Shiro - 與Spring集成

本文是針對web應用
web.xml:

<filter>
  <filter-name>shiroFilter</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  <init-param>
    <param-name>targetFilterLifecycle</param-name>
    <param-value>true</param-value>
  </init-param>
</filter>
                          
<filter-mapping>
<!-- Make sure any request you want accessible to Shiro is filtered. /* catches all -->
<!-- requests.  Usually this filter mapping is defined first (before all others) to -->
<!-- ensure that Shiro works in subsequent filters in the filter chain:             -->
  <filter-name>shiroFilter</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>INCLUDE</dispatcher>
  <dispatcher>ERROR</dispatcher>
</filter-mapping>

 

參數TargetFilterLifecycle：缺省值爲false，即生命週期由Spring app context管理。設置爲true時由servlet container管理。

配置applicationContext.xml：

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
                                                                                                                                                
    <!-- 配置要跳轉的URL -->
    <property name="loginUrl" value="/login.jsp"/>
    <property name="successUrl" value="/main.jsp"/>
    <property name="unauthorizedUrl" value="/err404.jsp"/>
                                                                                                                                                
    <!-- 配置過濾策略 切記這是FIRST MATCH WINS -->
    <property name="filterChainDefinitions">
        <value>
            /download/** = user
            /images/** = anon
            /admin/** = authc, roles[admin]
            /docs/** = authc, perms[document:read]
            /** = authc
            /logout.html = logout
        </value>
    </property>
</bean>
                                                                                                                                                
<bean id="myRealm" class="king.common.security.MyRealm"></bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realm" ref="myRealm" />
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

 

另外，DefaultSecurityManager繼承RealmSecurityManager。所以，當須要多個realm時能夠使用"realms"property。
ShiroFilterFactoryBean提供了Filters屬性，關於Filters：
This property is optional: this {@code FactoryBean} implementation will discover all beans in the web application context that implement the {@link Filter} interface and automatically add them to this filter map under their bean name.

 

若是須要的話能夠配置一下，如：

<property name="filters">
    <util:map>
        <entry key="myAlias1" value-ref="myFilter1"/>
    </util:map>
</property>

 

filterChainDefinitions這一property的set方法是這樣定義的：

public void setFilterChainDefinitions(String definitions) {
    Ini ini = new Ini();
    ini.load(definitions);
    //did they explicitly state a 'urls' section?  Not necessary, but just in case:
    Ini.Section section = ini.getSection(IniFilterChainResolverFactory.URLS);
    if (CollectionUtils.isEmpty(section)) {
        //no urls section.  Since this _is_ a urls chain definition property, just assume the
        //default section contains only the definitions:
        section = ini.getSection(Ini.DEFAULT_SECTION_NAME);
    }
    setFilterChainDefinitionMap(section);
}

 

因而咱們即可以使用filterChainDefinitionMap這一property。咱們能夠寫一個繼承FactoryBean<Section>的類動態構成一個filterChainDefinitionMap。(Ps:Section是實現Map<String,String>的Ini的靜態內部類。)

另外，若是但願使用註解：

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
                                                                                                
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
</bean>