2、Shiro 整合 Spring

新建 maven项目

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.atguigu</groupId>
  <artifactId>shiro-springmvc</artifactId>
  <version>1.0-SNAPSHOT</version>
  <packaging>war</packaging>

  <name>shiro-springmvc Maven Webapp</name>
  <!-- FIXME change it to the project's website -->
  <url>http://www.example.com</url>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <maven.compiler.source>1.7</maven.compiler.source>
    <maven.compiler.target>1.7</maven.compiler.target>
  </properties>

  <dependencies>

    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-all</artifactId>
      <version>1.3.2</version>
    </dependency>

    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-log4j12</artifactId>
      <version>1.6.1</version>
    </dependency>
    <dependency>
      <groupId>net.sf.ehcache</groupId>
      <artifactId>ehcache-core</artifactId>
      <version>2.4.3</version>
    </dependency>

    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-webmvc</artifactId>
      <version>4.0.0.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.12</version>
      <scope>test</scope>
    </dependency>
  </dependencies>

</project>

在 web.xml 中配置 springmvc

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
        http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
           version="2.5">

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml</param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    
    
    <servlet>
        <servlet-name>springmvc</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>springmvc</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

 

在 /WEB-INF/下创建 spring-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="com.atguigu.shiro"/>

    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/"></property>
        <property name="suffix" value=".jsp"></property>
    </bean>

    <mvc:annotation-driven/>
    <mvc:default-servlet-handler/>
    
</beans>

 

整合 Shiro

1、在 web.xml 中配置 shiro 的过滤器

<!-- 1.配置 shiro 的 shiroFilter -->
<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>public class org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

2、在 applicationContext.xml 中配置 shiro

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

    <!-- 1. 配置 securityManager -->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!--<property name="cacheManager" ref="cacheManager"/>-->
        <property name="realm" ref="shiroRealm"/>
    </bean>

    <!-- 2. 配置 cacheManager -->
    <!--<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">-->
        <!--<property name="cacheManager" value=""/>-->
        <!--&lt;!&ndash; 指定 cacheManger 的配置文件 &ndash;&gt;-->
        <!--&lt;!&ndash; 需要加入 ehcache 的 jar 包及配置文件 &ndash;&gt;-->
        <!--<property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>-->
    <!--</bean>-->

    <!-- 3. 配置 realm
        3.1 直接配置实现了 org.apache.shiro.realm.Realm 接口的 Bean
     -->
    <bean id="shiroRealm" class="com.atguigu.shiro.realms.ShiroRealm">

    </bean>

    <!-- 4. 配置生命周期的bean 后置处理器，可以自定的来调用配置在 Spring IOC 容器中的 shiro bean 的生命周期方法-->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

    <!-- 5. 启用 IOC 容器中使用 shiro 的注解，但必须在配置了 lifecycleBeanPostProcessor 之后才可以使用-->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>

    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

    <!-- 6. 配置 shiroFilter
        6.1 id 必须和 web.xml 中配置的 DelegatingFilterProxy 的 <filter-name>一致
    -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <!-- 登录页面 -->
        <property name="loginUrl" value="/login.jsp"/>
        <!-- 登录成功页面 -->
        <property name="successUrl" value="/list.jsp"/>
        <!-- 没有权限的页面-->
        <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
        <!-- 配置哪些页面需要受保护，以及访问这些页面需要的权限
            1. anon 可以被匿名访问
            2. authc 必须认证（即登录）后才可以访问的页面
        -->
        <property name="filterChainDefinitions">
            <value>
                /login.jsp = anon
                /** = authc
            </value>
        </property>

    </bean>

</beans>

3、在 com.atguigu.shiro.realms 下创建 ShiroRealm 类实现 Realm 接口

package com.atguigu.shiro.realms;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.realm.Realm;

public class ShiroRealm implements Realm {
    @Override
    public String getName() {
        return null;
    }

    @Override
    public boolean supports(AuthenticationToken authenticationToken) {
        return false;
    }

    @Override
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        return null;
    }
}

4、创建 login.jsp、list.jsp、unauthorized.jsp 页面

启动项目可以发现 除了 login.jsp 可以访问，其他页面都不能访问，会重定向到 login.jsp 页面

至此，简单集成测试完成