怎么把xml转化为java配置,看如下博文:
https://blog.csdn.net/lujiangui/article/details/82217622
实践:shiro配置,因为shiro的官方文档与spring的配置就是基于xml配置,现在改成用java配置,配置很简单,完成功能即可:
config类:
@Configuration
public class shiroConfig {
//过滤器链
@Bean
public ShiroFilterFactoryBean shiroSecurityFilter(DefaultWebSecurityManager securityManager){
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.setLoginUrl("/login");
shiroFilter.setSuccessUrl("/success.html");
Map<String,String> map = new HashMap<String,String>();
map.put("/login","authc");
map.put("/logout","logout");
map.put("/demo/**","anon");
shiroFilter.setFilterChainDefinitionMap(map);
return shiroFilter;
}
//securityManager配置
@Bean
public DefaultWebSecurityManager securityManager(ShiroDataBaseRealm realm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
//自己写的realm
@Bean
public ShiroDataBaseRealm shiroDataBaseRealm(HashedCredentialsMatcher hc){
ShiroDataBaseRealm sh = new ShiroDataBaseRealm();
sh.setCredentialsMatcher(hc);
return sh;
}
//凭证管理器,设置为md5加密
@Bean
public HashedCredentialsMatcher setcredential(){
HashedCredentialsMatcher hc = new HashedCredentialsMatcher();
hc.setHashAlgorithmName("MD5");
return hc;
}
//开启注解,可不用,@RequiresRoles,@RequiresPermissions
@Bean
public DefaultAdvisorAutoProxyCreator role(){
DefaultAdvisorAutoProxyCreator de = new DefaultAdvisorAutoProxyCreator();
return de;
}
@Bean
public LifecycleBeanPostProcessor ini(){
LifecycleBeanPostProcessor li = new LifecycleBeanPostProcessor();
return li;
}
@Bean
public AuthorizationAttributeSourceAdvisor permissipon(DefaultWebSecurityManager securityManager){
AuthorizationAttributeSourceAdvisor a = new AuthorizationAttributeSourceAdvisor();
a.setSecurityManager(securityManager);
return a;
}
}
realm:
public class ShiroDataBaseRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("Principal 对象不能为空");
}
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
List l = new ArrayList();
l.add("r1");
info.addStringPermissions(l);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
String username = usernamePasswordToken.getUsername();
if (username == null) {
throw new AccountException("用户名不能为空");
}
User user = new User();
user.setUsername("hah");
user.setPassword("e10adc3949ba59abbe56e057f20f883e");
if (user == null) {
throw new UnknownAccountException("用户不存在");
}
return new SimpleAuthenticationInfo(user,user.getPassword(),getName());
}
}
controller:
@RequestMapping("/login")
public String login(User user){
String userName = user.getUsername();
String password = user.getPassword();
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(userName,password);
try {
subject.login(usernamePasswordToken);
}catch ( UnknownAccountException uae ) {
return "用户名不存在";
}
return "loginSuccess";
}
@RequestMapping("/demo/so")
@ResponseBody
@RequiresPermissions("r2")
public String success(User user){
return "success";
}
测试
