shiro框架的詳細配置及使用
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
default-lazy-init="true">
<description>Shiro Configuration</description>
<!--安全管理器-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="shiroDbRealm"/>
<property name="cacheManager" ref="cacheManager"/>
<!-- <property name="sessionManager" ref="sessionManager"/> -->
</bean>
<!-- 專案自定義的Realm -->
<bean id="shiroDbRealm" class="com.huaxia.security.shiro.ShiroDbRealm"/> // 自己寫的域
<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/index"/>
<property name="unauthorizedUrl" value="/unauth"/>
<property name="filterChainDefinitions">
<value>
/commons/** = anon
/plugins/** = anon
/assets/** = anon
/css/** = anon
/js/** = anon
/img/** = anon
/fonts/** = anon
/bootstrap/** = anon
/login = anon
/interface/** = anon
/** = user
</value>
</property>
</bean>
<!-- 使用者授權資訊Cache -->
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />
<!-- 會話管理器 -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="#{30 * 60 * 1000}"/>
<property name="sessionIdUrlRewritingEnabled" value="false"/>
</bean>
<!-- 在方法中 注入 securityManager ,進行代理控制 -->
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
<!-- 保證實現了Shiro內部lifecycle函式的bean執行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- AOP式方法級許可權檢查 -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="false" />
</bean>
<!-- 啟用shrio授權註解攔截方式 -->
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
</beans>