Shiro教程（六）Shiro整体的配置文件

因为 Shrio  和整体项目结合的话，细节问题还是比较多。我要侧重讲一些地方。下面我先把我整个项目的 Shiro  配置文件先贴出来，如果你需要哪个类的实现方式，你可以针对性的查找，或者问我。

1. <?xml version="1.0" encoding="UTF-8"?>
2. <beans xmlns="http://www.springframework.org/schema/beans"
3. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
4. xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
5. xmlns:context="http://www.springframework.org/schema/context"
6. xsi:schemaLocation="
7. http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
8. http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
9. http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
10. http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
11. http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
12.  
13. <description>== Shiro Components ==</description>
14.  
15. <!-- 会话ID生成器 -->
16. <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
17.  
18. <!-- 会话Cookie模板 -->
19. <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
20. <!--cookie的name，我故意取名叫xxxxbaidu -->
21. <constructor-arg value="v_v-s-baidu"/>
22. <property name="httpOnly" value="true"/>
23. <!--cookie的有效时间 -->
24. <property name="maxAge" value="-1"/>
25. <!-- 配置存储Session Cookie的domain为 一级域名 -->
26. <property name="domain" value=".itboy.net"/>
27. </bean>
28. <!-- custom shiro session listener -->
29. <bean id="customSessionListener" class="com.sojson.core.shiro.listenter.CustomSessionListener">
30. <property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
31. </bean>
32. <!-- 用户信息记住我功能的相关配置 -->
33. <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
34. <constructor-arg value="v_v-re-baidu"/>
35. <property name="httpOnly" value="true"/>
36. <!-- 配置存储rememberMe Cookie的domain为 一级域名 -->
37. <property name="domain" value=".itboy.net"/>
38. <property name="maxAge" value="2592000"/><!-- 30天时间，记住我30天 -->
39. </bean>
40.  
41. <!-- rememberMe管理器 -->
42. <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
43. <!-- rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度（128 256 512 位）-->
44. <property name="cipherKey"
45. value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
46. <property name="cookie" ref="rememberMeCookie"/>
47. </bean>
48.  
49.  
50. <!-- custom shiro session listener -->
51. <bean id="customShiroSessionDAO" class="com.sojson.core.shiro.CustomShiroSessionDAO">
52. <property name="shiroSessionRepository" ref="jedisShiroSessionRepository"/>
53. <property name="sessionIdGenerator" ref="sessionIdGenerator"/>
54. </bean>
55.  
56. <!-- 会话验证调度器 -->
57. <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
58. <property name="interval" value="${session.validate.timespan}"/>
59. <property name="sessionManager" ref="sessionManager"/>
60. </bean>
61. <!-- 安全管理器 -->
62. <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
63. <property name="realm" ref="sampleRealm"/>
64. <property name="sessionManager" ref="sessionManager"/>
65. <property name="rememberMeManager" ref="rememberMeManager"/>
66. <property name="cacheManager" ref="customShiroCacheManager"/>
67. </bean>
68. <!-- 用户缓存 -->
69. <bean id="customShiroCacheManager" class="com.sojson.core.shiro.cache.impl.CustomShiroCacheManager">
70. <property name="shiroCacheManager" ref="jedisShiroCacheManager"/>
71. </bean>
72.  
73. <!-- shiro 缓存实现，对ShiroCacheManager，我是采用redis的实现 -->
74. <bean id="jedisShiroCacheManager" class="com.sojson.core.shiro.cache.impl.JedisShiroCacheManager">
75. <property name="jedisManager" ref="jedisManager"/>
76. </bean>
77. <!-- redis 的缓存 -->
78. <bean id="jedisManager" class="com.sojson.core.shiro.cache.JedisManager">
79. <property name="jedisPool" ref="jedisPool"/>
80. </bean>
81. <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
82. <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
83. <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
84. <property name="arguments" ref="securityManager"/>
85. </bean>
86.  
87.  
88. <!-- 授权 认证 -->
89. <bean id="sampleRealm" class="com.sojson.core.shiro.token.SampleRealm" ></bean>
90.  
91. <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
92.  
93. <property name="sessionValidationInterval" value="1800000"/> <!-- 相隔多久检查一次session的有效性 -->
94. <property name="globalSessionTimeout" value="1800000"/> <!-- session 有效时间为半小时 （毫秒单位）-->
95. <property name="sessionDAO" ref="customShiroSessionDAO"/>
96. <property name="sessionListeners">
97. <list>
98. <ref bean="customSessionListener"/>
99. </list>
100. </property>
101. <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
102. <property name="sessionValidationSchedulerEnabled" value="true"/>
103. <property name="deleteInvalidSessions" value="true"/>
104.  
105. <property name="sessionIdCookie" ref="sessionIdCookie"/>
106. </bean>
107.  
108. <bean id="jedisShiroSessionRepository" class="com.sojson.core.shiro.cache.JedisShiroSessionRepository" >
109. <property name="jedisManager" ref="jedisManager"/>
110. </bean>
111.  
112. <!--
113. 自定义角色过滤器 支持多个角色可以访问同一个资源 eg:/home.jsp = authc,roleOR[admin,user]
114. 用户有admin或者user角色 就可以访问
115. -->
116.  
117. <!-- 认证数据库存储-->
118. <bean id="shiroManager" class="com.sojson.core.shiro.service.impl.ShiroManagerImpl"/>
119. <bean id="login" class="com.sojson.core.shiro.filter.LoginFilter"/>
120. <bean id="role" class="com.sojson.core.shiro.filter.RoleFilter"/>
121.  
122.  
123. <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
124. <property name="securityManager" ref="securityManager" />
125. <property name="loginUrl" value="/u/login.shtml" />
126. <!-- TODO 待提取 -->
127. <property name="successUrl" value="/" />
128. <property name="unauthorizedUrl" value="/?login" />
129.  
130. <!-- 初始配置，现采用自定义 -->
131. <!-- <property name="filterChainDefinitions" >-->
132. <!-- <value>-->
133. <!-- /** = anon-->
134. <!-- /page/login.jsp = anon-->
135. <!-- /page/register/* = anon-->
136. <!-- /page/index.jsp = authc-->
137. <!-- /page/addItem* = authc,roles[数据管理员]-->
138. <!-- /page/file* = authc,roleOR[普通用户,数据管理员]-->
139. <!-- /page/listItems* = authc,roleOR[数据管理员,普通用户]-->
140. <!-- /page/showItem* = authc,roleOR[数据管理员,普通用户]-->
141. <!-- /page/updateItem*=authc,roles[数据管理员]-->
142. <!-- </value>-->
143. <!-- </property>-->
144. <!-- 读取初始自定义权限内容-->
145. <property name="filterChainDefinitions" value="#{shiroManager.loadFilterChainDefinitions()}"/>
146. <property name="filters">
147. <util:map>
148. <entry key="login" value-ref="login"></entry>
149. <entry key="role" value-ref="role"></entry>
150. </util:map>
151. </property>
152. </bean>
153. <!-- Shiro生命周期处理器-->
154. <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
155.  
156.  
157. <!-- ============================================================================ -->
158.  
159. </beans>
160.