王浩的专栏

Shiro

Standalone应用程序

这里是在

<!–Definetherealmyouwanttousetoconnecttoyourback-endsecuritydatasource:–>

<beanid="myRealm"class="…">

…

</bean>

<beanid="securityManager"class="org.apache.shiro.mgt.DefaultSecurityManager">

<!–Singlerealmapp.Ifyouhavemultiplerealms,usethe’realms’propertyinstead.–>

<propertyname="realm"ref="myRealm"/>

</bean>

<beanid="lifecycleBeanPostProcessor"class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!–Forsimplestintegration,sothatallSecurityUtils.*methodsworkinallcases,–>

<!–makethesecurityManagerbeanastaticsingleton.DONOTdothisinweb–>

<!–applications-seethe’WebApplications’sectionbelowinstead.–>

<beanclass="org.springframework.beans.factory.config.MethodInvokingFactoryBean">

<propertyname="staticMethod"value="org.apache.shiro.SecurityUtils.setSecurityManager"/>

<propertyname="arguments"ref="securityManager"/>

</bean>

Web应用程序

Shiro

以下是如何在基于

web.xml

<!–Thefilter-namematchesnameofa’shiroFilter’beaninsideapplicationContext.xml–>

<filter>

<filter-name>shiroFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

<init-param>

<param-name>targetFilterLifecycle</param-name>

<param-value>true</param-value>

</init-param>

</filter>

…

<!–MakesureanyrequestyouwantaccessibletoShiroisfiltered./*catchesall–>

<!–requests.Usuallythisfiltermappingisdefinedfirst(beforeallothers)to–>

<!–ensurethatShiroworksinsubsequentfiltersinthefilterchain:–>

<filter-mapping>

<filter-name>shiroFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

在你的

applicationContext.xml

<beanid="shiroFilter"class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

<propertyname="securityManager"ref="securityManager"/>

<!–overridetheseforapplication-specificURLsifyoulike:

<propertyname="loginUrl"value="/login.jsp"/>

<propertyname="successUrl"value="/home.jsp"/>

<propertyname="unauthorizedUrl"value="/unauthorized.jsp"/>–>

<!–The’filters’propertyisnotnecessarysinceanydeclaredjavax.servlet.Filterbean–>

<!–definedwillbeautomaticallyacquiredandavailableviaitsbeanNameinchain–>

<!–definitions,butyoucanperforminstanceoverridesornamealiaseshereifyoulike:–>

<!–<propertyname="filters">

<util:map>

<entrykey="anAlias"value-ref="someFilter"/>

</util:map>

</property>–>

<propertyname="filterChainDefinitions">

<value>

#someexamplechaindefinitions:

/admin/**=authc,roles[admin]

/docs/**=authc,perms[document:read]

/**=authc

#moreURL-to-FilterChaindefinitionshere

</value>

</property>

</bean>

<!–Defineanyjavax.servlet.Filterbeansyouwantanywhereinthisapplicationcontext.–>

<!–Theywillautomaticallybeacquiredbythe’shiroFilter’beanaboveandmadeavailable–>

<!–tothe’filterChainDefinitions’property.Oryoucanmanually/explicitlyaddthem–>

人的价值，在遭受诱-惑的一瞬间被决定