基于Spring框架的Shiro配置

http://kdboy.iteye.com/blog/1103794

一、在web.xml中添加shiro过滤器 

 <!-- Shiro filter-->
 <filter>
     <filter-name>shiroFilter</filter-name>
     <filter-class>
         org.springframework.web.filter.DelegatingFilterProxy
     </filter-class>
 </filter>
 <filter-mapping>
     <filter-name>shiroFilter</filter-name>
     <url-pattern>/*</url-pattern>
 </filter-mapping>

二、在Spring的applicationContext.xml中添加shiro配置 
1、添加shiroFilter定义 

 <!-- Shiro Filter -->
 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
     <property name="securityManager" ref="securityManager" />
     <property name="loginUrl" value="/login" />
     <property name="successUrl" value="/user/list" />
     <property name="unauthorizedUrl" value="/login" />
     <property name="filterChainDefinitions">
         <value>
             /login = anon
             /user/** = authc
             /role/edit/* = perms[role:edit]
             /role/save = perms[role:edit]
             /role/list = perms[role:view]
             /** = authc
         </value>
     </property>
 </bean>

2、添加securityManager定义 

 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
     <property name="realm" ref="myRealm" />
 </bean>

3、添加realm定义 

 <bean id=" myRealm" class="com...MyRealm" />

三、实现MyRealm：继承AuthorizingRealm，并重写认证授权方法 

 public class MyRealm extends AuthorizingRealm{

     private AccountManager accountManager;
     public void setAccountManager(AccountManager accountManager) {
         this.accountManager = accountManager;
     }

     /**
      * 授权信息
      */
     protected AuthorizationInfo doGetAuthorizationInfo(
                 PrincipalCollection principals) {
         String username=(String)principals.fromRealm(getName()).iterator().next();
         if( username != null ){
             User user = accountManager.get( username );
             if( user != null && user.getRoles() != null ){
                 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
                 for( SecurityRole each: user.getRoles() ){
                         info.addRole(each.getName());
                         info.addStringPermissions(each.getPermissionsAsString());
                 }
                 return info;
             }
         }
         return null;
     }

     /**
      * 认证信息
      */
     protected AuthenticationInfo doGetAuthenticationInfo(
                 AuthenticationToken authcToken ) throws AuthenticationException {
         UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
         String userName = token.getUsername();
         if( userName != null && !"".equals(userName) ){
             User user = accountManager.login(token.getUsername(),
                             String.valueOf(token.getPassword()));

             if( user != null )
                 return new SimpleAuthenticationInfo(
                             user.getLoginName(),user.getPassword(), getName());
         }
         return null;
     }

 }