springMVC集成shiro

表单验证

<bean id="formAuthenticationFilter" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
    <property name="usernameParam" value="username"/>
    <property name="passwordParam" value="password"/>
    <property name="loginUrl" value="/login"/>
    <property name="successUrl" value="/success"/>
</bean>

loginUrl：登录url
successUrl：登录成功后跳转到的url

拦截器链配置

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/login"/>
    <property name="filters">
        <util:map>
            <entry key="sysUser" value-ref="sysUserFilter"/>
            <entry key="authc" value-ref="formAuthenticationFilter"/>
        </util:map>
    </property>
    <property name="filterChainDefinitions">
        <value>
            /login = authc
            /** = user,sysUser
        </value>
    </property>
</bean>

配置authc用formAuthenticationFilter来做

登出

使用shiro自带的LogoutFilter

1
2
3

<bean id="logout" class="org.apache.shiro.web.filter.authc.LogoutFilter">
      <property name="redirectUrl" value="/login" />
</bean>

拦截器链配置

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
      <property name="securityManager" ref="securityManager"/>
      <property name="loginUrl" value="/login"/>
      <property name="filters">
          <util:map>
              <entry key="sysUser" value-ref="sysUserFilter"/>
              <entry key="authc" value-ref="formAuthenticationFilter"/>
              <entry key="logout" value-ref="logout"/>
          </util:map>
      </property>
      <property name="filterChainDefinitions">
          <value>
              /login = authc
              /logout = logout
              /** = user,sysUser
          </value>
      </property>
</bean>

授权
controller中根据需要使用@RequiresPermissions(“…”)或@RequiresRoles(“…”)

Chen Danni

Nothing last forever.

springMVC集成shiro