最近开始学习Shiro,记录一下Shiro整合SSM的步骤,期间也碰到许多小问题,和大家分享一下。

开发工具:IDEA
Demo框架:Spring+SpringMVC+Mybatis+Maven

1.添加Shiro相关jar包,Demo是使用Maven管理,在pom.xml添加以下配置。
<properties> <shiro.version>1.3.2</shiro.version> </properties> <dependencies>
<!--Shiro--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>
shiro-core</artifactId> <version>${shiro.version}</version> </dependency> <
dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</
artifactId> <version>${shiro.version}</version> </dependency> <dependency> <
groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <
version>${shiro.version}</version> </dependency> <dependency> <groupId>
org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>
${shiro.version}</version> </dependency> </dependencies>
2.在web.xml添加Shiro过滤器,需要注意filter-name必须和之后applicationContext中配置保持一致!!!
<!--Shiro过滤器--> <filter> <filter-name>shiroFilter</filter-name> <filter-class>
org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param>
<param-name>targetFilterLifecycle</param-name> <param-value>true</param-value>
</init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern> </filter-mapping>
3.在Spring配置文件中添加Shiro相关配置
<!--Shiro配置--> <!-- 1.配置SecurityManager --> <bean class=
"org.apache.shiro.web.mgt.DefaultWebSecurityManager" id="securityManager"> <
property name="authenticator" ref="authenticator"/> <property name="realms"> <
list> <ref bean="md5Realm" /> <ref bean="sha1Realm" /> </list> </property> </
bean> <!-- 2.配置realm 2.1) 使用实现了org.apache.shiro.realm.Realm接口的realm --> <bean
class="org.apache.shiro.authc.pam.ModularRealmAuthenticator" id="authenticator">
<property name="realms"> <list> <ref bean="md5Realm" /> <ref bean="sha1Realm" />
</list> </property> </bean> <bean class="com.dream.shiro.MD5Realm" id="md5Realm"
> <property name="credentialsMatcher"> <bean class=
"org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name=
"hashAlgorithmName" value="MD5"/> <property name="hashIterations" value="1024"/>
</bean> </property> </bean> <bean class="com.dream.shiro.SHA1Realm" id=
"sha1Realm"> <property name="credentialsMatcher"> <bean class=
"org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name=
"hashAlgorithmName" value="SHA1"/> <property name="hashIterations" value="1024"
/> </bean> </property> </bean> <!-- 3.配置shiro过滤器 3.1)
id必须和web.xml中配置的shiroFilter filterName一致. --> <bean class=
"org.apache.shiro.spring.web.ShiroFilterFactoryBean" id="shiroFilter"> <property
name="securityManager" ref="securityManager"/> <property name="loginUrl" value=
"/login.jsp"/> <property name="successUrl" value="/index.jsp"/> <property name=
"unauthorizedUrl" value="/error.jsp"/> <!-- 配置需要受保护的页面 以及访问这些页面需要的权限 1)
anon可以匿名访问的页面 2) authc 必须认证(登录)后才可以访问的页面 --> <property name=
"filterChainDefinitions"> <value> <!--加载静态资源--> /asset/** = anon /login.jsp =
anon /login = anon /logout = logout<!--除以上配置外,其他请求全部必须认证--> /** = authc </value>
</property> </bean>
3.在Spring IOC容器中开启Shiro注解,注解一般在Controller中,所以我们要在SpringMVC的配置文件中添加开启注解的配置。
<!--Shiro配置--> <!-- 1.配置lifecycleBeanPostProcessor,可以在Spring
IOC容器中调用shiro的生命周期方法. --> <bean class=
"org.apache.shiro.spring.LifecycleBeanPostProcessor" id=
"lifecycleBeanPostProcessor" /> <!-- 2.启用Spring
IOC容器Shiro注解,但必须配置了lifecycleBeanPostProcessor后才可以使用 --> <bean class=
"org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" /> <!-- 3.开启Spring AOC Shiro注解支持 --> <
bean class=
"org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"
> <property name="securityManager" ref="securityManager"/> </bean>
至此,启动Tomcat没有报错就整合完成啦。