Shiro简单入门+个人理解

  <dependency>

   <groupId>org.apache.shiro</groupId>

   <artifactId>shiro-spring</artifactId>

   <version>1.3.2</version>

  </dependency>

创建spring-shiro.xml(tomcat启动时需要加载)

<?xml version="1.0" encoding="UTF-8"?>
<beans default-lazy-init="true"
xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:jpa="http://www.springframework.org/schema/data/jpa"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.3.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.3.xsd
http://www.springframework.org/schema/data/jpa
http://www.springframework.org/schema/data/jpa/spring-jpa-1.3.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.3.xsd" >

<!-- 配置SecurityManager对象(Shiro框架核心,负责调用相关组件实现
用户身份认证,授权,缓存,会话管理等功能)-->
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="Realm" ref="ShiroUserRealm"/>
</bean>
<!-- 配置ShiroFilterFactoryBean对象(Shiro中会通过很多过滤器对WEB请求
做预处理,这些过滤器的创建底层设计了一个工厂类) -->
<bean id="shiroFilterFactory" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 注入SecurityManager对象 -->
<property name="SecurityManager" ref="securityManager"/>
<!-- 配置登录页面 -->
<property name="LoginUrl" value="/login.jsp"/>
<!-- 定义过滤规则(哪些资源允许匿名访问,哪些资源必须授权访问)-->
<property name="FilterChainDefinitionMap">
<map>
<!-- 说明:anon表示允许匿名访问, authc表示授权访问-->

<entry key="/css/**" value="anon"/>
<entry key="/db_sql/**" value="anon"/>
<entry key="/images/**" value="anon"/>
<entry key="/js/**" value="anon"/>
<entry key="/META-INF/**" value="anon"/>
<entry key="/yzm/**" value="anon"/>

<!-- 这里是授权的应用,以xml方式来管理,当然也有使用注解或jsp标签的方式,在授权时我们会讲解-->
<!-- <entry key="/company/deleteCompany.do" value="perms[company:delete]" /> -->
<!-- <entry key="/page/xtgl/userList.jsp" value="perms[xtgl:userList]"> -->
<entry key="/login/getLogins.do" value="anon"/>
<entry key="/doLogout.do" value="logout"/>
<entry key="/**" value="authc"/>


</map>
</property>
</bean>
<!-- 配置bean对象的生命周期管理 -->
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor">
</bean>
<!-- 配置Bean对象的代理 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
</bean>
<!-- 配置授权Bean对象 -->
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="SecurityManager" ref="securityManager"/>

<!--自定义realm对象-->

</bean>
<bean id="ShiroUserRealm" class="com.cn.ericsson.service.realm.ShiroUserRealm">
</bean>
</beans>

 在web.xml进行的操作

<!-- 配置shiro过滤器(对请求进行拦截) -->
<filter>
<filter-name>shiroFilter</filter-name>
<!-- 此类型由谁提供(spring 框架):spring整合shiro的入口 -->
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<!-- 这个参数名在DelegatingFilterProxy中定义 -->
<param-name>targetBeanName</param-name>
<!-- 这个值在spring-shiro.xml配置文件中定义 -->
<param-value>shiroFilterFactory</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

自定义realm

到此环境已经搭建完成,后期说明认证及授权