apache shiro与spring的环境搭建
openkk
13年前
最近两个项目分别用到了spring security与apache shiro这两个安全框架。
感觉到shiro爽一些。
web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value> <!--spring 的配置文件--> classpath:/applicationContext-hibernate.xml </param-value> </context-param> <!-- shiro --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Listeners --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener>
applicationContext-hibernate.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> <!-- SessionFactory, DataSource, etc. omitted --> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"> <property name="driverClassName" value="${jdbc.driverClassName}" /> <property name="url" value="${jdbc.url}" /> <property name="username" value="${jdbc.username}" /> <property name="password" value="${jdbc.password}" /> </bean> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean"> <property name="dataSource" ref="dataSource" /> <property name="packagesToScan"> <list> <value>org.projects.graduates.domain</value> </list> </property> <property name="hibernateProperties"> <value>hibernate.dialect=${hibernate.dialect}</value> </property> </bean> <bean id="txManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory" ref="sessionFactory" /> </bean> <tx:advice id="txAdvice" transaction-manager="txManager"> <tx:attributes> <tx:method name="get*" read-only="true" /> <tx:method name="find*" read-only="true" /> <tx:method name="*" propagation="REQUIRED" /> </tx:attributes> </tx:advice> <aop:config> <aop:pointcut id="appOperation" expression="execution(* org.projects.graduates.app.GradApplication.*(..))" /> <aop:advisor advice-ref="txAdvice" pointcut-ref="appOperation" /> </aop:config> <!-- shiro --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login.action" /> <property name="successUrl" value="/main.action" /> <property name="unauthorizedUrl" value="/login.action" /> <property name="filterChainDefinitions"> <value> /index.action = anon /login.action = anon /main.action = authc, roles[admin] /course/** = authc, roles[admin] </value> </property> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!--设置自定义realm--> <property name="realm" ref="myRealm" /> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <!--myRealm 继承自AuthorizingRealm--> <bean id="myRealm" class="org.projects.graduates.shiro.GradRealm" ></bean> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" /> <property name="arguments" ref="securityManager" /> </bean> </beans>
org.projects.graduates.shiro.GradRealm
public class GradRealm extends AuthorizingRealm { private SecurityApplication securityApplication = new SecurityApplicationImpl(); public GradRealm() { super(); //设置认证token的实现类 setAuthenticationTokenClass(UsernamePasswordToken.class); //设置加密算法 setCredentialsMatcher(new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME)); } //授权 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { String loginName = (String) principalCollection.fromRealm(getName()).iterator().next(); User user = securityApplication.findby(loginName); if (null == user) { return null; } else { SimpleAuthorizationInfo result = new SimpleAuthorizationInfo(); result.addRoles(UserRoles.findRoleNamesOf(user)); for (Role role : UserRoles.findRolesOf(user)) { result.addStringPermissions(role.getPermissions()); } return result; } } //认证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; User user = securityApplication.findby(upToken.getUsername()); if (user != null) { return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName()); } return null; } }