Java-Shiro(三):Shiro與Spring MVC集成

新建Java Daynamic Web項目

導入Spring、SpringMVC依賴包:

導入Spring & Spring MVC包(導入以下全部開發包):java

Spring AOP依賴擴展包:web

配置Spring : 

1)修改web.xml導入「#contextLoaderListener」spring

配置以下:apache

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
    <display-name>shiro-web-01</display-name>
    <!-- 配置Spring的 ContextLoaderListener -->
    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml</param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
</web-app>
View Code

2)在src下添加Spring Bean配置文件applicationContext.xmlspring-mvc

配置Spring MVC

1)在web.xm中導入「#dispatcherservlet」session

配置後web.xml文件內容爲:mvc

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
    <display-name>shiro-web-01</display-name>
    <!-- 配置Spring的 ContextLoaderListener -->
    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml</param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    
    <!-- 配置Spring MVC -->
    <!-- The front controller of this Spring Web application, responsible for handling all application requests -->
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <!-- <init-param> <param-name>contextConfigLocation</param-name> <param-value>location</param-value> </init-param> -->
        <load-on-startup>1</load-on-startup>
    </servlet>

    <!-- Map all requests to the DispatcherServlet for handling -->
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>
View Code

2)在WEB-INF下新建Spring MVC配置文件spring-servlet.xml,並添加spring mvc配置app

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">

    <context:component-scan base-package="com.dx.shiro"></context:component-scan>

    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/"></property>
        <property name="suffix" value=".jsp"></property>
    </bean>

    <mvc:annotation-driven></mvc:annotation-driven>
    <mvc:default-servlet-handler />
</beans>
View Code

配置Shiro環境

1)導入shiro jar包

導入Shiro開發包:jsp

或者經過pom.xml配置:ide

<dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-all</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
            <version>1.7.13</version>
        </dependency>

2)配置web.xml,導入shiroFilter

能夠參考

配置後web.xml內容爲:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
    <display-name>shiro-web-01</display-name>
    <!-- 配置Spring的 ContextLoaderListener -->
    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml</param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- 配置Spring MVC -->
    <!-- The front controller of this Spring Web application, responsible for handling all application requests -->
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <!-- <init-param> <param-name>contextConfigLocation</param-name> <param-value>location</param-value> </init-param> -->
        <load-on-startup>1</load-on-startup>
    </servlet>

    <!-- Map all requests to the DispatcherServlet for handling -->
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <!-- Shiro配置 -->
    <!-- ================================================================== Filters ================================================================== -->
    <!-- Shiro Filter is defined in the spring application context: -->
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>
View Code

3)配置Spring的配置文件中來配置Shiro,即在Src下來的applicationContext.xml中配置shiro

配置後的applicationContext.xml內容以下:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    <!-- 1.配置SecurityManager -->
    <!-- Shiro's main business-tier object for web-enabled applications (use DefaultSecurityManager instead when there is no web environment) -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="cacheManager" ref="cacheManager" />
        <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
        <property name="sessionMode" value="native" />
        <property name="realm" ref="jdbcRealm" />
    </bean>

    <!-- 2.配置CacheManager 2.1.配置ehcache的jar包及ehcache的配置文件 -->
    <!-- Let's use some enterprise caching support for better performance. You can replace this with any enterprise caching framework implementation that you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc -->
    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <!-- <property name="cacheManager" ref="ehCacheManager"/> -->
        <property name="cacheManagerConfigFile" value="classpath:ehcache.xml" />
    </bean>

    <!-- Used by the SecurityManager to access security data (users, roles, etc). Many other realm implementations can be used too (PropertiesRealm, LdapRealm, etc. -->
    <!-- 3.配置Realm -->
    <bean id="jdbcRealm" class="com.dx.shiro.realms.MyRealm">
    </bean>

    <!-- Post processor that automatically invokes init() and destroy() methods for Spring-configured Shiro objects so you don't have to 1) specify an init-method and destroy-method attributes for every bean definition and 2) even know which Shiro objects require these methods to be called. -->
    <!-- 4.配置org.apache.shiro.spring.LifecycleBeanPostProcessor,能夠自動的來調用配置在Spring IOC容器中的 shiro bean的生命週期方法。 -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

    <!-- 5.啓用IOC容器中使用shiro的註解,但必須在配置了DefaultAdvisorAutoProxyCreator以後才能夠使用 -->
    <!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: -->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" />
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />
    </bean>


    <!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml - web.xml uses the DelegatingFilterProxy to access this bean. This allows us to wire things with more control as well utilize nice Spring things such as PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: -->
    <!-- 6.配置shiroFilter 6.1. bean的id必須和web.xml中配置的DelegatingFilterProxy的<filter-name>一致 6.2. anon/authc是過濾器,anon容許匿名訪問,authc須要認證才能夠訪問的頁面。 -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/login.jsp" />
        <property name="successUrl" value="/list.jsp" />
        <property name="unauthorizedUrl" value="/unauthorized.jsp" />
        <!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean defined will be automatically acquired and available via its beanName in chain definitions, but you can perform overrides or parent/child consolidated configuration here if you like: -->
        <!-- <property name="filters"> <util:map> <entry key="aName" value-ref="someFilterPojo"/> </util:map> </property> -->
        <property name="filterChainDefinitions">
            <value> /login.jsp = anon # everything else requires authentication: /** = authc </value>
        </property>
    </bean>
</beans>

3.1)配置ehcache的jar包及ehcache的配置文件

ehcache.xml從hibernate中找:

將其拷貝到src下

ehcache.jar也能夠從hibernate開發包中找到:

將其拷貝到WEB-INF/lib下,導入到項目中。

3.2)添加shiro realm

新建包com.dx.shiro.realms,在包下新建一個MyRealm.java

package com.dx.shiro.realms; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.realm.Realm; public class MyRealm implements Realm { public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException { // TODO Auto-generated method stub
        return null; } public String getName() { // TODO Auto-generated method stub
        return null; } public boolean supports(AuthenticationToken arg0) { // TODO Auto-generated method stub
        return false; } }
View Code

這裏採用咱不實現具體的接口的方式。

3.3)在webcontent下添加頁面

添加頁面login.jsp,list.jsp,unauthorized.jsp

測試

此時訪問網址:

其餘任何頁面都不容許訪問。

相關文章
相關標籤/搜索