Shiro
Standalone应用程序
这里是在
<!–Definetherealmyouwanttousetoconnecttoyourback-endsecuritydatasource:–>
<beanid="myRealm"class="…">
…
</bean>
<beanid="securityManager"class="org.apache.shiro.mgt.DefaultSecurityManager">
<!–Singlerealmapp.Ifyouhavemultiplerealms,usethe’realms’propertyinstead.–>
<propertyname="realm"ref="myRealm"/>
</bean>
<beanid="lifecycleBeanPostProcessor"class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!–Forsimplestintegration,sothatallSecurityUtils.*methodsworkinallcases,–>
<!–makethesecurityManagerbeanastaticsingleton.DONOTdothisinweb–>
<!–applications-seethe’WebApplications’sectionbelowinstead.–>
<beanclass="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<propertyname="staticMethod"value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<propertyname="arguments"ref="securityManager"/>
</bean>
Web应用程序
Shiro
以下是如何在基于
web.xml
<!–Thefilter-namematchesnameofa’shiroFilter’beaninsideapplicationContext.xml–>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
…
<!–MakesureanyrequestyouwantaccessibletoShiroisfiltered./*catchesall–>
<!–requests.Usuallythisfiltermappingisdefinedfirst(beforeallothers)to–>
<!–ensurethatShiroworksinsubsequentfiltersinthefilterchain:–>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
在你的
applicationContext.xml
<beanid="shiroFilter"class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<propertyname="securityManager"ref="securityManager"/>
<!–overridetheseforapplication-specificURLsifyoulike:
<propertyname="loginUrl"value="/login.jsp"/>
<propertyname="successUrl"value="/home.jsp"/>
<propertyname="unauthorizedUrl"value="/unauthorized.jsp"/>–>
<!–The’filters’propertyisnotnecessarysinceanydeclaredjavax.servlet.Filterbean–>
<!–definedwillbeautomaticallyacquiredandavailableviaitsbeanNameinchain–>
<!–definitions,butyoucanperforminstanceoverridesornamealiaseshereifyoulike:–>
<!–<propertyname="filters">
<util:map>
<entrykey="anAlias"value-ref="someFilter"/>
</util:map>
</property>–>
<propertyname="filterChainDefinitions">
<value>
#someexamplechaindefinitions:
/admin/**=authc,roles[admin]
/docs/**=authc,perms[document:read]
/**=authc
#moreURL-to-FilterChaindefinitionshere
</value>
</property>
</bean>
<!–Defineanyjavax.servlet.Filterbeansyouwantanywhereinthisapplicationcontext.–>
<!–Theywillautomaticallybeacquiredbythe’shiroFilter’beanaboveandmadeavailable–>
<!–tothe’filterChainDefinitions’property.Oryoucanmanually/explicitlyaddthem–>
人的价值,在遭受诱-惑的一瞬间被决定