美文网首页
(五)整合SSM

(五)整合SSM

作者: guideEmotion | 来源:发表于2019-06-22 22:17 被阅读0次

    只记录有关shiro的部分,详见:http://how2j.cn/k/shiro/shiro-ssm/1727.html#nowhere

    一 web.xml

    1. 指定配置shiro的文件
    2. 配置过滤器
    <!-- spring的配置文件-->
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                classpath:applicationContext.xml,
                classpath:applicationContext-shiro.xml
            </param-value>
        </context-param>
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
    
     <!-- Shiro配置 -->
        <filter>
            <filter-name>shiroFilter</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
            <init-param>
                <param-name>targetFilterLifecycle</param-name>
                <param-value>true</param-value>
            </init-param>
        </filter>
        <filter-mapping>
            <filter-name>shiroFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
    

    二 applicationContext-shiro.xml``

    提供shiro的相关配置,简单的说,就是把shiro.ini里的内容搬到这个xml文件里面来了,只是写法不同

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util"
        xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"
        xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc"
        xmlns:aop="http://www.springframework.org/schema/aop"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/tx
        http://www.springframework.org/schema/tx/spring-tx-4.0.xsd http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/aop
        http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/util 
        http://www.springframework.org/schema/util/spring-util.xsd">
        
        <!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <!-- 调用我们配置的权限管理器 -->
            <property name="securityManager" ref="securityManager" />
            <!-- 配置我们的登录请求地址 -->
            <property name="loginUrl" value="/login" />
            <!-- 如果您请求的资源不再您的权限范围,则跳转到/403请求地址 -->
            <property name="unauthorizedUrl" value="/unauthorized" />
            <!-- 退出 -->
            <property name="filters">
                <util:map>
                    <entry key="logout" value-ref="logoutFilter" />
                </util:map>
            </property>
            <!-- 权限配置 -->
            <property name="filterChainDefinitions">
                <value>
                    <!-- anon表示此地址不需要任何权限即可访问 -->
                    /login=anon
                    /index=anon
                    /static/**=anon
                    /doLogout=logout
                    <!--所有的请求(除去配置的静态资源请求或请求地址为anon的请求)都要通过登录验证,如果未登录则跳到/login -->
                    /** = authc
                </value>
            </property>
        </bean>
        <!-- 退出过滤器 -->
        <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
            <property name="redirectUrl" value="/index" />
        </bean>
    
        <!-- 会话ID生成器 -->
        <bean id="sessionIdGenerator"
            class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />
        <!-- 会话Cookie模板 关闭浏览器立即失效 -->
        <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
            <constructor-arg value="sid" />
            <property name="httpOnly" value="true" />
            <property name="maxAge" value="-1" />
        </bean>
        <!-- 会话DAO -->
        <bean id="sessionDAO"
            class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
            <property name="sessionIdGenerator" ref="sessionIdGenerator" />
        </bean>
        <!-- 会话验证调度器,每30分钟执行一次验证 ,设定会话超时及保存 -->
        <bean name="sessionValidationScheduler"
            class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
            <property name="interval" value="1800000" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
        <!-- 会话管理器 -->
        <bean id="sessionManager"
            class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
            <!-- 全局会话超时时间(单位毫秒),默认30分钟 -->
            <property name="globalSessionTimeout" value="1800000" />
            <property name="deleteInvalidSessions" value="true" />
            <property name="sessionValidationSchedulerEnabled" value="true" />
            <property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
            <property name="sessionDAO" ref="sessionDAO" />
            <property name="sessionIdCookieEnabled" value="true" />
            <property name="sessionIdCookie" ref="sessionIdCookie" />
        </bean>
    
        <!-- 安全管理器 -->
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="realm" ref="databaseRealm" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
        <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
        <bean
            class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
            <property name="staticMethod"
                value="org.apache.shiro.SecurityUtils.setSecurityManager" />
            <property name="arguments" ref="securityManager" />
        </bean>
    
        <bean id="databaseRealm" class="com.how2java.realm.DatabaseRealm">
        </bean>
        
        <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
    </beans> 
    
    
    

    三 springMVC.xml

    1. springmvc的基本配置
    2. 增加了对shiro的支持。
      这样可以在控制器Controller上,使用像@RequireRole 这样的注解,来表示某个方法必须有相关的角色才能访问
    3. 指定了异常处理类DefaultExceptionHandler,这样当访问没有权限的资源的时候,就会跳到统一的页面去显示错误信息
        <!--启用shiro注解 -->
        <bean
            class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
            depends-on="lifecycleBeanPostProcessor">
            <property name="proxyTargetClass" value="true" />
        </bean>
        <bean
            class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
            <property name="securityManager" ref="securityManager" />
        </bean>
         
        <!-- 控制器异常处理 -->
        <bean id="exceptionHandlerExceptionResolver" class="org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver">
        </bean>
        <bean class="com.how2java.exception.DefaultExceptionHandler"/>  
    

    相关文章

      网友评论

          本文标题:(五)整合SSM

          本文链接:https://www.haomeiwen.com/subject/sshbqctx.html