使用shrio保护spring 应用
2015-07-08 00:32
441 查看
第一步:引入Shiro的依赖
第二步:使用AutoConfiguration方式注入
第三步:使用Shiro的PropertiesRealm作为认证和授权管理器,所以添加classpath:/shiro-users.properties,格式为user.username
= password,role1,role1,...
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.3</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.3</version> </dependency>
第二步:使用AutoConfiguration方式注入
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setLoginUrl("/login");
shiroFilter.setSuccessUrl("/index");
shiroFilter.setUnauthorizedUrl("/forbidden");
Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>();
filterChainDefinitionMapping.put("/", "anon");
filterChainDefinitionMapping.put("/home", "authc,roles[guest]");
filterChainDefinitionMapping.put("/admin", "authc,roles[admin]");
shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping);
shiroFilter.setSecurityManager(securityManager());
Map<String, Filter> filters = new HashMap<String, Filter>();
filters.put("anon", new AnonymousFilter());
filters.put("authc", new FormAuthenticationFilter());
filters.put("logout", new LogoutFilter());
filters.put("roles", new RolesAuthorizationFilter());
filters.put("user", new UserFilter());
shiroFilter.setFilters(filters);
System.out.println(shiroFilter.getFilters().size());
return shiroFilter;
}
@Bean(name = "securityManager")
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm());
return securityManager;
}
@Bean(name = "realm")
@DependsOn("lifecycleBeanPostProcessor")
public PropertiesRealm realm() {
PropertiesRealm propertiesRealm = new PropertiesRealm();
propertiesRealm.init();
return propertiesRealm;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}第三步:使用Shiro的PropertiesRealm作为认证和授权管理器,所以添加classpath:/shiro-users.properties,格式为user.username
= password,role1,role1,...
user.admin = 567890,admin,guest user.lenic = 123456,guest
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Java学习笔记--集合
- HashMap源码分析(四)put-jdk8-红黑树的引入
- Java并发包
- Java正则表达式示例
- 一步一步跟我学习hadoop(2)----hadoop eclipse插件安装和运行wordcount程序
- Java集合的小抄 Java初学者必备
- Spring MVC防止数据重复提交
- Struts2 拦截器、防止重复提交
- Struts2
- 字符串时间格式转化-java Unit
- spring环境搭配
- Java基础---多线程
- 《Java程序》将数字进行倒序输出
- JAVA中的正则表达式--待续
- eclipse导入svn中现有的maven工程
- 关于url-pattern配置为/*时,springmvc总是报404的原因
- OGNL详解
- 关于eclipse中删除多余的工作空间记录
- Java编程思想学习笔记——类的访问权限
- Servlet初步认识(一)