spring-shiro(权限、用户认证配置)
2016-06-14 11:09
495 查看
spring-shiro.xml(权限、用户认证配置)
web.xml
pom.xml
<!-- shiro start -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- shiro end -->
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <!-- Realm实现 --> <bean id="statelessRealm" class="com.sys.shiro.AuthorizationRealm"> <property name="cachingEnabled" value="false" /> </bean> <!-- Subject工厂 --> <bean id="subjectFactory" class="com.sys.shiro.StatelessDefaultSubjectFactory" /> <!-- 会话管理器 --> <bean id="sessionManager" class="org.apache.shiro.session.mgt.DefaultSessionManager"> <property name="sessionValidationSchedulerEnabled" value="false" /> </bean> <!-- 安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="statelessRealm" /> <property name="subjectDAO.sessionStorageEvaluator.sessionStorageEnabled" value="false" /> <property name="subjectFactory" ref="subjectFactory" /> <property name="sessionManager" ref="sessionManager" /> </bean> <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" /> <property name="arguments" ref="securityManager" /> </bean> <bean id="statelessAuthcFilter" class="com.sys.shiro.StatelessAuthcFilter" /> <!-- Shiro的Web过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/pt/register" /> <property name="successUrl" value="/pt/home" /> <property name="unauthorizedUrl" value="/pt/login" /> <property name="filters"> <util:map> <entry key="statelessAuthc" value-ref="statelessAuthcFilter" /> </util:map> </property> <property name="filterChainDefinitions"> <value> / = anon /index.html = anon /pt/register = anon /pt/login = anon /browersDownload.html = anon /pageNotFound.html= anon /version/* = anon /favicon.ico = anon /rest/static/**=anon /help/*=anon /rest/error/** = anon /login.html = anon /rest/login = anon /rest/logout = anon /**/scripts/** = anon /**/images/** = anon /**/styles/** = anon /** = statelessAuthc </value> </property> </bean> <mvc:interceptors> <!-- 允许通过的URL --> <mvc:interceptor> <mvc:mapping path="/web/**" /> <bean class="com.sys.shiro.WebInterceptor"/> </mvc:interceptor> </mvc:interceptors> <!-- Shiro生命周期处理器 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <!-- 取消对images和js两个文件夹的拦截,可以访问静态文件的文件夹 --> <mvc:resources location="/resources/" mapping="/resources/**"/> <!-- 对模型视图名称的解析,在请求时模型视图名称添加前后缀 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/WEB-INF/view/" p:suffix=".jsp" /> </beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="3.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <error-page> <error-code>404</error-code> <location>/pageNotFound.html</location> </error-page> <!--项目名称 --> <display-name>gdecsppt</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath:applicationContext.xml classpath:quartz-task.xml classpath:spring-shiro.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!--系统初始化操作 --> <listener> <listener-class>com.sys.core.init.InitListener</listener-class> </listener> <filter> <description>处理编码的过滤器</description> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>WebFilter</filter-name> <filter-class>com.sys.filter.WebFilter</filter-class> </filter> <filter-mapping> <filter-name>WebFilter</filter-name> <url-pattern>/web/*</url-pattern> </filter-mapping> <!--用户登出 --> <filter> <filter-name>LogoutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <!--用户认证 --> <filter> <filter-name>UserAuthenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://www.gdecc.com:8443/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://gdecsppt.gdecc.com:8080</param-value> </init-param> </filter> <!--Ticket校验 --> <filter> <filter-name>TicketValidationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://www.gdecc.com:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://gdecsppt.gdecc.com:8080</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <!-- 该过滤器通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名 --> <filter> <filter-name>CASHttpServletRequestWrapperFilter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <!-- 该过滤器通过org.jasig.cas.client.util.AssertionHolder来获取用户信息。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CASAssertionThreadLocalFilter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>LogoutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>UserAuthenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>TicketValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CASHttpServletRequestWrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CASAssertionThreadLocalFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!--shiro权限处理过滤器 --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <async-supported>true</async-supported> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--SQL &HTML 注入过滤器 --> <filter> <filter-name>HtmlAndSQlInjection</filter-name> <filter-class>com.sys.filter.SqlAndHtmlValidatefilter</filter-class> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>HtmlAndSQlInjection</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>Jersey Web Application</servlet-name> <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class> <init-param> <param-name>javax.ws.rs.Application</param-name> <param-value>com.dyiaw.gdecsppt.rest.RestApplication</param-value> </init-param> <load-on-startup>1</load-on-startup> <async-supported>true</async-supported> </servlet> <servlet-mapping> <servlet-name>Jersey Web Application</servlet-name> <url-pattern>/rest/*</url-pattern> </servlet-mapping> </web-app>
pom.xml
<!-- shiro start -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>${shiro.version}</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-cas</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- shiro end -->
相关文章推荐
- W/System.err:at java.net.PlainDatagramSocketImpl.bind(PlainDatagramSocketImpl.java:68)问题解决方法
- Java RMI(1):HelloWorld篇
- 找不到"javax.servlet.annotation.WebServlet"解决方法
- 学习练习 java数据库查询小题
- Java算法
- 如何修改eclipse里面的workspace目录
- JAVA学习、JAVA入门:JAVA知识点精简总结
- 【Spring4揭秘】PropertyEditor
- Java checked异常和unchecked异常。
- Spring Date JPA 底层方法名对应关键字
- 【java线程】创建线程的两种方式
- java匿名内部类的参数为final类型
- Java Static关键字引发的思考
- java基础--Collections.sort的两种用法
- java javac命令详解
- JAVA 8-学习笔记(一)
- java回顾——final关键字的作用
- Java内部类
- JDK、JRE和JVM三者之间关系
- ubuntu16.04 安装 eclipse