牧场SZShepherd 2020-02-16
在spring项目中我们集成第三方的框架如shiro会在spring.xml配置文件中进行配置,例如:
<!-- 配置shiro框架提供过滤器工厂 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- 注入shiro核心组件安全管理器 --> <property name="securityManager" ref="securityManager"></property> <!-- 注入相关页面 --> <property name="loginUrl" value="/login.jsp"></property> <property name="unauthorizedUrl" value="/unauthorized.jsp"></property> <!-- 配置过滤器链:配置项目发出url对应拦截规则:指定什么url要求具有什么样权限 --> <property name="filterChainDefinitions"> <value> /css/**=anon /js/**=anon /validatecode.jsp*=anon /images/**=anon /login.jsp=anon /service/**=anon /**=authc </value> </property> </bean> <!-- 配置安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realms" ref="bosRealm"></property> <!-- 使用缓存 --> <property name="cacheManager" ref="cacheManager"></property> </bean> <!-- 配置缓存管理器--> <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <!-- 加载ehcache的配置文件,指定缓存策略 --> <property name="cacheManager" ref="ehcacheManager"></property> </bean> <!-- 开启shiro注解支持 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"> <!-- 强制使用cglib代理 --> <property name="proxyTargetClass" value="true"></property> </bean> <!-- 配置切面 目的验权,判断当前用户是否有权限调用service层方法 --> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"></bean>
在springboot与shiro整合:
@Configuration public class ShiroConfig { @Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); Map<String, String> filterChainDefinitionMap = new HashMap<String, String>(); shiroFilterFactoryBean.setLoginUrl("/login"); shiroFilterFactoryBean.setUnauthorizedUrl("/unauthc"); shiroFilterFactoryBean.setSuccessUrl("/home/index"); filterChainDefinitionMap.put("/*", "anon"); filterChainDefinitionMap.put("/authc/index", "authc"); return shiroFilterFactoryBean; } @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName(PasswordHelper.ALGORITHM_NAME); hashedCredentialsMatcher.setHashIterations(PasswordHelper.HASH_ITERATIONS); return hashedCredentialsMatcher; } @Bean public EnceladusShiroRealm shiroRealm() { EnceladusShiroRealm shiroRealm = new EnceladusShiroRealm(); shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return shiroRealm; } @Bean public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroRealm()); return securityManager; } @Bean public PasswordHelper passwordHelper() { return new PasswordHelper(); } }