<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
default-lazy-init="true">


<description>Shiro Configuration</description>


    <!--安全管理器-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="shiroDbRealm"/>
        <property name="cacheManager" ref="cacheManager"/>
       <!--  <property name="sessionManager" ref="sessionManager"/> -->
    </bean>


    <!-- 專案自定義的Realm -->
    <bean id="shiroDbRealm" class="com.huaxia.security.shiro.ShiroDbRealm"/>   //  自己寫的域


    <!-- Shiro Filter -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login"/>
        <property name="successUrl" value="/index"/>
        <property name="unauthorizedUrl" value="/unauth"/>
        <property name="filterChainDefinitions">
            <value>
                /commons/** = anon
                /plugins/** = anon
                /assets/** = anon
                /css/** = anon
                /js/** = anon
                /img/** = anon
                /fonts/** = anon
                /bootstrap/** = anon
                /login = anon
                /interface/** = anon
                /** = user
                
            </value>
        </property>
    </bean>




   <!-- 使用者授權資訊Cache -->
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />


    <!-- 會話管理器 -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        <property name="globalSessionTimeout" value="#{30 * 60 * 1000}"/>
        <property name="sessionIdUrlRewritingEnabled" value="false"/>
    </bean>


    <!-- 在方法中 注入  securityManager ，進行代理控制 -->
    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
        <property name="arguments" ref="securityManager"/>
    </bean>


    <!-- 保證實現了Shiro內部lifecycle函式的bean執行 -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>


    <!-- AOP式方法級許可權檢查 -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="false" />
</bean>


    <!-- 啟用shrio授權註解攔截方式 -->
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>
</beans>