springMVC+shiro配置(javaConfig)

1、WebInitializer.java

package com.amiu.spring.config;

import java.util.EnumSet;

import javax.servlet.DispatcherType;
import javax.servlet.FilterRegistration.Dynamic;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;

import org.springframework.web.filter.DelegatingFilterProxy;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
import org.springframework.web.util.Log4jConfigListener;

public class WebInitializer extends AbstractAnnotationConfigDispatcherServletInitializer{

	@Override
	protected Class
 [] getRootConfigClasses() {
		return new Class[]{MvcConfig.class,ShiroConfig.class};
	}

	@Override
	protected Class
 [] getServletConfigClasses() {
		return null;
	}

	@Override
	protected String[] getServletMappings() {
		return new String[]{"/"};
	}
	
	/**
	 * 这个方法tomcat启动就会调用,可以代替web.xml注册filter,listener,servlet等
	 */
	@Override
	public void onStartup(ServletContext container) throws ServletException {
		//config log4j listentr
		container.setInitParameter("log4jConfigLocation", "classpath:log4j.properties");
		container.addListener(Log4jConfigListener.class);
		
		//config shiro filter
		Dynamic filterRegistration = container.addFilter("shiroFilter", DelegatingFilterProxy.class);
		filterRegistration.setInitParameter("targetFilterLifecycle", "true");
		filterRegistration.addMappingForUrlPatterns(
			EnumSet.of(DispatcherType.REQUEST,DispatcherType.FORWARD), 
			false, "/*");//配置mapping
		
		super.onStartup(container);
	}	
}

2、WebInitializer对应的web.xml

 

 

  
    
  
   
   
    log4jConfigLocation
    
   
    classpath:log4j.properties
    
    
  
    
  
   
   
    org.springframework.web.util.Log4jConfigListener
    
   

  
  
  
   
   
    springServlet
    
   
     org.springframework.web.servlet.DispatcherServlet 
    
    
    
     contextConfigLocation
     
    
     classpath:springmvc-config.xml
     
    
   
    1
    
  
  
   
   
    springServlet
    
   
    /
    
  

   
  
  
   
   
    shiroFilter
    
   
    org.springframework.web.filter.DelegatingFilterProxy
    
  
  
   
   
    shiroFilter
    
   
    /
    
   
    REQUEST
    
   
    FORWARD
    
  

 

3、MvcConfig.java

package com.amiu.spring.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.http.MediaType;
import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ViewResolverRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.json.MappingJackson2JsonView;

@Configuration
@EnableWebMvc
@ComponentScan("com.amiu")
public class MvcConfig extends WebMvcConfigurerAdapter {
	
	@Override
	public void configureDefaultServletHandling(
			DefaultServletHandlerConfigurer configurer) {
			configurer.enable();
	}

}

4、MvcConfig对应的springmvc-config.xml

5、ShiroConfig.java

package com.amiu.spring.config;

import java.util.LinkedHashMap;
import java.util.Map;

import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.amiu.shiro.MyRealm;
import com.amiu.shiro.RetryLimitHashedCredentials;

@Configuration
public class ShiroConfig {

  @Bean(name="shiroFilter")
  public ShiroFilterFactoryBean shiroFilter(){
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    // 安全管理器 
    shiroFilter.setSecurityManager(securityManager());
    //默认的登陆访问url
    shiroFilter.setLoginUrl("/login");
    //登陆成功后跳转的url 
    shiroFilter.setSuccessUrl("/index");
    //没有权限跳转的url
    shiroFilter.setUnauthorizedUrl("/unauth");
    //自定义Filter
//  Map
 
   filters = new LinkedHashMap<>();
//  filters.put("simpleFilter", SimpleFilter());
//  shiroFilter.setFilters(filters);
    
    /**
         * 配置shiro过滤器链，从前往后验证
         * 1、anon  不需要认证
         * 2、authc 需要认证
         * 3、user  验证通过或RememberMe登录的都可以
         * 当应用开启了rememberMe时,用户下次访问时可以是一个user,
         * 但不会是authc,因为authc是需要重新认证的
         * 顺序从上到下,优先级依次降低
         */
    //配置单个filter
//  shiroFilter.setFilterChainDefinitions("/test = authc");
    
    //要用LinkedHashMap，因为filter必须是有序的
    Map
  
    hashMap = new LinkedHashMap<>(); hashMap.put("/captcha.jpg", "anon"); hashMap.put("/commons/**", "anon"); hashMap.put("/static/**", "anon"); hashMap.put("/login", "anon");//登录不做权限拦截 hashMap.put("/**", "authc");//全都做权限拦截 shiroFilter.setFilterChainDefinitionMap(hashMap); return shiroFilter; } //myRealm中使用了@Autowired，所以也要是bean @Bean public MyRealm myRealm(){ MyRealm myRealm = new MyRealm(); return myRealm; } @Bean public DefaultWebSecurityManager securityManager(){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //配置realm securityManager.setRealm(myRealm()); return securityManager; } }
  
 

6、ShiroConfig对应的spring-shiro.xml

 

 
  
  
  
   
    
    
  

  
  
  
  

  
  
  
   
    
    
    
    
    
    
    
    
    
    
     
      /captcha.jpg = anon /commons/** = anon /static/** = anon /login = anon /** = authc