Shiro集成 Spring (一)

時間 2019-11-17

標籤 shiro 集成 spring 欄目 Spring 简体版

原文原文鏈接

(1)建立web工程，命名爲shiro3;java

(2)找到spring包，都須要, 這裏是spring 4.0 版本的包；web

引入shiro，日誌包：log4j-1.2.15.jar; shiro-all-1.3.2.jar; slf4j-api-1.6.1.jar; slf4j.log4j12-1.6.1.jar;spring

引入ehcache: ehcache-core-2.4.3.jar數據庫

將以上的包加入到lib文件下。apache

(3) 配置web.xmlapi

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
  <display-name>Shiro-3</display-name>
  
   <!--配置spring-->
  <context-param>
  	<param-name>contextConfigLocation</param-name>
 	<param-value>classpath:applicationContext.xml</param-value>
  </context-param>
  
  <listener>
 	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>
 
 <!--配置springMVC-->
 <servlet>
 	<servlet-name>spring</servlet-name>
 	<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
 	<load-on-startup>1</load-on-startup>
 </servlet>
 
 <servlet-mapping>
 	<servlet-name>spring</servlet-name>
 	<url-pattern>/</url-pattern>
 </servlet-mapping>
 
 <!-- 1.配置shiro的shiroFilter。
 2.DelegatingFilterProxy其實是Filter的一個代理對象，
	 默認狀況下，spring會到IOC容器中查找和<filter-name>對應的filter bean，
	 也能夠經過targetBeanName 的初始化參數來配置filter bean 的id -->
 <filter>
 	<filter-name>shiroFilter</filter-name>
 	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 
 <filter-mapping>
 	<filter-name>shiroFilter</filter-name>
 	<url-pattern>/*</url-pattern>
 </filter-mapping>
 
  
</web-app>

(4)載WEB-INF目錄下配置spring MVC： spring-servlet.xmlspring-mvc

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">

<context:component-scan base-package="com.atguigu.shiro"></context:component-scan>

<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/"></property>
<property name="suffix" value=".jsp"></property>
</bean>

<mvc:annotation-driven></mvc:annotation-driven>
<mvc:default-servlet-handler/>

</beans>

(5)在src目錄下配置application.xml緩存

<!--  1.配置securityManager!
         1.1) cacheManager: 緩存管理器
         1.2)sessionMode:session的管理方式，暫時無論，能夠刪除
         1.3) -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="cacheManager" ref="cacheManager"/>
<!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
 <!--    <property name="sessionMode" value="native"/>   -->
    <property name="realm" ref="jdbcRealm"/>
</bean>

<!-- 2.配置cacheManager,實際上能夠使用企業的一些或緩存產品來實現更好的性能
2.1 須要加入ehcahe的jar包及配置文件
-->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property  name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
</bean>

<!-- Used by the SecurityManager to access security data (users, roles, etc).
Many other realm implementations can be used too (PropertiesRealm,
LdapRealm, etc. -->
<!-- 3.配置Real,如今本身寫
   3.1 直接配置實現了org.apache.shiro.realm.Realm接口的bean -->
<bean id="jdbcRealm" class="com.atguigu.shiro.realms.ShiroRealm">
</bean>

<!-- =========================================================
Shiro Spring-specific integration
========================================================= -->
<!-- Post processor that automatically invokes init() and destroy() methods
for Spring-configured Shiro objects so you don't have to
1) specify an init-method and destroy-method attributes for every bean
definition and
2) even know which Shiro objects require these methods to be
called. -->
<!--  
  4.配置LifecycleBeanPostProcessor, 能夠自動的來調用配置在spring IOC容器中shiro bean 的生命週期方法。
-->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!-- Enable Shiro Annotations for Spring-configured beans.  Only run after
the lifecycleBeanProcessor has run: -->
<!--
 5.啓用IOC容器中使用shiro的註解，但必須在配置了LifecycleBeanPostProcessor 以後才能夠使用。
 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>

<!-- 遠程調用，暫時不須要-->
<!-- Secure Spring remoting:  Ensure any Spring Remoting method invocations can be associated
with a Subject for security checks. -->
<bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
<property name="securityManager" ref="securityManager"/>
</bean>

<!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml -
web.xml uses the DelegatingFilterProxy to access this bean.  This allows us
to wire things with more control as well utilize nice Spring things such as
PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: -->
<!-- 
  6. 配置shiroFilter.
  6.1  id必須和web.xml 文件中配置的DelegatingFilterProxy的<filter-name>一致。
  6.2  
 -->

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/login.jsp"/>
    <property name="successUrl" value="/list.jsp"/>
    <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
<!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean
defined will be automatically acquired and available via its beanName in chain
definitions, but you can perform overrides or parent/child consolidated configuration
here if you like: -->
<!-- <property name="filters">
<util:map>
<entry key="aName" value-ref="someFilterPojo"/>
</util:map>
</property> -->

<!-- 
配置哪些頁面須要受保護。
以及訪問這些頁面須要的權限。
1)ano 能夠被匿名訪問
2)Authc 必須認證（即登陸後）才能夠訪問的頁面。
-->
     <property name="filterChainDefinitions">
     <value>
       
       /login.jsp = anon
      /** = authc
    </value>
  </property>
</bean>

因爲沒有對數據庫進行操做，故沒有配置數據源：DataSource的beansession

(7)在src目錄下引入ehcahe.xmlmvc

這裏參考：hibernate-release-4.2.4.Final ->project -> etc下的ehcache.xml配置。

(8) 在com.atguigu.shiro.realms包下建立實現了org.apache.shiro.realm.Realm接口的ShiroRealm類；

因爲只是簡單的搭建shiro的架子，故沒有在ShiroRealm類中對方法的具體實現。

(9)在webroot目錄下建立jsp頁面：

結果分析： login.jsp能夠匿名訪問，而對於list.jsp來講要先到login.jsp沒有結果認證以後才能訪問到list.jsp