Spring如何整合Shiro做权限控制模块

2.web.xml中配置

 << roleSet =  userService.findUserByUsername(username).getRoleSet(); //角色名的集合 Set roles = new HashSet(); //权限名的集合 Set permissions = new HashSet();                            Iterator it = roleSet.iterator(); while(it.hasNext()){                        roles.add(it.next().getName()); for(Permission per:it.next().getPermissionSet()){                                permissions.add(per.getName());                        }                }                               SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();                                authorizationInfo.addRoles(roles);                authorizationInfo.addStringPermissions(permissions); return authorizationInfo;        } /**         * 身份验证操作         */ @Override        protected AuthenticationInfo doGetAuthenticationInfo(                 AuthenticationToken token) throws AuthenticationException { String username = (String) token.getPrincipal();               User user = userService.findUserByUsername(username); if(user==null){ //木有找到用户 throw new UnknownAccountException("没有找到该账号");                } /* if(Boolean.TRUE.equals(user.getLocked())) {                      throw new LockedAccountException(); //帐号锁定                  } */ /**                 * 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配，如果觉得人家的不好可以在此判断或自定义实现                   */ SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(),getName()); return info;        }               @Override        public String getName() { return getClass().getName();        }}

4.在Spring的applicationContext.xml中进行Shiro的相关配置

1、添加shiroFilter定义

Xml代码

2. < bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean" >

3. < property name = "securityManager" ref = "securityManager" />

4. < property name = "loginUrl" value = "/login" />

5. < property name = "successUrl" value = "/user/list" />

6. < property name = "unauthorizedUrl" value = "/login" />

7. < property name = "filterChainDefinitions" >

8. < value >

9. / login = anon

10. /user/** = authc

11. /role/edit/* = perms[role:edit]

12. /role/ save = perms [role:edit]

13. /role/ list = perms [role:view]

14. /** = authc

2、添加securityManager定义

Xml代码

1. < bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager" >

2. < property name = "realm" ref = "myRealm" />

3、添加realm定义

Xml代码

1. < bean id = " myRealm" class = "com.jay.demo.shiro.

   UserRealm" />

4、配置EhCache

< bean id = "cacheManager" class = "org.apache.shiro.cache.ehcache.EhCacheManager" />

5、 保证实现了Shiro内部lifecycle函数的bean执行

特别注意：

如果使用Shiro相关的注解，需要在springmvc-servlet.xml中配置一下信息

<"org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">     <"securityManager" "securityManager"/>
以上是"Spring如何整合Shiro做权限控制模块"这篇文章的所有内容，感谢各位的阅读！希望分享的内容对大家有帮助，更多相关知识，欢迎关注行业资讯频道！