使用shrio保护spring 应用
2015-07-08 00:32
441 查看
第一步:引入Shiro的依赖
第二步:使用AutoConfiguration方式注入
第三步:使用Shiro的PropertiesRealm作为认证和授权管理器,所以添加classpath:/shiro-users.properties,格式为user.username
= password,role1,role1,...
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.3</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.2.3</version> </dependency>
第二步:使用AutoConfiguration方式注入
@Bean(name = "shiroFilter") public ShiroFilterFactoryBean shiroFilter() { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setLoginUrl("/login"); shiroFilter.setSuccessUrl("/index"); shiroFilter.setUnauthorizedUrl("/forbidden"); Map<String, String> filterChainDefinitionMapping = new HashMap<String, String>(); filterChainDefinitionMapping.put("/", "anon"); filterChainDefinitionMapping.put("/home", "authc,roles[guest]"); filterChainDefinitionMapping.put("/admin", "authc,roles[admin]"); shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping); shiroFilter.setSecurityManager(securityManager()); Map<String, Filter> filters = new HashMap<String, Filter>(); filters.put("anon", new AnonymousFilter()); filters.put("authc", new FormAuthenticationFilter()); filters.put("logout", new LogoutFilter()); filters.put("roles", new RolesAuthorizationFilter()); filters.put("user", new UserFilter()); shiroFilter.setFilters(filters); System.out.println(shiroFilter.getFilters().size()); return shiroFilter; } @Bean(name = "securityManager") public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(realm()); return securityManager; } @Bean(name = "realm") @DependsOn("lifecycleBeanPostProcessor") public PropertiesRealm realm() { PropertiesRealm propertiesRealm = new PropertiesRealm(); propertiesRealm.init(); return propertiesRealm; } @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }
第三步:使用Shiro的PropertiesRealm作为认证和授权管理器,所以添加classpath:/shiro-users.properties,格式为user.username
= password,role1,role1,...
user.admin = 567890,admin,guest user.lenic = 123456,guest
相关文章推荐
- Java学习笔记--集合
- HashMap源码分析(四)put-jdk8-红黑树的引入
- Java并发包
- Java正则表达式示例
- 一步一步跟我学习hadoop(2)----hadoop eclipse插件安装和运行wordcount程序
- Java集合的小抄 Java初学者必备
- Spring MVC防止数据重复提交
- Struts2 拦截器、防止重复提交
- Struts2
- 字符串时间格式转化-java Unit
- spring环境搭配
- Java基础---多线程
- 《Java程序》将数字进行倒序输出
- JAVA中的正则表达式--待续
- eclipse导入svn中现有的maven工程
- 关于url-pattern配置为/*时,springmvc总是报404的原因
- OGNL详解
- 关于eclipse中删除多余的工作空间记录
- Java编程思想学习笔记——类的访问权限
- Servlet初步认识(一)