首先引入一段关于shiro的介绍:
开发系统中,少不了权限,目前java里的权限框架有SpringSecurity和Shiro(以前叫做jsecurity),对于SpringSecurity:功能太过强大以至于功能比较分散,使用起来也比较复杂,跟Spring结合的比较好。对于初学Spring Security者来说,曲线还是较大,需要深入学习其源码和框架,配置起来也需要费比较大的力气,扩展性也不是特别强。
对于新秀Shiro来说,好评还是比较多的,使用起来比较简单,功能也足够强大,扩展性也较好。听说连Spring的官方都不用Spring Security,用的是Shiro,足见Shiro的优秀。网上找到两篇介绍:http://www.infoq.com/cn/articles/apache-shiro http://www.ibm.com/developerworks/cn/opensource/os-cn-shiro/,http://itindex.net/detail/50410-apache-shiro-%E4%BD%BF%E7%94%A8%E6%89%8B%E5%86%8C,官网http://shiro.apache.org/ ,使用和配置起来还是比较简单。
下面只是简单介绍下我们是如何配置和使用Shiro的。
pom.xml引入相关jar包
1 <!-- spring结合 --> 2 <dependency> 3 <groupId>org.apache.shiro</groupId> 4 <artifactId>shiro-spring</artifactId> 5 <version>1.4.0</version> 6 </dependency> 7 <!--缓存包--> 8 <dependency> 9 <groupId>org.apache.shiro</groupId> 10 <artifactId>shiro-ehcache</artifactId> 11 <version>1.4.0</version> 12 </dependency> 13 <!--核心包--> 14 <dependency> 15 <groupId>org.apache.shiro</groupId> 16 <artifactId>shiro-core</artifactId> 17 <version>1.4.0</version> 18 </dependency>
web.xml增加过滤
1 <!-- shiro 权限控制的过滤器 --> 2 <filter> 3 <filter-name>shiroFilter</filter-name> 4 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 5 </filter> 6 7 <filter-mapping> 8 <filter-name>shiroFilter</filter-name> 9 <url-pattern>/*</url-pattern> 10 </filter-mapping>
增加一个shiro.xml的配置文件
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jee="http://www.springframework.org/schema/jee" 4 xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" 5 xmlns:util="http://www.springframework.org/schema/util" 6 xsi:schemaLocation=" 7 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 8 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 9 http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd 10 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd 11 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" 12 default-lazy-init="false"> 13 14 <!-- 缓存管理器 使用memory实现 --> 15 16 17 <!--rememberMe 30天 --> 18 <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> 19 <constructor-arg value="COOKIE_NAME" /> 20 <property name="httpOnly" value="true" /> 21 <property name="maxAge" value="2592000" /> 22 23 </bean> 24 25 <!-- rememberMe管理器 --> 26 <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> 27 <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}" /> 28 <property name="cookie" ref="rememberMeCookie" /> 29 </bean> 30 31 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 32 <!-- 继承AuthorizingRealm的类--> 33 <property name="realm" ref="userRealm" /> 34 <property name="rememberMeManager" ref="rememberMeManager" /> 35 </bean> 36 37 <!-- Shiro Filter --> 38 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 39 <property name="securityManager" ref="securityManager" /> 40 <property name="loginUrl" value="/openid" /> 41 <property name="successUrl" value="/manage" /> 42 <property name="unauthorizedUrl" value="/openid" /> 43 <property name="filterChainDefinitions"> 44 <value> 45 /api/**=anon 46 /res/**=anon 47 /src/**=anon 48 /health/**=anon 49 /logout=authc 50 /openid=anon 51 /callback=anon 52 /=authc 53 /**=anon 54 </value> 55 </property> 56 </bean> 57 58 59 <!-- Shiro生命周期处理器 --> 60 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> 61 62 </beans>