shiro:的配置
1.导包:shiro.All 1.2.3
2.配置过滤器:在web.xml中 ,注意这段过滤器要写在struts2的过滤器前面。
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3. <!-- 在applicationContext.xml中告诉spring生成shiro代理子类时,采用cglib方式生成 -->
<aop:aspectj-autoproxy proxy-target-class="true" />
4.写shiro的配置文件:applicationContext-shiro
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<!-- 配置Spring整合shiro -->
<!-- 密码比较器类 -->
<bean id="passwordMatcher" class="cn.itcast.web.action.shiro.PasswordMatcher" />
<!-- 编写realm类 -->
<bean id="authRealm" class="cn.itcast.web.action.shiro.AuthRealm">
<!-- 注入密码比较器对象 -->
<property name="credentialsMatcher" ref="passwordMatcher" />
</bean>
<!-- 配置安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 自己编写一个realm域对象 -->
<property name="realm" ref="authRealm" />
</bean>
<!-- Spring框架需要整合shiro安全框架 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 注入安全管理器 -->
<property name="securityManager" ref="securityManager" />
<!-- 登录页面 -->
<property name="loginUrl" value="/index.jsp" />
<!-- 认证成功了,跳转的页面 <property name="successUrl" value=""/> -->
<!-- 没有权限的跳转页面 -->
<property name="unauthorizedUrl" value="/index2.jsp" />
<!-- 定义访问的规则 -->
<property name="filterChainDefinitions">
<!-- /**代表下面的多级目录也过滤 注意:下面的过滤一定要遵循从小到大原则 ,并且不要写标点符号在后方,每条数据单独写一行,不要换行,尽量不要使用自动调整格式,会造成格式错误。
anon, authc :权限拦截器 ,anon:代表可以访问的路径,authc :代表不可以访问的路径。
-->
<value>
/index.jsp* = anon
/home* = anon
/sysadmin/login/login.jsp* = anon
/sysadmin/login/loginAction_logout* = anon
/login* = anon
/logout* = anon
/components/** = anon
/css/** = anon
/img/** = anon
/js/** = anon
/plugins/** = anon
/images/** = anon
/js/** = anon
/make/** = anon
/skin/** = anon
/stat/** = anon
/ufiles/** = anon
/validator/** = anon
/resource/** = anon
/** = authc
/*.* = authc
</value>
</property>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- 生成代理,通过代理进行控制 -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<!-- 安全管理器 -->
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
</beans>
5. 在applicationContext.xml 中加载shiro文件
<import resource="classpath:applicationContext-shiro.xml"/>
----------------------------------------------------------------------------------
二 shiro的使用方法流程。
1.shiro执行流程图解:
2.shiro登录的过程图解:
