shiro框架
定义:
Shiro是apache旗下一个开源框架,它将实现用户身份认证,权限授权、加密、会话管理等功能,组成了一个通用的安全认证框架。
既然shiro将安全认证相关的功能抽取出来组成一个框架,使用shiro就可以非常快速的完成认证、授权等功能的开发,降低系统成本。
shiro使用广泛,shiro可以运行在web应用,非web应用,集群分布式应用中越来越多的用户开始使用shiro。
java领域中spring security(原名Acegi)也是一个开源的权限管理框架,但是spring security依赖spring运行,而shiro就相对独立,最主要是因为shiro使用简单、灵活,所以现在越来越多的用户选择shiro。
在spring中注入shiro
<!-- 1,配置shiro权限管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 注入缓存管理 -->
<property name="cacheManager" ref="cacheManager"/>
<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
<!-- 注入设置会话管理模式 -->
<property name="sessionMode" value="native"/>
<!-- 注入自定义realm(认证,授权,加密等等数据源) -->
<property name="realm" ref="shiroRealm"/>
</bean>
<!-- 2,配置shiro缓存管理 -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<!-- Set a net.sf.ehcache.CacheManager instance here if you already have one. If not, a new one
will be creaed with a default config:
<property name="cacheManager" ref="ehCacheManager"/> -->
<!-- If you don't have a pre-built net.sf.ehcache.CacheManager instance to inject, but you want
a specific Ehcache configuration to be used, specify that here. If you don't, a default
will be used.: -->
<!-- 使用配置文件实现缓存管理 -->
<property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
</bean>
<!-- 3,配置自定义realm受Spring容器管理 -->
<bean id="shiroRealm" class="com.web.shiro.ShiroRealm">
<property name="userDAO" ref="userDAO"></property>
<!-- 配置认证时加密 -->
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<!-- 加密模式 -->
<property name="hashAlgorithmName" value="MD5"></property>
<!-- 加密次数 -->
<property name="hashIterations" value="1024"></property>
</bean>
</property>
</bean>
<bean id="userDAO" class="com.web.dao.UserDAO"></bean>
<!-- 4,配置管理shiro生命周期 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- 5,配置启用shiro注解功能(注意:配置启动注解功能必须是在配置shiro生命周期之后) -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<!-- 6,配置shiro过滤器受Spring容器管理(bean的id必须和web.xml中shiro过滤器的filter-name名称保持一致) -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 注入权限管理器 -->
<property name="securityManager" ref="securityManager"/>
<!-- 配置用户登录页面 -->
<property name="loginUrl" value="/login.jsp"/>
<!-- 配置认证(登录)成功页面 -->
<property name="successUrl" value="/index.jsp"/>
<!-- 配置未授权页面 -->
<property name="unauthorizedUrl" value="/unauthorized.jsp"/>
<!--
配置资源文件访问限制
anon 匿名访问
authc 认证访问(登录才能访问)
logout 注销(退出)
-->
<property name="filterChainDefinitions">
<value>
/login.jsp = anon
/user/login = anon
/index.jsp = authc
/user/test = authc
/admin.jsp = authc,roles[admin]
/user.jsp = authc,roles[user]
/user/logout = logout
# everything else requires authentication:
/** = authc
</value>
</property>
<!-- 使用java类配置权限管理 -->
<!--<property name="filterChainDefinitionMap" ref="filterChainDefinitionMap"></property>-->
</bean>
<!--<bean id="filterChainDefinitionMap" factory-bean="filterChainDefinitionMapBuilder"-->
<!--factory-method="buildfilterChainDefinitionMap"></bean>-->
<!--<bean id="filterChainDefinitionMapBuilder"-->
<!--class="com.web.factory.FilterChainDefinitionMapBuilder"></bean>-->
<!---->
<!-- 配置未授权异常处理 -->
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<!-- 标签主体部分配置未授权显示页面,注意事项:页面路径不需要加.jsp后缀 -->
<prop key="org.apache.shiro.authz.UnauthorizedException">/unauthorized</prop>
</props>
</property>
</bean>
web.xml配置文件
<!-- 编码过滤器 -->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring MVC servlet -->
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring和shiro的配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-shiro.xml</param-value>
</context-param>
<!-- Spring监听器 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- ==================================================================
Filters
================================================================== -->
<!-- Shiro Filter is defined in the spring application context: -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
shiro的依赖jar
<!-- shiro依赖 -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
使用java类配置权限管理
class FilterChainDefinitionMapBuilder {
public LinkedHashMap<String, String> buildfilterChainDefinitionMap(){
LinkedHashMap<String, String> map = new LinkedHashMap<String, String>();
map.put("/login.jsp", "anon");
map.put("/user/login", "anon");
map.put("/index.jsp", "authc");
map.put("/user/test", "authc");
map.put("/admin.jsp", "authc,roles[admin]");
map.put("/user.jsp", "authc,roles[user]");
map.put("/user/logout", "logout");
map.put("/**", "authc");
return map;
}
}