ShiroConfig V2.0
Posted cwshuo
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ShiroConfig V2.0相关的知识,希望对你有一定的参考价值。
package com.aaa.shiro;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
-
Created by cws
*/
@Configuration
public class ShiroConfig{@Bean(name = "sessionManager")
public SessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
//设置session过期时间为1小时(单位:毫秒),默认为30分钟
sessionManager.setGlobalSessionTimeout(60 * 60 * 1000);
sessionManager.setSessionValidationSchedulerEnabled(true);return sessionManager;}
/**
-
@param shiroRealm
-
@param sessionManager 授权和认证整合会话管理
-
@return
*/
@Bean(name = "securityManager")
public SecurityManager securityManager(ShiroRealm shiroRealm, SessionManager sessionManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(shiroRealm);
securityManager.setSessionManager(sessionManager);return securityManager;
}
/**
-
shiroFilterFactorybean
-
shiro的安全过滤器,过滤所有的请求,对请求分类拦截
*/
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
//修改登录页面,所有的未认证的请求都去登录
shiroFilter.setLoginUrl("/auth.html");
//设置没有权限的跳转页面
shiroFilter.setUnauthorizedUrl("/404.html");Map<String, String> filterMap = new LinkedHashMap<>();
/**
- 认证过滤器的分类
- anon:无需认证
- authc:必须认证才能到达
- user:使用rememberme的时候才用
- perms:访问的资源需要某个权限才能到达
- roles:访问的资源需要某个角色才能到达
*/
filterMap.put("/api/", "anon");
filterMap.put("/assets/", "anon");
filterMap.put("/fonts/", "anon");
filterMap.put("/maps/", "anon");
filterMap.put("/scripts/", "anon");
filterMap.put("/styles/", "anon");
filterMap.put("/auth.html", "anon");
filterMap.put("/reg.html", "anon");
filterMap.put("/index.html", "anon");
filterMap.put("/**", "authc");
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}@Bean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();
proxyCreator.setProxyTargetClass(true);
return proxyCreator;
}@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
} -
}
以上是关于ShiroConfig V2.0的主要内容,如果未能解决你的问题,请参考以下文章