The configuration of Apache Shiro is mainly divided into four parts:
- Securitymanager Configuration
- Url filter configuration
- Static User Configuration
- Static role configuration
Among them, because the user and role are generally dynamic data operated by the background, for example, using the @ requiresroles annotation to control access to a method, Shiro configuration generally only contains the first two configurations.
SecuritymanagerOfConfiguration:
[HTML]View plaincopy
- <Span style = "font-size: 18px"> <! -- Shiro securitymanager -->
- <! -- Shiro uses the Session of the servlet container by default. The native session of Shiro can be specified through the sessionmode attribute -->
- <! -- <Propertyname = "sessionmode" value = "native"/>. For more information, see the official documentation. -->
- <! -- Here we mainly set up a custom single realm application. If multiple realm applications exist, you can use the 'realms' attribute instead. -->
- <Beanidbeanid = "securitymanager"
- Class = "org. Apache. Shiro. Web. Mgt. defaultwebsecuritymanager">
- <Propertynamepropertyname = "Realm" ref = "shirodbrealm"/>
- <! -- <Property name = "cachemanager" ref = "myshiroehcachemanager"/> -->
- <! -- <Property name = "sessionmode" value = "native"/>
- <Property name = "sessionmanager" ref = "sessionmanager"/>
- -->
- </Bean>
- <! -- User authorization information cache, using ehcache -->
- <Beanidbeanid = "myshiroehcachemanager" class = "org. Apache. Shiro. cache. ehcache. ehcachemanager">
- <Propertynamepropertyname = "cachemanagerconfigfile" value = "classpath: ehcache-shiro.xml"/>
- </Bean>
- <! -- Inherit the custom realm from authorizingrealm, that is, specify Shiro to authenticate and authorize the user -->
- <Bean id = "shirodbrealm" class = "org. Shiro. Demo. Service. realm. shirodbrealm" depends-on = "baseservice">
- <Propertynamepropertyname = "userservice" ref = "userservice"/>
- </Bean> </span>
URLFilter configuration
Shiro mainly performs security management through URL filtering. The configuration here is to specify specific authentication and authorization rules.
[HTML]View plaincopy
- <! -- The shiro primary filter has powerful functions. Its powerful feature is that it supports the execution of any URL-based, custom filter. -->
- <! -- Shiro filter -->
- <Bean id = "shirofilter"
- Class = "org. Apache. Shiro. Spring. Web. shirofilterfactorybean">
- <! -- This attribute is required for Shiro's core security interface -->
- <Property name = "securitymanager" ref = "securitymanager"/>
- <! -- The link required for logon is not a required attribute. By default, the "/login. jsp" page under the root directory of the web project is automatically searched. -->
- <Property name = "loginurl" value = "/"/>
- <! -- Connection to be redirected after Successful Logon (in this example, this attribute is not used, because the processing logic after successful logon is hard coded as main. jsp in logincontroller) -->
- <Property name = "successurl" value = "/system/main"/>
- <! -- Connection displayed when a user accesses resources that are not authorized to him -->
- <Property name = "unauthorizedurl" value = "/system/error"/>
- <! -- Shiro filter chain definition -->
- <! -- Here can be used with this article to understand the function of each filter connection http://blog.csdn.net/jadyer/article/details/12172839 -->
- <! -- The First '/' of the following value indicates the path relative to the value of httpservletrequest. getcontextpath () -->
- <! -- Anon: The corresponding filter is empty, and nothing is done. Here, the * parameter after. Do and. jsp, for example, login. jsp? Main -->
- <! -- Authc: The page under the filter must be verified before access. It is a built-in interceptor org. Apache. Shiro. Web. Filter. authc. formauthenticationfilter. -->
- <Property name = "filterchaindefinitions">
- <Value>
- /Login = Anon
- /Validatecode = Anon
- /** = Authc
- </Value>
- </Property>
- </Bean>
