Shiro(环境搭建与Spring整合)

470

环境搭建与Spring整合(Maven项目中)

1. 导入依赖
<dependency>
	<groupId>org.apache.shiro</groupId>
	<artifactId>shiro-all</artifactId>
	<version>1.2.3</version>
</dependency>
2. 在Web.xml中配置
  • 真正处理请求,判断业务的并不是这个过滤器,这是个spring的委托代理过滤器,拦截器.Tomcat中有自己的容器去管理Filter,Listener以及Servlet,并不是受Spring管理的,因此并不能通过Spring容器直接对Servlet容器进行注入。因此用来拦截请求.把请求处理委托交给Spring的过滤器工厂处理,在Spring的IOC容器中,一定要有一个bean的id是shiroFilter,对应的类型是shiroFilterFactoryBean
 <!-- Shiro Security filter  filter-name这个名字的值将来还会在spring中用到 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
    <param-name>targetFilterLifecycle</param-name>
    <param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

注意:如果使用的是Struts2的话,该过滤器一定要放到struts2的过滤器之前.因为struts2的过滤器并没有放行这个说法.

Spring整合Shiro applicationContext.xml

Spring整合shiro对象步骤:
  1. 创建shiroFilterFactoryBean.注入SecurityManager.
  • filterChainDefinitions 过滤器链
过滤器简称 对应的java类
anon匿名访问过滤器.在这里的资源直接放行 org.apache.shiro.web.filter.authc.AnonymousFilter
authc 认证过滤器 org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authcBasic org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
perms 授权过滤器 org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
port org.apache.shiro.web.filter.authz.PortFilter
rest org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
roles org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
ssl org.apache.shiro.web.filter.authz.SslFilter
user org.apache.shiro.web.filter.authc.UserFilter
logout org.apache.shiro.web.filter.authc.LogoutFilter
/index.jsp* = anon
/home* = anon
/sysadmin/login/login.jsp* = anon
/sysadmin/login/loginAction_logout* = anon
/login* = anon
/logout* = anon
/components/** = anon
/css/** = anon
/img/** = anon
/js/** = anon
/plugins/** = anon
/images/** = anon
/js/** = anon
/make/** = anon
/skin/** = anon
/stat/** = anon
/ufiles/** = anon
/validator/** = anon
/resource/** = anon
/** = authc
/*.* = authc

anon - 表示直接放行的资源. authc - 表示该路径下的资源需要认证

perms - 表示该路径下的资源需要授权

  1. 创建SecurityManager.注入realm(区域,领域)
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realm" ref="myRealm"></property>
</bean>

image

注意:因为Realm并不知道我们使用哪个数据库,要取什么数据.因此Realm需要我们自己来创建并指定

  1. 创建自定义Realm,注入凭证匹配器
 <!--3. 创建自定义的Realm-->
    <bean id="myRealm" class="com.shirodemo.realm.LoginRealm">
        <!--注入凭证匹配器-->
        <property name="credentialsMatcher" ref="credentialsMatcher"/>
    </bean>
  1. 创建凭证匹配器,注入加密算法
 <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <!--指定加密的算法-->
        <property name="hashAlgorithmName" value="md5"/>
    </bean>

image

完整版

<!--1. 创建shiroFilterFactoryBean-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <!--认证失败跳转的页面-->
    <property name="loginUrl" value="/login.jsp"/>
    <!--认证成功的页面.如果代码中指定了,以代码跳转的地址为准,通常会以登录成功跳转的页面为准-->
    <property name="successUrl" value="/home.jsp"/>
    <!--未授权校验的页面-->
    <property name="unauthorizedUrl" value="/login.jsp"/>

    <!--过滤器链-->
    <property name="filterChainDefinitions">
        <value>
            /index.jsp* = anon
            /home* = anon
            /sysadmin/login/login.jsp* = anon
            /sysadmin/login/loginAction_logout* = anon
            /login* = anon
            /logout* = anon
            /components/** = anon
            /css/** = anon
            /img/** = anon
            /js/** = anon
            /plugins/** = anon
            /images/** = anon
            /js/** = anon
            /make/** = anon
            /skin/** = anon
            /stat/** = anon
            /ufiles/** = anon
            /validator/** = anon
            /resource/** = anon
            /** = authc
        </value>
    </property>
</bean>

<!--2. 创建securityManager-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realm" ref="myRealm"></property>
</bean>

<!--3. 创建自定义的Realm-->
<bean id="myRealm" class="com.shirodemo.realm.LoginRealm">
    <!--注入凭证匹配器-->
    <property name="credentialsMatcher" ref="credentialsMatcher"/>
</bean>

<!--4. 创建凭证匹配器-->
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
    <!--指定加密的算法-->
    <property name="hashAlgorithmName" value="md5"/>
</bean>

如果有什么地方说得不正确,大家可以在评论写下一起交流。希望我的文章对你有帮助。点个赞阿兄dei!