我正在开发基于spring webmvc和apache shiro的Web应用程序。
我创建了扩展AuthorizingRealm的JpaRealm类,它由Spring上下文实例化,以便注入依赖(UserService)。
我不需要shiro.ini文件,因为所有配置都被spring-context.xml覆盖。
如果我删除它,默认侦听器会重写,因为默认的IniWebEnvironment总是尝试加载shiro.ini。
我想问一下加载自定义环境的自定义监听器是否扩展了DefaultWebEnvironment。
我从互联网上复制了某人的代码,但我失败了。
public class JpaRealm extends AuthorizingRealm {
private static final Logger logger = LoggerFactory.getLogger(JpaRealm.class);
@Autowired
private UserService userService;
public JpaRealm() {
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
setCredentialsMatcher(credentialsMatcher);
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
SimpleAuthenticationInfo info = null;
UsernamePasswordToken userPassToken = (UsernamePasswordToken) token;
String username = userPassToken.getUsername();
if (username != null && !username.equals("")) {
User user = userService.findByUsername(username);
logger.debug("doGetAuthenticationInfo invoked");
logger.debug("username: " + username);
info = new SimpleAuthenticationInfo(username, user.getPassword(), getName());
}
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
AuthorizationInfo authorizationInfo = null;
if (principals != null) {
logger.debug("doGetAuthorizationInfo invoked");
String username = (String) getAvailablePrincipal(principals);
return userService.getAuthorizationInfoByUser(username);
}
return authorizationInfo;
}
}
安全context.xml中
<bean id="jpaRealm" class="foo.bar.JpaRealm" />
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="jpaRealm" />
</bean>
<bean id="verboseFormAuthenticationFilter"
class="foo.bar.VerboseFormAuthenticationFilter">
<property name="loginUrl" value="/login.jsp" />
<property name="successUrl" value="/" />
<property name="usernameParam" value="username" />
<property name="passwordParam" value="password" />
<property name="rememberMeParam" value="rememberMe" />
<property name="failureKeyAttribute" value="yamShiroLoginFailure" />
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="unauthorizedUrl" value="/unauthorized.jsp" />
<property name="filters">
<map>
<entry key="authc" value-ref="verboseFormAuthenticationFilter" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
/**=authc
</value>
</property>
</bean>
答案 0 :(得分:0)
我从手册中找到了答案,而且效果很好。
shiroEnvironmentClass可以替换为context-param,如下所示:
的web.xml
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<!-- IniWebEnvironment is not requied because shiro.ini is not necessary. -->
<context-param>
<param-name>shiroEnvironmentClass</param-name>
<param-value>org.apache.shiro.web.env.DefaultWebEnvironment</param-value>
</context-param>