

spring boot 与 shiro的简单整合使用

Apache shiro的简单介绍与使用(与spring整合使用)