shiro 配置导图

1 web.xml配置:shiro filter必须放在其他filter之前

<filter>  
    <filter-name>shiroFilter</filter-name>  
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
    <init-param>  
        <param-name>targetFilterLifecycle</param-name>  
        <param-value>true</param-value>  
    </init-param>  
</filter>  
<filter-mapping>  
    <filter-name>shiroFilter</filter-name>  
    <url-pattern>/*</url-pattern>  
</filter-mapping>  

 

2.spring-shiro.xml配置

ShiroFilterFactoryBean
                    securityManager
                                    realm配置
                                                存储位置：即存用户信息、权限关系的地方，如内存、配置文件、数据库等
                                                加密码算法：对称加密（AES\BlowFish）,不可逆加密（MD5、SHA)、可逆加密（Hex,base64）
                                    sessionManager配置
                                                cookies
                                                有效期及验证    

                                    cachindManager配置
                                                    缓存类型：MemoryConstrainedCacheManager、结合ecache等缓存
                                                                                    
                    loginUr:登录url
                    successUrl:登录成功url
                    unauthorizedUrl:权限不够提示url
                    filters:自定义filter[先查阅shiro内置的filter]
                    filterChainDefinitions:配置url和对应的Filter关系

 

待加实例...

 

3.开启shiro注解配置

    <!-- 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions) -->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>