版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_34873338/article/details/79483977
最近开始学习Shiro,记录一下Shiro整合SSM的步骤,期间也碰到许多小问题,和大家分享一下。
开发工具:IDEA
Demo框架:Spring+SpringMVC+Mybatis+Maven
1.添加Shiro相关jar包,Demo是使用Maven管理,在pom.xml添加以下配置。
<properties>
<shiro.version>1.3.2</shiro.version>
</properties>
<dependencies>
<!--Shiro-->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
</dependency>
</dependencies>2.在web.xml添加Shiro过滤器,需要注意filter-name必须和之后applicationContext中配置保持一致!!!
<!--Shiro过滤器-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>3.在Spring配置文件中添加Shiro相关配置
<!--Shiro配置-->
<!--
1.配置SecurityManager
-->
<bean class="org.apache.shiro.web.mgt.DefaultWebSecurityManager" id="securityManager">
<property name="authenticator" ref="authenticator"/>
<property name="realms">
<list>
<ref bean="md5Realm" />
<ref bean="sha1Realm" />
</list>
</property>
</bean>
<!--
2.配置realm
2.1) 使用实现了org.apache.shiro.realm.Realm接口的realm
-->
<bean class="org.apache.shiro.authc.pam.ModularRealmAuthenticator" id="authenticator">
<property name="realms">
<list>
<ref bean="md5Realm" />
<ref bean="sha1Realm" />
</list>
</property>
</bean>
<bean class="com.dream.shiro.MD5Realm" id="md5Realm">
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="MD5"/>
<property name="hashIterations" value="1024"/>
</bean>
</property>
</bean>
<bean class="com.dream.shiro.SHA1Realm" id="sha1Realm">
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA1"/>
<property name="hashIterations" value="1024"/>
</bean>
</property>
</bean>
<!--
3.配置shiro过滤器
3.1) id必须和web.xml中配置的shiroFilter filterName一致.
-->
<bean class="org.apache.shiro.spring.web.ShiroFilterFactoryBean" id="shiroFilter">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.jsp"/>
<property name="successUrl" value="/index.jsp"/>
<property name="unauthorizedUrl" value="/error.jsp"/>
<!--
配置需要受保护的页面
以及访问这些页面需要的权限
1) anon可以匿名访问的页面
2) authc 必须认证(登录)后才可以访问的页面
-->
<property name="filterChainDefinitions">
<value>
<!--加载静态资源-->
/asset/** = anon
/login.jsp = anon
/login = anon
/logout = logout
<!--除以上配置外,其他请求全部必须认证-->
/** = authc
</value>
</property>
</bean>3.在Spring IOC容器中开启Shiro注解,注解一般在Controller中,所以我们要在SpringMVC的配置文件中添加开启注解的配置。
<!--Shiro配置-->
<!--
1.配置lifecycleBeanPostProcessor,可以在Spring IOC容器中调用shiro的生命周期方法.
-->
<bean class="org.apache.shiro.spring.LifecycleBeanPostProcessor" id="lifecycleBeanPostProcessor" />
<!--
2.启用Spring IOC容器Shiro注解,但必须配置了lifecycleBeanPostProcessor后才可以使用
-->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" />
<!--
3.开启Spring AOC Shiro注解支持
-->
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>至此,启动Tomcat没有报错就整合完成啦。