Of Stack

Shiro configuration method based on Spring framework

  • 2020-04-01 03:32:26
  • OfStack

Add shiro filters in web.xml 


<!-- Shiro filter-->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

Add the shiro configuration to Spring's applicationcontext.xml

1. Add the shiroFilter definition 


<!-- Shiro Filter -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
 <property name="securityManager" ref="securityManager" />
 <property name="loginUrl" value="/login" />
 <property name="successUrl" value="/user/list" />
 <property name="unauthorizedUrl" value="/login" />
 <property name="filterChainDefinitions">
 <value>
 /login = anon
 /user/** = authc
 /role/edit/* = perms[role:edit]
 /role/save = perms[role:edit]
 /role/list = perms[role:view]
 /** = authc
 </value>
 </property>
</bean>

2. Add the securityManager definition 



<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

 <property name="realm" ref="myRealm" />

</bean>

Add realm definitions 



<bean id=" myRealm" class="com...MyRealm" />

Implement MyRealm: inherit AuthorizingRealm, and rewrite authentication authorization method 


public class MyRealm extends AuthorizingRealm{

 private AccountManager accountManager;
 public void setAccountManager(AccountManager accountManager) {
 this.accountManager = accountManager;
 }

 
 protected AuthorizationInfo doGetAuthorizationInfo(
 PrincipalCollection principals) {
 String username=(String)principals.fromRealm(getName()).iterator().next();
 if( username != null ){
 User user = accountManager.get( username );
 if( user != null && user.getRoles() != null ){
 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
 for( SecurityRole each: user.getRoles() ){
  info.addRole(each.getName());
  info.addStringPermissions(each.getPermissionsAsString());
 }
 return info;
 }
 }
 return null;
 }

 
 protected AuthenticationInfo doGetAuthenticationInfo(
 AuthenticationToken authcToken ) throws AuthenticationException {
 UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
 String userName = token.getUsername();
 if( userName != null && !"".equals(userName) ){
 User user = accountManager.login(token.getUsername(),
  String.valueOf(token.getPassword()));

 if( user != null )
 return new SimpleAuthenticationInfo(
  user.getLoginName(),user.getPassword(), getName());
 }
 return null;
 }
}

Resources: (link: #)

Related articles: