Shiro-éæSpring
1.å å ¥Spring å shiro çjarå
2.é ç½®SpringåSpringMVC
3.åç §ï¼Apache Shiro\shiro-root-1.2.3-source-release\shiro-root-1.2.3\samples\springé ç½®web.xmlæ件åSpringçé ç½®æ件ã
4.é¦å ï¼é 好SpringåSpringMVCï¼è¯¦ç»ä¿¡æ¯å¦ä¸ï¼
applicationContext.xmlï¼
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:context="http://www.springframework.org/schema/context" 5 xmlns:mvc="http://www.springframework.org/schema/mvc" 6 xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd 7 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 8 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> 9 10 11 <context:component-scan base-package="com.hk.shiro"></context:component-scan> 12 13 14 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 15 <property name="prefix" value="/"></property> 16 <property name="suffix" value=".jsp"></property> 17 </bean> 18 19 <mvc:annotation-driven></mvc:annotation-driven> 20 <mvc:default-servlet-handler/> 21 </beans>
spring-servlet.xmlï¼
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:mvc="http://www.springframework.org/schema/mvc" 5 xmlns:context="http://www.springframework.org/schema/context" 6 xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd 7 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 8 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> 9 10 <context:component-scan base-package="com.atguigu.shiro"></context:component-scan> 11 12 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 13 <property name="prefix" value="/"></property> 14 <property name="suffix" value=".jsp"></property> 15 </bean> 16 17 <mvc:annotation-driven></mvc:annotation-driven> 18 <mvc:default-servlet-handler/> 19 20 </beans>
web.xmlï¼
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 3 xmlns="http://java.sun.com/xml/ns/javaee" 4 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 5 id="WebApp_ID" version="2.5"> 6 7 <!-- needed for ContextLoaderListener --> 8 <context-param> 9 <param-name>contextConfigLocation</param-name> 10 <param-value>classpath:applicationContext.xml</param-value> 11 </context-param> 12 13 <!-- Bootstraps the root web application context before servlet initialization --> 14 <listener> 15 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 16 </listener> 17 18 <!-- The front controller of this Spring Web application, responsible for handling all application requests --> 19 <servlet> 20 <servlet-name>spring</servlet-name> 21 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 22 <load-on-startup>1</load-on-startup> 23 </servlet> 24 25 <!-- Map all requests to the DispatcherServlet for handling --> 26 <servlet-mapping> 27 <servlet-name>spring</servlet-name> 28 <url-pattern>/</url-pattern> 29 </servlet-mapping> 30 </web-app>
user.jspï¼
1 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" 2 pageEncoding="ISO-8859-1"%> 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 4 <html> 5 <head> 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 7 <title>Insert title here</title> 8 </head> 9 <body> 10 11 <h4>User Page</h4> 12 13 </body> 14 </html>
è¿è¡ç»æï¼
æ以ï¼é ç½®æåã
éï¼
5.åshiroéæ
éï¼
ShiroRealm.javaï¼
1 package com.hk.shiro.realms; 2 3 import org.apache.shiro.authc.AuthenticationException; 4 import org.apache.shiro.authc.AuthenticationInfo; 5 import org.apache.shiro.authc.AuthenticationToken; 6 import org.apache.shiro.realm.Realm; 7 8 public class ShiroRealm implements Realm { 9 10 @Override 11 public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException { 12 // TODO Auto-generated method stub 13 return null; 14 } 15 16 @Override 17 public String getName() { 18 // TODO Auto-generated method stub 19 return null; 20 } 21 22 @Override 23 public boolean supports(AuthenticationToken arg0) { 24 // TODO Auto-generated method stub 25 return false; 26 } 27 28 }
applicationContext.xmlï¼
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:context="http://www.springframework.org/schema/context" 5 xmlns:mvc="http://www.springframework.org/schema/mvc" 6 xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd 7 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 8 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> 9 10 <!-- ========================================================= 11 Shiro Core Components - Not Spring Specific 12 ========================================================= --> 13 <!-- Shiro's main business-tier object for web-enabled applications 14 (use DefaultSecurityManager instead when there is no web environment)--> 15 <!-- 16 1.é ç½®SecurityManagerã 17 --> 18 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 19 <property name="cacheManager" ref="cacheManager"/> 20 <property name="realm" ref="jdbcRealm"/> 21 </bean> 22 23 <!-- Let's use some enterprise caching support for better performance. You can replace this with any enterprise 24 caching framework implementation that you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc --> 25 <!-- 26 2.é ç½®CacheManager 27 2.1é ç½®ehchaceçjarå åé ç½®æ件 28 --> 29 <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> 30 <!-- Set a net.sf.ehcache.CacheManager instance here if you already have one. If not, a new one 31 will be creaed with a default config: 32 <property name="cacheManager" ref="ehCacheManager"/> --> 33 <!-- If you don't have a pre-built net.sf.ehcache.CacheManager instance to inject, but you want 34 a specific Ehcache configuration to be used, specify that here. If you don't, a default 35 will be used.:--> 36 <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/> 37 </bean> 38 39 <!-- Used by the SecurityManager to access security data (users, roles, etc). 40 Many other realm implementations can be used too (PropertiesRealm, 41 LdapRealm, etc. --> 42 <!-- 43 3.é ç½®Realm 44 3.1ç´æ¥é ç½®å®ç°äºorg.apache.shiro.realm.Realmæ¥å£çbean 45 --> 46 <bean id="jdbcRealm" class="com.hk.shiro.realms.ShiroRealm"></bean> 47 48 <!-- ========================================================= 49 Shiro Spring-specific integration 50 ========================================================= --> 51 <!-- Post processor that automatically invokes init() and destroy() methods 52 for Spring-configured Shiro objects so you don't have to 53 1) specify an init-method and destroy-method attributes for every bean 54 definition and 55 2) even know which Shiro objects require these methods to be 56 called. --> 57 <!-- 58 4.é ç½®LifecycleBeanPostProcessorãå¯ä»¥èªå¨çæ¥é ç½®è°ç¨Spring IOC容å¨ä¸çå½å¨ææ¹æ³ 59 --> 60 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> 61 62 <!-- Enable Shiro Annotations for Spring-configured beans. Only run after 63 the lifecycleBeanProcessor has run: --> 64 <!-- 65 5.å¯ç¨IOC容å¨ä¸ä½¿ç¨shiroç注解ãä½å¿ é¡»å¨é ç½®äºlifecycleBeanProcessor ä¹åæå¯ä»¥ä½¿ç¨ 66 --> 67 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" 68 depends-on="lifecycleBeanPostProcessor"/> 69 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> 70 <property name="securityManager" ref="securityManager"/> 71 </bean> 72 73 <!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml - 74 web.xml uses the DelegatingFilterProxy to access this bean. This allows us 75 to wire things with more control as well utilize nice Spring things such as 76 PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: --> 77 <!-- 78 6.é ç½®shiroFilterã 79 6.1idå¿ é¡»åweb.xmlæ件ä¸é ç½®çDelegatingFilterProxyç<filter-name>ä¸è´ã 80 --> 81 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 82 <property name="securityManager" ref="securityManager"/> 83 <property name="loginUrl" value="/login.jsp"/> 84 <property name="successUrl" value="/list.jsp"/> 85 <property name="unauthorizedUrl" value="/unauthorized.jsp"/> 86 <!-- 87 é ç½®åªäºé¡µé¢éè¦åä¿æ¤. 88 以å访é®è¿äºé¡µé¢éè¦çæé. 89 1). anon å¯ä»¥è¢«å¿åè®¿é® 90 2). authc å¿ é¡»è®¤è¯(å³ç»å½)åæå¯è½è®¿é®ç页é¢. 91 3). logout ç»åº. 92 4). roles è§è²è¿æ»¤å¨ 93 --> 94 <property name="filterChainDefinitions"> 95 <value> 96 /login.jsp = anon 97 # everything else requires authentication: 98 /** = authc 99 </value> 100 </property> 101 </bean> 102 </beans>
ehcache.xmlï¼
1 <ehcache> 2 3 <!-- Sets the path to the directory where cache .data files are created. 4 5 If the path is a Java System Property it is replaced by 6 its value in the running VM. 7 8 The following properties are translated: 9 user.home - User's home directory 10 user.dir - User's current working directory 11 java.io.tmpdir - Default temp file path --> 12 <diskStore path="java.io.tmpdir"/> 13 14 <cache name="authorizationCache" 15 eternal="false" 16 timeToIdleSeconds="3600" 17 timeToLiveSeconds="0" 18 overflowToDisk="false" 19 statistics="true"> 20 </cache> 21 22 <cache name="authenticationCache" 23 eternal="false" 24 timeToIdleSeconds="3600" 25 timeToLiveSeconds="0" 26 overflowToDisk="false" 27 statistics="true"> 28 </cache> 29 30 <cache name="shiro-activeSessionCache" 31 eternal="false" 32 timeToIdleSeconds="3600" 33 timeToLiveSeconds="0" 34 overflowToDisk="false" 35 statistics="true"> 36 </cache> 37 38 <!--Default Cache configuration. These will applied to caches programmatically created through 39 the CacheManager. 40 41 The following attributes are required for defaultCache: 42 43 maxInMemory - Sets the maximum number of objects that will be created in memory 44 eternal - Sets whether elements are eternal. If eternal, timeouts are ignored and the element 45 is never expired. 46 timeToIdleSeconds - Sets the time to idle for an element before it expires. Is only used 47 if the element is not eternal. Idle time is now - last accessed time 48 timeToLiveSeconds - Sets the time to live for an element before it expires. Is only used 49 if the element is not eternal. TTL is now - creation time 50 overflowToDisk - Sets whether elements can overflow to disk when the in-memory cache 51 has reached the maxInMemory limit. 52 53 --> 54 <defaultCache 55 maxElementsInMemory="10000" 56 eternal="false" 57 timeToIdleSeconds="120" 58 timeToLiveSeconds="120" 59 overflowToDisk="true" 60 /> 61 62 <!--Predefined caches. Add your cache configuration settings here. 63 If you do not have a configuration for your cache a WARNING will be issued when the 64 CacheManager starts 65 66 The following attributes are required for defaultCache: 67 68 name - Sets the name of the cache. This is used to identify the cache. It must be unique. 69 maxInMemory - Sets the maximum number of objects that will be created in memory 70 eternal - Sets whether elements are eternal. If eternal, timeouts are ignored and the element 71 is never expired. 72 timeToIdleSeconds - Sets the time to idle for an element before it expires. Is only used 73 if the element is not eternal. Idle time is now - last accessed time 74 timeToLiveSeconds - Sets the time to live for an element before it expires. Is only used 75 if the element is not eternal. TTL is now - creation time 76 overflowToDisk - Sets whether elements can overflow to disk when the in-memory cache 77 has reached the maxInMemory limit. 78 79 --> 80 81 <!-- Sample cache named sampleCache1 82 This cache contains a maximum in memory of 10000 elements, and will expire 83 an element if it is idle for more than 5 minutes and lives for more than 84 10 minutes. 85 86 If there are more than 10000 elements it will overflow to the 87 disk cache, which in this configuration will go to wherever java.io.tmp is 88 defined on your system. On a standard Linux system this will be /tmp" 89 --> 90 <cache name="sampleCache1" 91 maxElementsInMemory="10000" 92 eternal="false" 93 timeToIdleSeconds="300" 94 timeToLiveSeconds="600" 95 overflowToDisk="true" 96 /> 97 98 <!-- Sample cache named sampleCache2 99 This cache contains 1000 elements. Elements will always be held in memory. 100 They are not expired. --> 101 <cache name="sampleCache2" 102 maxElementsInMemory="1000" 103 eternal="true" 104 timeToIdleSeconds="0" 105 timeToLiveSeconds="0" 106 overflowToDisk="false" 107 /> --> 108 109 <!-- Place configuration for your caches following --> 110 111 </ehcache>
spring-servlet.xmlåweb.xml没æåã
list.jspï¼
1 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" 2 pageEncoding="ISO-8859-1"%> 3 <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> 4 5 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 6 <html> 7 <head> 8 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 9 <title>Insert title here</title> 10 </head> 11 <body> 12 13 <h4>List Page</h4> 14 15 Welcome: <shiro:principal></shiro:principal> 16 17 <shiro:hasRole name="admin"> 18 <br><br> 19 <a href="admin.jsp">Admin Page</a> 20 </shiro:hasRole> 21 22 <shiro:hasRole name="user"> 23 <br><br> 24 <a href="user.jsp">User Page</a> 25 </shiro:hasRole> 26 27 <br><br> 28 <a href="shiro/testShiroAnnotation">Test ShiroAnnotation</a> 29 30 <br><br> 31 <a href="shiro/logout">Logout</a> 32 33 </body> 34 </html>
login.jspï¼
1 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" 2 pageEncoding="ISO-8859-1"%> 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 4 <html> 5 <head> 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 7 <title>Insert title here</title> 8 </head> 9 <body> 10 11 <h4>Login Page</h4> 12 13 <form action="shiro/login" method="POST"> 14 username: <input type="text" name="username"/> 15 <br><br> 16 17 password: <input type="password" name="password"/> 18 <br><br> 19 20 <input type="submit" value="Submit"/> 21 </form> 22 23 </body> 24 </html>
unauthorized.jspï¼
1 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" 2 pageEncoding="ISO-8859-1"%> 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 4 <html> 5 <head> 6 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 7 <title>Insert title here</title> 8 </head> 9 <body> 10 11 <h4>Unauthorized Page</h4> 12 13 </body> 14 </html>
è¿è¡ç»æï¼
注ï¼åªælogin.jspæè½è®¿é®ï¼å ¶ä»çä¸è¡ã
注æï¼æªå®å¾ ç»ããã