spring+shiro 整合实例代码详解

<dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-core</artifactId>   <version>1.2.1</version>  </dependency>  <dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-web</artifactId>   <version>1.2.1</version>  </dependency>  <dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-ehcache</artifactId>   <version>1.2.1</version>  </dependency>  <dependency>   <groupId>org.apache.shiro</groupId>   <artifactId>shiro-spring</artifactId>   <version>1.2.1</version>  </dependency>   <dependency>   <groupId>commons-logging</groupId>   <artifactId>commons-logging</artifactId>   <version>1.2</version>  </dependency>

public class CommonRealm extends AuthorizingRealm { @Autowired private UserLoginService userLoginService; @Override public String getName() {  return "CommonRealm"; } //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {  String usernmae = (String) principals.getPrimaryPrincipal();  List<String> permissions = new ArrayList<String>();  if ("admin".equals(usernmae)) {   permissions.add("admin:ee");  }  SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();  info.addStringPermissions(permissions);  return info; } //身份认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {  String username = (String) token.getPrincipal();  User user = userLoginService.getUser(username);  if (user == null) {   return null;  }  SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, user.getPassword(), getName());  return info; }}

@Controllerpublic class UserAction { @Autowired private UserLoginService userLoginService; @RequestMapping("/login.do") public String userLogin(HttpServletRequest request, String username, String password) throws Exception {  // 如果登陆失败从request中获取异常信息，shiroLoginFailure就是shiro异常类的全限定名  String exceptionClassName = (String) request.getAttribute("shiroLoginFailure");  if (exceptionClassName != null) {   if (UnknownAccountException.class.getName().equals(exceptionClassName)) {    // 最终会抛给异常处理器    throw new XXXException("用户名不存在");   } else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {    throw new XXXException("用户名/密码错误");   } else {    throw new Exception();// 最终在异常处理器生成未知错误   }  }  // 如果登录成功的话不走此方法，shiro认证成功会自动跳转到上一个请求路径，配的的successUrl没效果，后边会说  // 登陆失败走此方法，捕获异常，然后 return ~ ,还到login页面  return "login.jsp"; }}

 //此方法为了验证权限是否生效 @RequestMapping("/findAll.do") @RequiresPermissions("admin:ee") public ModelAndView list(HttpServletRequest request){  .......  }

public class LoginSuccessToFilter extends FormAuthenticationFilter { @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {  WebUtils.getAndClearSavedRequest(request);  WebUtils.redirectToSavedRequest(request,response,"/findAll.do");  return false; }}

 <bean id="myfilter" class="com.xxx.realm.LoginSuccessToFilter"></bean>

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  <property name="filters">   <map>    <entry key="authc" value-ref="myfilter"></entry>   </map>  </property></bean><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  <property name="filters">   <map>    <entry key="authc" value-ref="myfilter"></entry>   </map>  </property></bean>

applicationContext-shiro.xml<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"  xmlns:context="http://www.springframework.org/schema/context"  xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jee="http://www.springframework.org/schema/jee"  xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:util="http://www.springframework.org/schema/util"  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd   http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd   http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd   http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd   http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  <!-- 管理器，必须设置 -->  <property name="securityManager" ref="securityManager"/>  <property name="filters">   <map>    <entry key="authc" value-ref="myfilter"></entry>   </map>  </property>  <!-- 拦截到，跳转到的地址,通过此地址去认证 -->  <property name="loginUrl" value="/login.do"/>  <!-- 认证成功统一跳转到/admin/index.do，建议不配置，shiro认证成功自动到上一个请求路径 -->  <!--<property name="successUrl" value="/findAll.do"/>-->  <!-- 通过unauthorizedUrl指定没有权限操作时跳转页面 -->  <property name="unauthorizedUrl" value="/refuse.jsp"/>  <!-- 自定义filter，可用来更改默认的表单名称配置 -->  <!--<property name="filters">-->  <!--<map>-->  <!--<!– 将自定义 的FormAuthenticationFilter注入shiroFilter中 –>-->  <!--<entry key="authc" value-ref="formAuthenticationFilter" />-->  <!--</map>-->  <!--</property>-->  <property name="filterChainDefinitions">   <value>    <!-- 对静态资源设置匿名访问 -->    /image/** = anon    /css/** = anon    /js/** = anon    /logout.do = logout    /** = authc   </value>  </property> </bean> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!-- securityManager安全管理器 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">  <property name="realm" ref="customRealm"/>  <!-- 注入缓存管理器 -->  <!--<property name="cacheManager" ref="cacheManager" />-->  <!-- 注入session管理器 -->  <!-- <property name="sessionManager" ref="sessionManager" /> -->  <!-- 记住我 -->  <!--<property name="rememberMeManager" ref="rememberMeManager" />--> </bean> <!-- 自定义realm --> <bean id="customRealm" class="com.dhl.realm.CommonRealm"></bean> <bean id="myfilter" class="com.dhl.realm.LoginSuccessToFilter"></bean> <!-- 凭证匹配器 --> <!--<bean id="credentialsMatcher"-->   <!--class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">-->  <!--<!– 选用MD5散列算法 –>-->  <!--<property name="hashAlgorithmName" value="md5"/>-->  <!--<!– 进行一次加密 –>-->  <!--<property name="hashIterations" value="1"/>--> <!--</bean>--></beans>

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:aop="http://www.springframework.org/schema/aop"  xmlns:tx="http://www.springframework.org/schema/tx"  xmlns:context="http://www.springframework.org/schema/context"  xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jdbc="http://www.springframework.org/schema/jdbc"  xsi:schemaLocation="http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans.xsd  http://www.springframework.org/schema/aop  http://www.springframework.org/schema/aop/spring-aop.xsd  http://www.springframework.org/schema/tx  http://www.springframework.org/schema/tx/spring-tx.xsd  http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context.xsd  http://www.springframework.org/schema/mvc  http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd"> <context:component-scan base-package="com.dhl.controller"></context:component-scan> <mvc:annotation-driven></mvc:annotation-driven> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"></bean> <!-- 开启shiro注解的配置移动到这儿 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">  <property name="proxyTargetClass" value="true" /> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">  <property name="securityManager" ref="securityManager"/> </bean></beans>