Shiro配置

时间:2013-07-13 15:11:50

标签: spring-mvc spring-data-jpa shiro

我正在尝试使用shiro如何仅为管理员创建登录的教程。在做shiro配置的时候我堆积了。我只有两个页面:管理员页面和管理员的主要登录页面。

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns="http://java.sun.com/xml/ns/j2ee"
             xmlns:web="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             version="2.4">
        <display-name>LoginTutorial</display-name>
        <filter>
            <filter-name>shiroFilter</filter-name>
            <filter-class>org.apache.shiro.web.servlet.iniShiroFilter</filter-class>
            <init-param>
                <param-name>config</param-name>
                <param-value>
                    [main]
                    realm = 
                    securityManager.realm = $realm
                    authc.loginUrl = /loginpage.jsp 

                    [user]
                    Admin = password,ROLE_ADMIN

                    [roles]
                    ROLE_ADMIN = *

                    [url]
                    <!--/account/** =authc-->
                    /adminpage = roles[ROLE_ADMIN]
                </param-value>
            </init-param>
        </filter>

        <filter-mapping>
            <filter-name>ShiroFilter</filter-name>
            <url-pattern>/</url-pattern>
        </filter-mapping>
        ...
</web-app>

1 个答案:

答案 0 :(得分:4)

您使用的是Spring框架吗? 通常,您应该在Web.xml中定义Shiro过滤器并在applicationContext.xml中初始化Shiro组件(作为bean)。

您可以执行以下操作:

<强> Web.xml中

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns="http://java.sun.com/xml/ns/j2ee"
             xmlns:web="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             version="2.4">
   <display-name>LoginTutorial</display-name>
<!-- Shiro filter-->
    <filter>
        <filter-name>ShiroFilter</filter-name>

        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>ShiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
...

<强>的applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:couchdb="http://www.ektorp.org/schema/couchdb"
       xsi:schemaLocation="
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.0.xsd
                        http://www.ektorp.org/schema/couchdb
                        http://www.ektorp.org/schema/couchdb/couchdb.xsd
                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">

  <!-- Scans within the base package of the application for @Components to configure as beans -->
  <!-- Apache Shiro customized classes are defined in the package com.6.0.shiro -->

    <context:component-scan base-package="com.6.0.shiro" />
...

  <!-- Shiro filter -->
    <bean id="ShiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="filters">
            <util:map>
                <entry key="myAuthcBasic">
                    <bean class="org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter"/>
                </entry>
            </util:map>
        </property>
        <property name="filterChainDefinitions">
            <value> 
                  /safe/** = myAuthcBasic
            </value>
        </property>
    </bean>
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
        <property name="realm" ref="StaticRealm"/>
        <property name="cacheManager" ref="cacheManager"/>
        <!-- By default the servlet container sessions will be used.  Uncomment this line
        to use shiro's native sessions (see the JavaDoc for more): -->
        <!-- <property name="sessionMode" value="native"/> -->
    </bean>
    <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager">
    <!--property name="cacheManager" ref="ehCacheManager" /-->
    </bean>
    <!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
    <!-- StaticRealm: -->
    <bean id="StaticRealm" class="com.6.0.shiro.StaticRealm">
        <property name="credentialsMatcher" ref="credMatcher">
        </property>
    </bean>
    <bean id="credMatcher" class="com.example.shiro.ReverseCredentialsMatcher"/>
    ...