shiro在springmvc里面的集成使用【转】

<dependency>

<groupId>commons-collections</groupId>

<artifactId>commons-collections</artifactId>

<version>3.2.1</version>

</dependency>

<dependency>

<groupId>net.sf.ehcache</groupId>

<artifactId>ehcache-core</artifactId>

<version>2.6.9</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-spring</artifactId>

<version>1.2.3</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-ehcache</artifactId>

<version>1.2.3</version>

</dependency>

<dependency>

<groupId>org.apache.shiro</groupId>

<artifactId>shiro-quartz</artifactId>

<version>1.2.3</version>

</dependency>

如果项目是hibernate的，以前的时候ehcache可能不是单例的，因为shiro里面也使用到了ehcache做缓存，和hibernate的ehcache缓存配置有冲突，所以需要对hibernate的ehcache部分做些调整，调整如下： Xml代码


<bean id="sessionFactory"

class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">

<property name="dataSource" ref="dataSource"></property>

<property name="hibernateProperties">

<props>

<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>

<prop key="hibernate.show_sql">true</prop>

<prop key="hibernate.hbm2ddl.auto">update</prop>

<!--

<prop key="hibernate.cache.region.factory_class">org.hibernate.cache.EhCacheRegionFactory</prop>

-->

<prop key="hibernate.cache.region.factory_class">

org.hibernate.cache.SingletonEhCacheRegionFactory

</prop>

<prop key="hibernate.cache.provider_class">net.sf.ehcache.hibernate.SingletonEhCacheProvider</prop>

<prop key="hibernate.cache.use_second_level_cache">true</prop>

<prop key="hibernate.cache.use_query_cache">true</prop>

<prop key="hibernate.cache.use_structured_entries">true</prop>

<prop key="hibernate.cache.provider_configuration_file_resource_path">WEB-INF/classes/ehcache.xml</prop>

<prop key="hibernate.current_session_context_class">org.springframework.orm.hibernate4.SpringSessionContext</prop>

</props>

</property>

<property name="packagesToScan">

<list>

<value>com.xxx.entity</value>

</list>

</property>

</bean>

上面红色的文字部分是需要调整的内容。 既然用到了ehcache，ehcahce.xml文件里面的配置内容如下： Xml代码


<?xml version="1.0" encoding="UTF-8"?>

<ehcache>

<diskStore path="java.io.tmpdir" />

<defaultCache maxElementsInMemory="10000" eternal="false"

timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="true" />

<cache name="org.hibernate.cache.UpdateTimestampsCache"

maxElementsInMemory="5000" eternal="true" overflowToDisk="true" />

<cache name="org.hibernate.cache.StandardQueryCache"

maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="120"

overflowToDisk="true" />

<!-- 登录记录缓存 锁定10分钟 -->

<cache name="passwordRetryCache"

maxEntriesLocalHeap="2000"

eternal="false"

timeToIdleSeconds="3600"

timeToLiveSeconds="0"

overflowToDisk="false"

statistics="true">

</cache>

<cache name="authorizationCache"

maxEntriesLocalHeap="2000"

eternal="false"

timeToIdleSeconds="3600"

timeToLiveSeconds="0"

overflowToDisk="false"

statistics="true">

</cache>

<cache name="authenticationCache"

maxEntriesLocalHeap="2000"

eternal="false"

timeToIdleSeconds="3600"

timeToLiveSeconds="0"

overflowToDisk="false"

statistics="true">

</cache>

<cache name="shiro-activeSessionCache"

maxEntriesLocalHeap="2000"

eternal="false"

timeToIdleSeconds="3600"

timeToLiveSeconds="0"

overflowToDisk="false"

statistics="true">

</cache>

</ehcache>

然后是web.xml文件里面加过滤器，注意要写在springmvc的filter前面 Xml代码


<!-- shiro 安全过滤器 -->

<!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->

<filter>

<filter-name>shiroFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

<async-supported>true</async-supported>

<init-param>

<param-name>targetFilterLifecycle</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<!-- Make sure any request you want accessible to Shiro is filtered. /* catches all -->

<!-- requests. Usually this filter mapping is defined first (before all others) to -->

<!-- ensure that Shiro works in subsequent filters in the filter chain: -->

<filter-mapping>

<filter-name>shiroFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

然后就是shiro相关的spring配置参数文件了Xml代码


<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:util="http://www.springframework.org/schema/util"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

<!-- 缓存管理器 使用Ehcache实现-->

<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">

<property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>

</bean>

<bean id="passwordHelper" class="com.shinowit.framework.security.PasswordHelper">

</bean>

<!-- 凭证匹配器 -->

<bean id="credentialsMatcher"

class="com.shinowit.framework.security.credentials.RetryLimitSimpleCredentialsMatcher">

<constructor-arg ref="cacheManager"/>

<property name="passwordHelper" ref="passwordHelper"/>

</bean>

<bean id="shiro_user_dao" class="com.shinowit.framework.security.dao.UserDAO">

<property name="jt" ref="jdbcTemplate"/>

</bean>

<!-- Realm实现 -->

<bean id="userRealm" class="com.shinowit.framework.security.realm.UserRealm">

<property name="userDAO" ref="shiro_user_dao"/>

<property name="credentialsMatcher" ref="credentialsMatcher"/>

<!--密码校验接口-->

<property name="cachingEnabled" value="true"/>

<property name="authenticationCachingEnabled" value="true"/>

<property name="authenticationCacheName" value="authenticationCache"/>

<property name="authorizationCachingEnabled" value="true"/>

<property name="authorizationCacheName" value="authorizationCache"/>

</bean>

<!-- 会话ID生成器 -->

<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>

<!-- 会话Cookie模板 -->

<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">

<constructor-arg value="sid"/>

<property name="httpOnly" value="true"/>

<property name="maxAge" value="180000"/>

</bean>

<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">

<constructor-arg value="rememberMe"/>

<property name="httpOnly" value="true"/>

<property name="maxAge" value="2592000"/>

<!-- 30天 -->

</bean>

<!-- rememberMe管理器 -->

<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">

<property name="cipherKey"

value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>

<property name="cookie" ref="rememberMeCookie"/>

</bean>

<!-- 会话DAO -->

<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">

<property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>

<property name="sessionIdGenerator" ref="sessionIdGenerator"/>

</bean>

<!-- 会话验证调度器 -->

<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">

<property name="sessionValidationInterval" value="1800000"/>

<property name="sessionManager" ref="sessionManager"/>

</bean>

<!-- 会话管理器 -->

<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">

<property name="globalSessionTimeout" value="1800000"/>

<property name="deleteInvalidSessions" value="true"/>

<property name="sessionValidationSchedulerEnabled" value="true"/>

<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>

<property name="sessionDAO" ref="sessionDAO"/>

<property name="sessionIdCookieEnabled" value="true"/>

<property name="sessionIdCookie" ref="sessionIdCookie"/>

</bean>

<!-- 安全管理器 -->

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

<property name="realm" ref="userRealm"/>

<property name="sessionManager" ref="sessionManager"/>

<property name="cacheManager" ref="cacheManager"/>

<property name="rememberMeManager" ref="rememberMeManager"/>

</bean>

<!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">

<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>

<property name="arguments" ref="securityManager"/>

</bean>

<!--下面的loginUrl有两个必要条件,一个登陆校验失败以后会强制客户端redirect到这个url，

另外一个是登陆的表单(含有用户名及密码)必须action到这个url-->

<!-- 自定义的能够接收校验码的身份验证过滤器

跳转问题太他妈诡异了,不用了，自己写代码控制如何跳转了

<bean id="formAuthenticationFilter" class="com.shinowit.framework.security.filter.ValidFormAuthenticationFilter">

<property name="usernameParam" value="loginName"/>

<property name="passwordParam" value="loginPass"/>

<property name="loginUrl" value="/login/"/>

</bean>

-->

<!-- Shiro的Web过滤器 -->

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

<property name="securityManager" ref="securityManager"/>

<property name="loginUrl" value="/login/"/>

<property name="unauthorizedUrl" value="/unauthorized.jsp"/>

<property name="filters">

<map>

<entry key="authc">

<bean class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter"/>

</entry>

</map>

<!--

<util:map>

<entry key="authc" value-ref="formAuthenticationFilter"/>

</util:map>

-->

</property>

<property name="filterChainDefinitions">

<value>

/index.jsp = anon

/validcode.jsp = anon

/login/ = anon

/static/** = anon

/js/** = anon

/img/** = anon

/unauthorized.jsp = anon

#/login/checklogin = authc

/login/checklogin = anon

/login/logoutlogout = logout

/** = user

</value>

</property>

</bean>

<!-- Shiro生命周期处理器-->

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

</beans>

哦，对了，里面那个fuck那个url是用来改密码的，因为数据库里面的密码是加密的，不这么整总也不可能知道对的md5值是多少。 但愿没有忘记什么内容，挺墨迹的，不过能跑起来以后后边关于权限和安全的处理就简单多了，写写注解或者标签就搞定了，很爽。
核心技术：Maven,Springmvc mybatis shiro, Druid, Restful, Dubbo, ZooKeeper,Redis,FastDFS,ActiveMQ,Nginx
1. 项目核心代码结构截图



项目模块依赖


特别提醒：开发人员在开发的时候可以将自己的业务REST服务化或者Dubbo服务化
2. 项目依赖介绍 2.1 后台管理系统、Rest服务系统、Scheculer定时调度系统依赖如下图：



2.2 Dubbo独立服务项目依赖如下图：



3. 项目功能部分截图：















zookeeper、dubbo服务启动





dubbo管控台















REST服务平台