shiro和spring的整合

(1)新建web工程：如何shiro2

(2)加入jar包：

2.1)spring的jar包：這裏加入所有，能夠視狀況選擇

 

2.2）shiro的jar包：

2.3)ehcahe的jar包：

(3)web.xml的配置

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  <display-name>shiro2</display-name>
  
  <!--配置spring-->
  <context-param>
  	<param-name>contextConfigLocation</param-name>
 	<param-value>classpath:applicationContext.xml</param-value>
  </context-param>
  
  <listener>
 	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>
 
 <!--配置springMVC-->
 <servlet>
 	<servlet-name>spring</servlet-name>
 	<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 	<load-on-startup>1</load-on-startup>
 </servlet>
 
 <servlet-mapping>
 	<servlet-name>spring</servlet-name>
 	<url-pattern>/</url-pattern>
 </servlet-mapping>
 
 <filter>
 	<filter-name>shiroFilter</filter-name>
 	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 	<init-param>
 		<param-name>targetFilterLifecycle</param-name>
 		<param-value>true</param-value>
 	</init-param>
 </filter>
 
 <filter-mapping>
 	<filter-name>shiroFilter</filter-name>
 	<url-pattern>/*</url-pattern>
 </filter-mapping>
 
</web-app>

(4)spring的配置：applictionContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

  <!--  
    Shiro's main business-tier object for web-enabled applications
         (use DefaultSecurityManager instead when there is no web environment)
     
    1. 配置 SecurityManager!  -->
        
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="cacheManager" ref="cacheManager"/>
        <property name="authenticator" ref="authenticator"></property>
        
        <property name="realms">
        	<list>
    			<ref bean="jdbcRealm"/>
    			
    		</list>
        </property>
        
        <property name="rememberMeManager.cookie.maxAge" value="10"></property>
    </bean>

     
    2. 配置 CacheManager. 
    2.1 須要加入 ehcache 的 jar 包及配置文件. --> 
        
    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> 
    </bean>
    
    <bean id="authenticator" 
    	class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">
    	<property name="authenticationStrategy">
    		<bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy"></bean>
    	</property>
    </bean>
    
    <!-- 3. 配置 Realm 
    	 3.1 直接配置實現了 org.apache.shiro.realm.Realm 接口的 bean 
     -->
    <bean id="jdbcRealm" class="com.atguigu.shiro.realms.ShiroRealm">
    	<!-- <property name="credentialsMatcher">
    		<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
    			<property name="hashAlgorithmName" value="MD5"></property>
    			<property name="hashIterations" value="1024"></property>
    		</bean>
    	</property> -->
    </bean>
    
    

    <!-- 4. 配置 LifecycleBeanPostProcessor. 
             能夠自動的來調用配置在 Spring IOC 容器中 shiro bean 的生命週期方法. 
     -->
        
<bean id="lifecycBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>                                                                                                                                                             


   <!--   5. 啓用 IOC 容器中使用 shiro 的註解. 但必須在配置了 LifecycleBeanPostProcessor 以後才能夠使用. 
    -->
        
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
          depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

   <!--  6. 配置 ShiroFilter. 
          6.1 id 必須和 web.xml 文件中配置的 DelegatingFilterProxy 的 <filter-name> 一致.
              若不一致, 則會拋出: NoSuchBeanDefinitionException. 
              由於 Shiro 會來 IOC 容器中查找和 <filter-name> 名字對應的 filter bean.
    -->

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login.jsp"/>
        <property name="successUrl" value="/list.jsp"/>
        <property name="unauthorizedUrl" value="/ .jsp"/>
               
    <!--      
        	配置哪些頁面須要受保護. 
        	以及訪問這些頁面須要的權限. 
        	1) anon 能夠被匿名訪問
        	2) authc 必須認證(即登陸)後纔可能訪問的頁面. 
        	3) logout 登出.
        	4) roles 角色過濾器
        -->
         
        <property name="filterChainDefinitions">
            <value>
                /login.jsp = anon
                
                # everything else requires authentication:
                /** = authc
            </value>
        </property>
       
    </bean>
    
</beans>

 

(5)spring MVC 的配置：這裏爲spring-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
	
	<context:component-scan base-package="com.atguigu.shiro"></context:component-scan>
	
	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix" value="/"></property>
		<property name="suffix" value=".jsp"></property>
	</bean>
	
	<mvc:annotation-driven></mvc:annotation-driven>
	<mvc:default-servlet-handler/>

</beans>

(6)編寫類ShiroRealm繼承Realm接口，在ShiroRealm只是繼承了Real接口的方法，方法的具體實現還未用到，因此就沒寫。

package com.atguigu.shiro.realms;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.realm.Realm;

public class ShiroRealm implements Realm {

	@Override
	public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
		// TODO Auto-generated method stub
		return null;
	}

	@Override
	public String getName() {
		// TODO Auto-generated method stub
		return null;
	}

	@Override
	public boolean supports(AuthenticationToken arg0) {
		// TODO Auto-generated method stub
		return false;
	}

}

(7)最後的項目工程結構：有個紅叉是版本的配置問題，不影響程序的正常運行

(7)運行結果：

不管是user.jsp仍是list.jsp都是要通過受權才能進行訪問，即都要跳轉到login.jsp 頁面進行登入驗證才能經過。

注意：

DelegatingFilterProxy其實是Filter的一個代理對象，
     默認狀況下，spring會到IOC容器中查找和<filter-name>對應的filter bean，
     也能夠經過targetBeanName 的初始化參數來配置filter bean 的id -->