新建Java Daynamic Web项目
导入Spring、SpringMVC依赖包:
导入Spring & Spring MVC包(导入如下所有开发包):
Spring AOP依赖扩展包:
配置Spring :
1)修改web.xml导入“#contextLoaderListener”
配置如下:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id="WebApp_ID" version="2.5"><display-name>shiro-web-01</display-name><!-- 配置Spring的 ContextLoaderListener --><!-- needed for ContextLoaderListener --><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xml</param-value></context-param><!-- Bootstraps the root web application context before servlet initialization --><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener> </web-app>
2)在src下添加Spring Bean配置文件applicationContext.xml
配置Spring MVC
1)在web.xm中导入“#dispatcherservlet”
配置后web.xml文件内容为:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id="WebApp_ID" version="2.5"><display-name>shiro-web-01</display-name><!-- 配置Spring的 ContextLoaderListener --><!-- needed for ContextLoaderListener --><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xml</param-value></context-param><!-- Bootstraps the root web application context before servlet initialization --><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><!-- 配置Spring MVC --><!-- The front controller of this Spring Web application, responsible for handling all application requests --><servlet><servlet-name>spring</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><!-- <init-param><param-name>contextConfigLocation</param-name><param-value>location</param-value></init-param>--><load-on-startup>1</load-on-startup></servlet><!-- Map all requests to the DispatcherServlet for handling --><servlet-mapping><servlet-name>spring</servlet-name><url-pattern>/</url-pattern></servlet-mapping> </web-app>
2)在WEB-INF下新建Spring MVC配置文件spring-servlet.xml,并添加spring mvc配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsdhttp://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd"><context:component-scan base-package="com.dx.shiro"></context:component-scan><beanclass="org.springframework.web.servlet.view.InternalResourceViewResolver"><property name="prefix" value="/"></property><property name="suffix" value=".jsp"></property></bean><mvc:annotation-driven></mvc:annotation-driven><mvc:default-servlet-handler /> </beans>
配置Shiro环境
1)导入shiro jar包
导入Shiro开发包:
或者通过pom.xml配置:
<dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-all</artifactId><version>1.3.2</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.13</version></dependency>
2)配置web.xml,导入shiroFilter
可以参考
配置后web.xml内容为:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id="WebApp_ID" version="2.5"><display-name>shiro-web-01</display-name><!-- 配置Spring的 ContextLoaderListener --><!-- needed for ContextLoaderListener --><context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xml</param-value></context-param><!-- Bootstraps the root web application context before servlet initialization --><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><!-- 配置Spring MVC --><!-- The front controller of this Spring Web application, responsible for handling all application requests --><servlet><servlet-name>spring</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><!-- <init-param> <param-name>contextConfigLocation</param-name> <param-value>location</param-value> </init-param> --><load-on-startup>1</load-on-startup></servlet><!-- Map all requests to the DispatcherServlet for handling --><servlet-mapping><servlet-name>spring</servlet-name><url-pattern>/</url-pattern></servlet-mapping><!-- Shiro配置 --><!-- ================================================================== Filters ================================================================== --><!-- Shiro Filter is defined in the spring application context: --><filter><filter-name>shiroFilter</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class><init-param><param-name>targetFilterLifecycle</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>shiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping></web-app>
3)配置Spring的配置文件中来配置Shiro,即在Src下来的applicationContext.xml中配置shiro
配置后的applicationContext.xml内容如下:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"><!-- 1.配置SecurityManager --><!-- Shiro's main business-tier object for web-enabled applications (use DefaultSecurityManager instead when there is no web environment) --><bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"><property name="cacheManager" ref="cacheManager" /><!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --><property name="sessionMode" value="native" /><property name="realm" ref="jdbcRealm" /></bean><!-- 2.配置CacheManager 2.1.配置ehcache的jar包及ehcache的配置文件 --><!-- Let's use some enterprise caching support for better performance. You can replace this with any enterprise caching framework implementation that you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc --><bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"><!-- <property name="cacheManager" ref="ehCacheManager"/> --><property name="cacheManagerConfigFile" value="classpath:ehcache.xml" /></bean><!-- Used by the SecurityManager to access security data (users, roles, etc). Many other realm implementations can be used too (PropertiesRealm, LdapRealm, etc. --><!-- 3.配置Realm --><bean id="jdbcRealm" class="com.dx.shiro.realms.MyRealm"></bean><!-- Post processor that automatically invokes init() and destroy() methods for Spring-configured Shiro objects so you don't have to 1) specify an init-method and destroy-method attributes for every bean definition and 2) even know which Shiro objects require these methods to be called. --><!-- 4.配置org.apache.shiro.spring.LifecycleBeanPostProcessor,可以自动的来调用配置在Spring IOC容器中的 shiro bean的生命周期方法。 --><bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /><!-- 5.启用IOC容器中使用shiro的注解,但必须在配置了DefaultAdvisorAutoProxyCreator之后才可以使用 --><!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: --><beanclass="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"depends-on="lifecycleBeanPostProcessor" /><beanclass="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"><property name="securityManager" ref="securityManager" /></bean><!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml - web.xml uses the DelegatingFilterProxy to access this bean. This allows us to wire things with more control as well utilize nice Spring things such as PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: --><!-- 6.配置shiroFilter 6.1. bean的id必须和web.xml中配置的DelegatingFilterProxy的<filter-name>一致 6.2. anon/authc是过滤器,anon允许匿名访问,authc需要认证才可以访问的页面。 --><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><property name="securityManager" ref="securityManager" /><property name="loginUrl" value="/login.jsp" /><property name="successUrl" value="/list.jsp" /><property name="unauthorizedUrl" value="/unauthorized.jsp" /><!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean defined will be automatically acquired and available via its beanName in chain definitions, but you can perform overrides or parent/child consolidated configuration here if you like: --><!-- <property name="filters"> <util:map> <entry key="aName" value-ref="someFilterPojo"/> </util:map> </property> --><property name="filterChainDefinitions"><value>/login.jsp = anon# everything else requires authentication:/** = authc</value></property></bean> </beans>
3.1)配置ehcache的jar包及ehcache的配置文件
ehcache.xml从hibernate中找:
将其拷贝到src下
ehcache.jar也可以从hibernate开发包中找到:
将其拷贝到WEB-INF/lib下,导入到项目中。
3.2)添加shiro realm
新建包com.dx.shiro.realms,在包下新建一个MyRealm.java
package com.dx.shiro.realms;import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.realm.Realm;public class MyRealm implements Realm {public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {// TODO Auto-generated method stubreturn null;}public String getName() {// TODO Auto-generated method stubreturn null;}public boolean supports(AuthenticationToken arg0) {// TODO Auto-generated method stubreturn false;}}
这里采用咱不实现具体的接口的方式。
3.3)在webcontent下添加页面
添加页面login.jsp,list.jsp,unauthorized.jsp
测试
此时访问网址:
其他任何页面都不允许访问。
