一、在web.xml中添加shiro过滤器
<!-- shiro filter--> <filter> <filter-name>shirofilter</filter-name> <filter-class> org.springframework.web.filter.delegatingfilterproxy </filter-class> </filter> <filter-mapping> <filter-name>shirofilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
二、在spring的applicationcontext.xml中添加shiro配置
1、添加shirofilter定义
<!-- shiro filter --> <bean id="shirofilter" class="org.apache.shiro.spring.web.shirofilterfactorybean"> <property name="securitymanager" ref="securitymanager" /> <property name="loginurl" value="/login" /> <property name="successurl" value="/user/list" /> <property name="unauthorizedurl" value="/login" /> <property name="filterchaindefinitions"> <value> /login = anon /user/** = authc /role/edit/* = perms[role:edit] /role/save = perms[role:edit] /role/list = perms[role:view] /** = authc </value> </property> </bean>
2、添加securitymanager定义
3、添加realm定义
三、实现myrealm:继承authorizingrealm,并重写认证授权方法
public class myrealm extends authorizingrealm{ private accountmanager accountmanager; public void setaccountmanager(accountmanager accountmanager) { this.accountmanager = accountmanager; } /** * 授权信息 */ protected authorizationinfo dogetauthorizationinfo( principalcollection principals) { string username=(string)principals.fromrealm(getname()).iterator().next(); if( username != null ){ user user = accountmanager.get( username ); if( user != null && user.getroles() != null ){ simpleauthorizationinfo info = new simpleauthorizationinfo(); for( securityrole each: user.getroles() ){ info.addrole(each.getname()); info.addstringpermissions(each.getpermissionsasstring()); } return info; } } return null; } /** * 认证信息 */ protected authenticationinfo dogetauthenticationinfo( authenticationtoken authctoken ) throws authenticationexception { usernamepasswordtoken token = (usernamepasswordtoken) authctoken; string username = token.getusername(); if( username != null && !"".equals(username) ){ user user = accountmanager.login(token.getusername(), string.valueof(token.getpassword())); if( user != null ) return new simpleauthenticationinfo( user.getloginname(),user.getpassword(), getname()); } return null; } }
参考资料:让apache shiro保护你的应用
如对本文有疑问, 点击进行留言回复!!
现在微服务这么火,你还不了解吗?阿里P8推荐的微服务学习指南
论文笔记:SlowFast Networks for Video Recognition
网友评论