step1 web.xml
<!-- Shiro filter start --> <filter> <filter-name>shiroFilter</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Shiro filter end -->
step2 spring-mvc.xml
设置访问的静态资源(资源目录根据自己的项目需要配置)
<!-- 对静态资源文件的访问 restful -->
<mvc:resources mapping="/admin/**" location="/,/admin/" />
<mvc:resources mapping="/static/**" location="/,/static/" />
<mvc:resources mapping="/plugins/**" location="/,/plugins/" />
<mvc:resources mapping="/uploadFiles/**" location="/,/uploadFiles/" />
<mvc:resources mapping="/swagger/**" location="/,/swagger/" />
<mvc:resources mapping="/swagger-ui.html" location="classpath:/META-INF/resources/"/>
<mvc:resources mapping="/webjars/**" location="classpath:/META-INF/resources/webjars/"/>
shiro 自定义的realm
public class ShiroRealm extends AuthorizingRealm {
/*
* 登录信息和用户验证信息验证(non-Javadoc)
* @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String)token.getPrincipal(); //得到用户名
String password = new String((char[])token.getCredentials()); //得到密码
if(null != username && null != password){
return new SimpleAuthenticationInfo(username, password, getName());
}else{
return null;
}
}
/*
* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用,负责在应用程序中决定用户的访问控制的方法(non-Javadoc)
* @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
System.out.println("========2");
return null;
}
}
step3 applicationContext.xml 需要拦截的请求路径权限,anon 匿名权限 authc 需要认证权限 认证权限根据的是项目自定义的realm来实现
<!-- ================ Shiro start ================ --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="ShiroRealm" /> </bean> <!-- 項目自定义的Realm --> <bean id="ShiroRealm" class="com.fh.interceptor.shiro.ShiroRealm"></bean> <!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/" /> <property name="successUrl" value="/main/index" /> <property name="unauthorizedUrl" value="/login_toLogin" /> <property name="filterChainDefinitions"> <value> /static/login/** = anon /static/js/myjs/** = authc /static/js/** = anon /code.do = anon /login_login = anon /app**/** = anon /weixin/** = anon /swagger/** = anon /api/** = anon /api-docs = anon /swagger-ui.html = anon /webjars/** = anon /swagger-resources/** = anon /v2/** = anon /** = authc </value> </property> </bean> <!-- ================ Shiro end ================ -->