shiro 安全管理框架配置

时间:2024-12-23 14:06:50

step1  web.xml

<!-- Shiro filter start -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
   <!-- Shiro filter end -->

step2  spring-mvc.xml

设置访问的静态资源(资源目录根据自己的项目需要配置)

	<!-- 对静态资源文件的访问 restful -->
<mvc:resources mapping="/admin/**" location="/,/admin/" />
<mvc:resources mapping="/static/**" location="/,/static/" />
<mvc:resources mapping="/plugins/**" location="/,/plugins/" />
<mvc:resources mapping="/uploadFiles/**" location="/,/uploadFiles/" />
<mvc:resources mapping="/swagger/**" location="/,/swagger/" />
  <mvc:resources mapping="/swagger-ui.html" location="classpath:/META-INF/resources/"/>
  <mvc:resources mapping="/webjars/**" location="classpath:/META-INF/resources/webjars/"/>

  

shiro 自定义的realm

public class ShiroRealm extends AuthorizingRealm {

	/*
* 登录信息和用户验证信息验证(non-Javadoc)
* @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String username = (String)token.getPrincipal(); //得到用户名
String password = new String((char[])token.getCredentials()); //得到密码 if(null != username && null != password){
return new SimpleAuthenticationInfo(username, password, getName());
}else{
return null;
} } /*
* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用,负责在应用程序中决定用户的访问控制的方法(non-Javadoc)
* @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) { System.out.println("========2"); return null;
} }

  

step3 applicationContext.xml 需要拦截的请求路径权限,anon 匿名权限 authc 需要认证权限  认证权限根据的是项目自定义的realm来实现

<!-- ================ Shiro start ================ -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="ShiroRealm" />
</bean> <!-- 項目自定义的Realm -->
<bean id="ShiroRealm" class="com.fh.interceptor.shiro.ShiroRealm"></bean> <!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/" /> <property name="successUrl" value="/main/index" /> <property name="unauthorizedUrl" value="/login_toLogin" /> <property name="filterChainDefinitions">
<value>
/static/login/** = anon
/static/js/myjs/** = authc
/static/js/** = anon
/code.do = anon
/login_login = anon
/app**/** = anon
/weixin/** = anon
/swagger/** = anon
/api/** = anon
/api-docs = anon
/swagger-ui.html = anon
/webjars/** = anon
/swagger-resources/** = anon
/v2/** = anon
/** = authc
</value>
</property>
</bean>
<!-- ================ Shiro end ================ -->