spring boot 集成shiro的配置方法

  <dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-core</artifactId>   <version>${shiro.version}</version> </dependency> <dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-web</artifactId>   <version>${shiro.version}</version> </dependency> <dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-spring</artifactId>   <version>${shiro.version}</version> </dependency> <dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-ehcache</artifactId>   <version>${shiro.version}</version> </dependency> 

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd" default-lazy-init="true"> <description>Shiro安全配置 来源于： http://shiro.apache.org/spring.html </description> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- Single realm app. If you have multiple realms, use the 'realms' property instead. --> <property name="realm" ref="ShiroRealmImpl" /> <property name="cacheManager" ref="shiroEhcacheManager" /> </bean> <!-- Define the realm you want to use to connect to your back-end security datasource: --> <bean id="ShiroRealmImpl" class="com.wechatserver.web.services.system.impl.ShiroRealmImpl" /> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <!-- 没有权限或者失败后跳转的页面 --> <property name="successUrl" value="/sa/index" /> <property name="filterChainDefinitions"> <!-- , roles[admin], perms[document:read] --> <value> <!-- /user/** = authc /role/edit/* = perms[role:edit] /role/save = perms [role:edit] /role/list = perms [role:view] --> /sa/** = authc /** = anon </value> </property> </bean> <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 --> <bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" /> </bean> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <!-- AOP式方法级权限检查 --> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after --> <!-- the lifecycleBeanProcessor has run: --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> </beans> 

import java.util.LinkedHashMap; import java.util.Map; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ShiroConfiguration {   private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();   @Bean(name = "ShiroRealmImpl")   public ShiroRealmImpl getShiroRealm() {     return new ShiroRealmImpl();   }   @Bean(name = "shiroEhcacheManager")   public EhCacheManager getEhCacheManager() {     EhCacheManager em = new EhCacheManager();     em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");     return em;   }   @Bean(name = "lifecycleBeanPostProcessor")   public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {     return new LifecycleBeanPostProcessor();   }   @Bean   public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {     DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();     daap.setProxyTargetClass(true);     return daap;   }   @Bean(name = "securityManager")   public DefaultWebSecurityManager getDefaultWebSecurityManager() {     DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();     dwsm.setRealm(getShiroRealm());     dwsm.setCacheManager(getEhCacheManager());     return dwsm;   }   @Bean   public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() {     AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();     aasa.setSecurityManager(getDefaultWebSecurityManager());     return new AuthorizationAttributeSourceAdvisor();   }   @Bean(name = "shiroFilter")   public ShiroFilterFactoryBean getShiroFilterFactoryBean() {     ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();     shiroFilterFactoryBean         .setSecurityManager(getDefaultWebSecurityManager());     shiroFilterFactoryBean.setLoginUrl("/login");     shiroFilterFactoryBean.setSuccessUrl("/sa/index");     filterChainDefinitionMap.put("/sa/**", "authc");     filterChainDefinitionMap.put("/**", "anon");     shiroFilterFactoryBean         .setFilterChainDefinitionMap(filterChainDefinitionMap);     return shiroFilterFactoryBean;   } } 

<ehcache updateCheck="false" name="shiroCache">   <defaultCache       maxElementsInMemory="10000"       eternal="false"       timeToIdleSeconds="120"       timeToLiveSeconds="120"       overflowToDisk="false"       diskPersistent="false"       diskExpiryThreadIntervalSeconds="120"       /> </ehcache>