shiro 新手學習(1)

1.配置shiro的pom依賴

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-quartz</artifactId>
    <version>1.2.4</version>
</dependency>

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.2.4</version>
    <exclusions>
        <exclusion>
            <artifactId>slf4j-api</artifactId>
            <groupId>org.slf4j</groupId>
        </exclusion>
    </exclusions>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-web</artifactId>
    <version>1.2.4</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.2.4</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-ehcache</artifactId>
    <version>1.2.4</version>
</dependency>

2.在web.xml中添加shiro的配置文件

<context-param> 
    <param-name>shiroEnvironmentClass</param-name> 
    <param-value>org.apache.shiro.web.env.IniWebEnvironment</param-value> 
</context-param> 
<context-param> 
    <param-name>shiroConfigLocations</param-name> 
    <param-value>classpath:shiro.ini</param-value>
</context-param> 
<listener> 
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> 
</listener> 
<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param> 
        <param-name>targetFilterLifecycle</param-name> 
        <param-value>true</param-value>
    </init-param> 
</filter>
<filter-mapping> 
    <filter-name>ShiroFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

3.在系統配置文件中添加shiro的配置文件，文件名爲shiro.ini,spring-shiro.xml,  分別配置shiro的基本配置和對與spring的依賴。

 

spring-shiro.xml主要是爲了解決在自定的authrealm中注入service或者dao層接口，核心配置以下：

<bean id="ShiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 
    <!-- 注入安全管理器 --> 
    <property name="securityManager" ref="securityManager"></property> 
</bean> 
<bean id="sessionManager" class="org.apache.shiro.session.mgt.DefaultSessionManager"> </bean> 
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 
    <!-- 注入realm --> 
    <property name="realm" ref="myAuthorizingRealm"></property> 
</bean> 
<bean id="myAuthorizingRealm" class="com.xxx.xxxx.ext.shiro.config.MyAuthorizingRealm"></bean> 
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> 
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
    <!-- 指定強制使用cglib爲action建立代理對象 --> 
    <property name="proxyTargetClass" value="true"></property> 
</bean>

4.重構com.xxx.xxxx.ext.shiro.config.MyAuthorizingRealm中的2個方法，此時注入的service或者dao就可使用了。realm的實現原理是利用filter，可是filter的加載級別優先於spring bean的級別，全部須要spring-shiro.xml