athrunwang

纪元
数据加载中……
apache shiro与spring的环境搭建
[代码] web.xml
<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
             <!--spring 的配置文件-->
             classpath:/applicationContext-hibernate.xml
        </param-value>
   </context-param>
 
   <!-- shiro -->
   <filter>
        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
             <param-name>targetFilterLifecycle</param-name>
             <param-value>true</param-value>
        </init-param>
   </filter>
 
   <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
   </filter-mapping>
 
   <!-- Listeners -->
   <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   </listener>
[代码] applicationContext-hibernate.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
     xmlns:tx="http://www.springframework.org/schema/tx"
     xsi:schemaLocation="
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/tx
       http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
       http://www.springframework.org/schema/aop
       http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">

     <!-- SessionFactory, DataSource, etc. omitted -->

     <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
          destroy-method="close">
          <property name="driverClassName" value="${jdbc.driverClassName}" />
          <property name="url" value="${jdbc.url}" />
          <property name="username" value="${jdbc.username}" />
          <property name="password" value="${jdbc.password}" />
     </bean>

     <bean id="sessionFactory"
          class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
          <property name="dataSource" ref="dataSource" />
          <property name="packagesToScan">
               <list>
                    <value>org.projects.graduates.domain</value>
               </list>
          </property>
          <property name="hibernateProperties">
               <value>hibernate.dialect=${hibernate.dialect}</value>
          </property>
     </bean>

     <bean id="txManager"
          class="org.springframework.orm.hibernate3.HibernateTransactionManager">
          <property name="sessionFactory" ref="sessionFactory" />
     </bean>

     <tx:advice id="txAdvice" transaction-manager="txManager">
          <tx:attributes>
               <tx:method name="get*" read-only="true" />
               <tx:method name="find*" read-only="true" />
               <tx:method name="*" propagation="REQUIRED" />
          </tx:attributes>
     </tx:advice>

     <aop:config>
          <aop:pointcut id="appOperation"
               expression="execution(* org.projects.graduates.app.GradApplication.*(..))" />
          <aop:advisor advice-ref="txAdvice" pointcut-ref="appOperation" />
     </aop:config>

     <!-- shiro -->
     <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
          <property name="securityManager" ref="securityManager" />
          <property name="loginUrl" value="/login.action" />
          <property name="successUrl" value="/main.action" />
          <property name="unauthorizedUrl" value="/login.action" />
          <property name="filterChainDefinitions">
               <value>
                    /index.action = anon
                    /login.action = anon
                    /main.action = authc, roles[admin]
                    /course/** = authc, roles[admin]
               </value>
          </property>
     </bean>

   
     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
     <!--设置自定义realm-->
          <property name="realm" ref="myRealm" />
     </bean>
   
     <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
   
     <!--myRealm 继承自AuthorizingRealm-->
     <bean id="myRealm" class="org.projects.graduates.shiro.GradRealm" ></bean>

     <bean
          class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
          <property name="staticMethod"
               value="org.apache.shiro.SecurityUtils.setSecurityManager" />
          <property name="arguments" ref="securityManager" />
     </bean>

</beans>

[代码] org.projects.graduates.shiro.GradRealm

public class GradRealm extends AuthorizingRealm {

     private SecurityApplication securityApplication = new SecurityApplicationImpl();

     public GradRealm() {
          super();
          //设置认证token的实现类
          setAuthenticationTokenClass(UsernamePasswordToken.class);
          //设置加密算法
          setCredentialsMatcher(new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));
        
     }
     //授权
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
          String loginName = (String) principalCollection.fromRealm(getName()).iterator().next();
          User user = securityApplication.findby(loginName);
          if (null == user) {
               return null;
          } else {
               SimpleAuthorizationInfo result = new SimpleAuthorizationInfo();
             
               result.addRoles(UserRoles.findRoleNamesOf(user));
               for (Role role : UserRoles.findRolesOf(user)) {
                    result.addStringPermissions(role.getPermissions());
               }
             
               return result;

          }
     }

     //认证
     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
          UsernamePasswordToken upToken = (UsernamePasswordToken) token;
          User user = securityApplication.findby(upToken.getUsername());
          if (user != null) {
               return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
          }
          return null;
     }
}


posted on 2012-03-06 10:07 AthrunWang 阅读(4982) 评论(0)  编辑  收藏


只有注册用户登录后才能发表评论。


网站导航: