Shiro 配置
2019獨角獸企業重金招聘Python工程師標準>>>
web.xml:
<!-- Shiro配置 --><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>shiro.xml:
<description>Shiro Configuration</description><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="realm" ref="myRealm"/><!-- 使用下面配置的緩存管理器 --><property name="cacheManager" ref="cacheManager"/></bean><!--自定義Realm--><bean id="myRealm" class="com.hssArray.security.shiro.MyRealm"/><!-- 配置shiro的過濾器工廠類,id- shiroFilter要和我們在web.xml中配置的過濾器一致 --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><!-- 調用我們配置的權限管理器 --><property name="securityManager" ref="securityManager"/><!-- 配置我們的登錄請求地址 --><property name="loginUrl" value="/login"/><!-- 配置我們在登錄頁登錄成功后的跳轉地址,如果你訪問的是非/login地址,則跳到您訪問的地址 --><property name="successUrl" value="/main"/><!-- 如果您請求的資源不再您的權限范圍,則跳轉到/403請求地址 --><property name="unauthorizedUrl" value="/403.jsp"/><!-- 權限配置 --><property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource"/><property name="filterChainDefinitions"><value>/js/** = anon</value> </property></bean><!--自定義filterChainDefinitionMap--><bean id="chainDefinitionSectionMetaSource" class="com.hssArray.security.shiro.ChainDefinitionSectionMetaSource"/><!--shiro緩存管理器--><bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/><bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>主要類:
public class ChainDefinitionSectionMetaSource implements FactoryBean<Ini.Section> {@Autowiredprivate FunctionService functionService;// 靜態資源訪問權限private String filterChainDefinitions = "/static/**=anon";@Overridepublic Ini.Section getObject() throws Exception {List<Function> list = functionService.findAll();Ini ini = new Ini();// 加載默認的urlini.load(filterChainDefinitions);Ini.Section section = ini.getSection(Ini.DEFAULT_SECTION_NAME);// 循環Resource的url,逐個添加到section中。section就是filterChainDefinitionMap,// 里面的鍵就是鏈接URL,值就是存在什么條件才能訪問該鏈接for (Iterator<Function> it = list.iterator(); it.hasNext();) {Function function = it.next();// 構成permission字符串if (StringUtils.hasText(function.getValue()) && StringUtils.hasText(function.getType())) {String permission = "";String t = function.getType();if (t.equals("anon")) {permission = "anon";} else if (t.equals("perms")) {permission = "perms[" + function.getPermission().getPermissionname() + "]";} else if (t.equals("roles")) {permission = "roles[" + function.getRole().getRolename() + "]";}section.put(function.getValue(), permission);}}// 所有資源的訪問權限,必須放在最后section.put("/**", "authc");return section;}@Overridepublic Class<?> getObjectType() {return this.getClass();}@Overridepublic boolean isSingleton() {return false;} } package com.hssArray.security.shiro;/*** 自定義Realm,進行數據源配置** Created by Jeremie on 2014/10/1.*/@Service @Transactional public class MyRealm extends AuthorizingRealm {@Injectprivate UserService userService;/*** 獲取授權信息*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {// 獲取登錄時輸入的用戶名String loginName = (String) principalCollection.fromRealm(getName()).iterator().next();// 到數據庫獲取此用戶User user = userService.findByName(loginName);if (user != null) {// 權限信息對象info,用來存放查出的用戶的所有的角色(role)及權限(permission)SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();// 用戶的角色集合info.setRoles(user.getRolesName());// 用戶的角色對應的所有權限,如果只使用角色定義訪問權限Collection<Role> roleList = user.getRoleList();for (Role role : roleList) {info.addStringPermissions(role.getPermissionsName());}return info;}return null;}/*** 獲取身份驗證相關信息*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {// UsernamePasswordToken對象用來存放提交的登錄信息UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;// 查出是否有此用戶User user = userService.findByName(token.getUsername());if (user != null) {// 若存在,將此用戶存放到登錄認證info中return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());}return null;}}轉載于:https://my.oschina.net/u/3503613/blog/1569017
總結
