Java-Shiro（三）：Shiro与Spring MVC集成

新建Java Daynamic Web项目

导入Spring、SpringMVC依赖包：

导入Spring & Spring MVC包（导入如下所有开发包）：

Spring AOP依赖扩展包：

配置Spring ： 

1）修改web.xml导入“#contextLoaderListener”

配置如下：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>shiro-web-01</display-name>
    <!-- 配置Spring的 ContextLoaderListener -->
    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml</param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
</web-app>

2）在src下添加Spring Bean配置文件applicationContext.xml

配置Spring MVC

1）在web.xm中导入“#dispatcherservlet”

配置后web.xml文件内容为：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>shiro-web-01</display-name>
    <!-- 配置Spring的 ContextLoaderListener -->
    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml</param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    
    <!-- 配置Spring MVC -->
    <!-- The front controller of this Spring Web application, responsible for handling all application requests -->
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <!-- 
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>location</param-value>
        </init-param>
         -->
        <load-on-startup>1</load-on-startup>
    </servlet>

    <!-- Map all requests to the DispatcherServlet for handling -->
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

2）在WEB-INF下新建Spring MVC配置文件spring-servlet.xml，并添加spring mvc配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">

    <context:component-scan base-package="com.dx.shiro"></context:component-scan>

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/"></property>
        <property name="suffix" value=".jsp"></property>
    </bean>

    <mvc:annotation-driven></mvc:annotation-driven>
    <mvc:default-servlet-handler />
</beans>

配置Shiro环境

1）导入shiro jar包

导入Shiro开发包：

或者通过pom.xml配置：

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-all</artifactId>
            <version>1.3.2</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
            <version>1.7.13</version>
        </dependency>

2）配置web.xml，导入shiroFilter

可以参考

配置后web.xml内容为：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>shiro-web-01</display-name>
    <!-- 配置Spring的 ContextLoaderListener -->
    <!-- needed for ContextLoaderListener -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml</param-value>
    </context-param>

    <!-- Bootstraps the root web application context before servlet initialization -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- 配置Spring MVC -->
    <!-- The front controller of this Spring Web application, responsible for 
        handling all application requests -->
    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <!-- <init-param> <param-name>contextConfigLocation</param-name> <param-value>location</param-value> 
            </init-param> -->
        <load-on-startup>1</load-on-startup>
    </servlet>

    <!-- Map all requests to the DispatcherServlet for handling -->
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <!-- Shiro配置 -->
    <!-- ================================================================== 
        Filters ================================================================== -->
    <!-- Shiro Filter is defined in the spring application context: -->
    <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

3）配置Spring的配置文件中来配置Shiro，即在Src下来的applicationContext.xml中配置shiro

配置后的applicationContext.xml内容如下：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    <!-- 1.配置SecurityManager -->
    <!-- Shiro's main business-tier object for web-enabled applications (use 
        DefaultSecurityManager instead when there is no web environment) -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="cacheManager" ref="cacheManager" />
        <!-- Single realm app. If you have multiple realms, use the 'realms' property 
            instead. -->
        <property name="sessionMode" value="native" />
        <property name="realm" ref="jdbcRealm" />
    </bean>

    <!-- 2.配置CacheManager 2.1.配置ehcache的jar包及ehcache的配置文件 -->
    <!-- Let's use some enterprise caching support for better performance. You 
        can replace this with any enterprise caching framework implementation that 
        you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc -->
    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
        <!-- <property name="cacheManager" ref="ehCacheManager"/> -->
        <property name="cacheManagerConfigFile" value="classpath:ehcache.xml" />
    </bean>

    <!-- Used by the SecurityManager to access security data (users, roles, 
        etc). Many other realm implementations can be used too (PropertiesRealm, 
        LdapRealm, etc. -->
    <!-- 3.配置Realm -->
    <bean id="jdbcRealm" class="com.dx.shiro.realms.MyRealm">
    </bean>

    <!-- Post processor that automatically invokes init() and destroy() methods 
        for Spring-configured Shiro objects so you don't have to 1) specify an init-method 
        and destroy-method attributes for every bean definition and 2) even know 
        which Shiro objects require these methods to be called. -->
    <!-- 4.配置org.apache.shiro.spring.LifecycleBeanPostProcessor,可以自动的来调用配置在Spring 
        IOC容器中的 shiro bean的生命周期方法。 -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

    <!-- 5.启用IOC容器中使用shiro的注解，但必须在配置了DefaultAdvisorAutoProxyCreator之后才可以使用 -->
    <!-- Enable Shiro Annotations for Spring-configured beans. Only run after 
        the lifecycleBeanProcessor has run: -->
    <bean
        class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
        depends-on="lifecycleBeanPostProcessor" />
    <bean
        class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />
    </bean>


    <!-- Define the Shiro Filter here (as a FactoryBean) instead of directly 
        in web.xml - web.xml uses the DelegatingFilterProxy to access this bean. 
        This allows us to wire things with more control as well utilize nice Spring 
        things such as PropertiesPlaceholderConfigurer and abstract beans or anything 
        else we might need: -->
    <!-- 
        6.配置shiroFilter 
        6.1. bean的id必须和web.xml中配置的DelegatingFilterProxy的<filter-name>一致 
        6.2. anon/authc是过滤器，anon允许匿名访问，authc需要认证才可以访问的页面。 
        -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/login.jsp" />
        <property name="successUrl" value="/list.jsp" />
        <property name="unauthorizedUrl" value="/unauthorized.jsp" />
        <!-- The 'filters' property is not necessary since any declared javax.servlet.Filter 
            bean defined will be automatically acquired and available via its beanName 
            in chain definitions, but you can perform overrides or parent/child consolidated 
            configuration here if you like: -->
        <!-- <property name="filters"> <util:map> <entry key="aName" value-ref="someFilterPojo"/> 
            </util:map> </property> -->
        <property name="filterChainDefinitions">
            <value>
                /login.jsp = anon

                # everything else requires authentication:
                /** = authc
            </value>
        </property>
    </bean>
</beans>

3.1）配置ehcache的jar包及ehcache的配置文件

ehcache.xml从hibernate中找：

将其拷贝到src下

ehcache.jar也可以从hibernate开发包中找到：

将其拷贝到WEB-INF/lib下，导入到项目中。

3.2）添加shiro realm

新建包com.dx.shiro.realms，在包下新建一个MyRealm.java

package com.dx.shiro.realms;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.realm.Realm;

public class MyRealm implements Realm {

    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
        // TODO Auto-generated method stub
        return null;
    }

    public String getName() {
        // TODO Auto-generated method stub
        return null;
    }

    public boolean supports(AuthenticationToken arg0) {
        // TODO Auto-generated method stub
        return false;
    }

}

这里采用咱不实现具体的接口的方式。

3.3）在webcontent下添加页面

添加页面login.jsp,list.jsp,unauthorized.jsp

测试

此时访问网址：

其他任何页面都不允许访问。