1 web.xml配置:shiro filter必须放在其他filter之前
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2.spring-shiro.xml配置
ShiroFilterFactoryBean
securityManager
realm配置
存储位置:即存用户信息、权限关系的地方,如内存、配置文件、数据库等
加密码算法:对称加密(AES\BlowFish),不可逆加密(MD5、SHA)、可逆加密(Hex,base64)
sessionManager配置
cookies
有效期及验证 cachindManager配置
缓存类型:MemoryConstrainedCacheManager、结合ecache等缓存 loginUr:登录url
successUrl:登录成功url
unauthorizedUrl:权限不够提示url
filters:自定义filter[先查阅shiro内置的filter]
filterChainDefinitions:配置url和对应的Filter关系
待加实例...
3.开启shiro注解配置
<!-- 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions) -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>