web.xml 文件配置filter
<filter>
<filter
-name
>shiroFilter
</filter
-name
>
<filter
-class>org
.springframework
.web
.filter
.DelegatingFilterProxy
</filter
-class>
<init
-param
>
<param
-name
>targetFilterLifecycle
</param
-name
>
<param
-value
>true</param
-value
>
</init
-param
>
<init
-param
>
<param
-name
>targetBeanName
</param
-name
>
<param
-value
>shiroFilter
</param
-value
>
</init
-param
>
</filter
>
<filter
-mapping
>
<filter
-name
>shiroFilter
</filter
-name
>
<url
-pattern
>
applicationContext.xml配置shiro Bean
<bean id
="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name
="realm" ref
="userRealm"></property
>
</bean
>
<bean id
="userRealm" class="'">
<property name
="credentialsMatcher " ref
="credentialsMatcher"></property
>
</bean
>
<!-- 配置凭证匹配器
-->
<bean id
="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name
="hashAlgorithmName" value
="md5"></property
>
<property name
="hashIterations" value
="2"></property
>
</bean
>
<bean id
="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name
="securityManager" ref
="securityManager"></property
>
<property name
="loginUrl" value
="/login"></property
>
<!-- 配置认证成功后跳转地址,如果没有配置则跳转上一个路径
-->
<property name
="successUrl" value
="/index"></property
>
<!-- 权限认证不通过访问路径
-->
<property name
="unauthorizedUrl " value
="/logingUrl"></property
>
<!-- shiro过滤器链
-->
<property name
="filterChainDefinitions">
<value>
/index
=anon
/login
=authc
/logout
=logout
/images
创建实体类Realm -> UserRealm
public class UserRealm extends AuthorizingRealm{
...
}
配置权限三种方式 注解方式 标签 过滤器
缓存管理
可以使用ehcache 或者redis集成
ehcache
引用ehcache.jar文件
ehcacee.xml
<ehcache>
<diskStore path
="java.io.tmpdir/shiro-ehcache"/>
<defaultCache
maxElementsInMemory
="10000"
eternal
="false"
timeToIdleSeconds
="120"
timeToLiveSeconds
="120"
overflowToDisk
="false"
diskPersistent
="false"
diskExpiryThreadIntervalSeconds
="120"
/>
</ehcache
>
配置applicationContext.xml
<bean id
="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name
="realm" ref
="userRealm"></property
>
<property name
="cacheManager" ref
="cacheManager"/>
</bean
>
<bean id
="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager" >
<property name
="cacheManagerConfigFile" value
="classpath:ehcache.xml"/>
</bean
>
SessionManager
<bean id
="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name
="globalSessionTimeout" value
="1800000"/>
<property name
="deleteInvalidSessions" value
="true"/>
</bean
>
RemeberMe