apache shiro与spring的环境搭建

openkk 13年前

最近两个项目分别用到了spring security与apache shiro这两个安全框架。
感觉到shiro爽一些。

web.xml

  <context-param>            <param-name>contextConfigLocation</param-name>              <param-value>                 <!--spring 的配置文件-->                 classpath:/applicationContext-hibernate.xml            </param-value>       </context-param>             <!-- shiro -->       <filter>              <filter-name>shiroFilter</filter-name>            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>            <init-param>                 <param-name>targetFilterLifecycle</param-name>                   <param-value>true</param-value>            </init-param>       </filter>             <filter-mapping>            <filter-name>shiroFilter</filter-name>              <url-pattern>/*</url-pattern>       </filter-mapping>             <!-- Listeners -->       <listener>            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>         </listener>

applicationContext-hibernate.xml

<?xml version="1.0" encoding="UTF-8"?>  <beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"       xmlns:tx="http://www.springframework.org/schema/tx"       xsi:schemaLocation="         http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd         http://www.springframework.org/schema/tx         http://www.springframework.org/schema/tx/spring-tx-3.0.xsd         http://www.springframework.org/schema/aop         http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">         <!-- SessionFactory, DataSource, etc. omitted -->         <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"            destroy-method="close">            <property name="driverClassName" value="${jdbc.driverClassName}" />            <property name="url" value="${jdbc.url}" />            <property name="username" value="${jdbc.username}" />            <property name="password" value="${jdbc.password}" />         </bean>         <bean id="sessionFactory"            class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">            <property name="dataSource" ref="dataSource" />            <property name="packagesToScan">                 <list>                      <value>org.projects.graduates.domain</value>                   </list>            </property>            <property name="hibernateProperties">                 <value>hibernate.dialect=${hibernate.dialect}</value>            </property>         </bean>         <bean id="txManager"            class="org.springframework.orm.hibernate3.HibernateTransactionManager">            <property name="sessionFactory" ref="sessionFactory" />       </bean>         <tx:advice id="txAdvice" transaction-manager="txManager">              <tx:attributes>                 <tx:method name="get*" read-only="true" />                 <tx:method name="find*" read-only="true" />                 <tx:method name="*" propagation="REQUIRED" />            </tx:attributes>       </tx:advice>         <aop:config>            <aop:pointcut id="appOperation"                 expression="execution(* org.projects.graduates.app.GradApplication.*(..))" />            <aop:advisor advice-ref="txAdvice" pointcut-ref="appOperation" />       </aop:config>         <!-- shiro -->         <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">            <property name="securityManager" ref="securityManager" />            <property name="loginUrl" value="/login.action" />            <property name="successUrl" value="/main.action" />            <property name="unauthorizedUrl" value="/login.action" />            <property name="filterChainDefinitions">                   <value>                      /index.action = anon                      /login.action = anon                      /main.action = authc, roles[admin]                      /course/** = authc, roles[admin]                 </value>            </property>       </bean>               <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">         <!--设置自定义realm-->            <property name="realm" ref="myRealm" />       </bean>             <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />             <!--myRealm 继承自AuthorizingRealm-->       <bean id="myRealm" class="org.projects.graduates.shiro.GradRealm" ></bean>         <bean            class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">            <property name="staticMethod"                 value="org.apache.shiro.SecurityUtils.setSecurityManager" />            <property name="arguments" ref="securityManager" />       </bean>    </beans>

org.projects.graduates.shiro.GradRealm

public class GradRealm extends AuthorizingRealm {         private SecurityApplication securityApplication = new SecurityApplicationImpl();         public GradRealm() {            super();            //设置认证token的实现类            setAuthenticationTokenClass(UsernamePasswordToken.class);            //设置加密算法            setCredentialsMatcher(new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));                  }       //授权       protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {            String loginName = (String) principalCollection.fromRealm(getName()).iterator().next();            User user = securityApplication.findby(loginName);            if (null == user) {                 return null;            } else {                 SimpleAuthorizationInfo result = new SimpleAuthorizationInfo();                                 result.addRoles(UserRoles.findRoleNamesOf(user));                 for (Role role : UserRoles.findRolesOf(user)) {                      result.addStringPermissions(role.getPermissions());                 }                                 return result;              }       }         //认证       protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {            UsernamePasswordToken upToken = (UsernamePasswordToken) token;            User user = securityApplication.findby(upToken.getUsername());            if (user != null) {                 return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());            }            return null;       }  }