Apache Shiro (2)-first Demo (Web+spring+shiro)

The previous blog is a simple list of Shiro the structure of the frame is actually a mixture of face cooked first. This blog, or do not intend to specifically, we first through a complete example of how to use. Then, it should be possible for Shiro to have a general, based on the actual use of understanding. The beginning of ...

JAR Package

• shiro-all: this jar jar shiro jar shiro-all.
• conmons-beanutils , commons-logging : These two packages, the first to ignore why use, anyway is to be introduced.
• aopalliance : This package is about Aop , the package must be introduced when annotations are enabled.
• Ehcache-core : This is the cached JAR package, the use of cache words need to be introduced. Of course, there are other cache products available here, andehcache is just one of them.
• Mysql-connector-java:mysql the boot package
• spring-* : Spring packages that need to be introduced

Xml

<span style= "FONT-SIZE:18PX;" ><!--default page--><welcome-file-list> <welcome-file>/page/login.jsp</welcome-file></ welcome-file-list><!--The location of the Shiro configuration file, where spring and Shiro are configured on one file-<context-param><param-name> Contextconfiglocation</param-name><param-value> Classpath:spring-shiro.xml </param-value></ context-param><!--Start the Web container, automatically assemble ApplicationContext configuration information, where the configuration file is Shiro configuration file--><listener> < Listener-class>org.springframework.web.context.contextloaderlistener</listener-class></listener ><!--Shiro main filter--><filter> <filter-name>shiroSecurityFilter</filter-name> <       Filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </ Init-param></filter><filter-mapping> <filter-name>shIrosecurityfilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping><!-- The following is the configuration of the servlet--><servlet> <servlet-name>login</servlet-name> <servlet-class> Com.tgb.shirodemo.servlet.loginservlet</servlet-class></servlet><servlet-mapping> < Servlet-name>login</servlet-name> <url-pattern>/login</url-pattern></servlet-mapping ><servlet> <servlet-name>money</servlet-name> <servlet-class> Com.tgb.shirodemo.servlet.mainservlet</servlet-class></servlet><servlet-mapping> < Servlet-name>money</servlet-name> <url-pattern>/money</url-pattern></servlet-mapping ></span>

Spring-shiro.xml

<span style= "FONT-SIZE:18PX;" ><!--This is my need to inject the ealm into the two of the Bean--><beanid= "usermgr" class= "to execute the Access database Com.tgb.shirodemo.manager.UserManager "></bean><beanid=" Permissionmgr "class=" Com.tgb.shirodemo.manager.PermissionManager "></bean> <!--Shiro and database Bridge, equivalent to DAO--><beanid=" Shirorealm "class=" Com.tgb.shirodemo.shiro.MyShiroRealm "> <property name=" usermgr "ref=" Usermgr "></ property> <property name= "permgr" ref= "Permissionmgr" ></property></bean> <!--cache Manager-- <beanid= "Shiroehcachemanager" class= "Org.apache.shiro.cache.ehcache.EhCacheManager" ><propertyname= " Cachemanagerconfigfile "value=" Classpath:ehcache-shiro.xml "/></bean> <!--security Manager, the previous blog saw that it is a global component of the overall-- ><beanid= "SecurityManager" class= "Org.apache.shiro.web.mgt.DefaultWebSecurityManager" > <!-- Integrated data access on realm--<property name= "Realm" ref= "Shirorealm" ></property> <!--integrated on cache manager--&L T;property name= "CacheManager "ref=" Shiroehcachemanager "></property> </bean> <!--Ensure that the bean Shiro internal life cycle is executed-->< Beanid= "Lifecyclebeanpostprocessor" class= "Org.apache.shiro.spring.LifecycleBeanPostProcessor"/> <!--      The following two are about enabling annotations for configuration--><beanclass= "Org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on= "Lifecyclebeanpostprocessor" ></bean><beanclass= " Org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor "> <propertyname=" SecurityManager "ref=" SecurityManager "/></bean> <!--Shiro The configuration of the main filter, here the name and the web to correspond--><bean id=" Shirosecurityfilter "class=" Org.apache.shiro.spring.web.ShiroFilterFactoryBean "> <!--Integrated Security Manager--<pro Pertyname= "SecurityManager" ref= "SecurityManager" ></property> <property name= "loginurl" value= "/Page/ login.jsp "></property> <property name=" Successurl "value="/page/main.jsp "></property> <pro Pertyname= "UnauthorIzedurl "value="/page/second.jsp "></property> <!--filter chain, configure filtering rules for URLs--<propertyname=" Filterchain           Definitions "> <value>/=anon/login=anon/**=authc </value> </property></bean></beans></span>

of the cache XML

<span style= "FONT-SIZE:18PX;" ><ehcacheupdatecheck= "false" Name= "Shirocache" >     <defaultcache           maxelementsinmemory= "10000"            eternal= "false"            timetoidleseconds= "timetoliveseconds="            overflowtodisk= "false"            Diskpersistent= "false"           diskexpirythreadintervalseconds= "/></ehcache></span>"            

Realm

configuration file that's it, and then there are some key classes that need to be said, Realm This class needs to be implemented on our own. is the only source of validation information required by the Shiro framework. the class configured in the previous spring-shiro.xml is this implementation. If this is too much trouble, you can write the verification information directly.

<span style= "FONT-SIZE:18PX;"    >public Classmyshirorealm extends Authorizingrealm {//injected class, real go to Access database private Usermanager usermgr;    Private Permissionmanager permgr; Querying the user's permission information @overrideprotectedauthorizationinfo dogetauthorizationinfo (principalcollectionprincipals) { Shirouseruser= (Shirouser) Principals.fromrealm (GetName ()). Iterator (). Next (); collection<permission>cper= permgr.getpermission (user); Simpleauthorizationinfoinfo=new simpleauthorizationinfo (); Iterator<permission>it=cper.iterator (); while ( It.hasnext ()) {info.addstringpermission (It.next (). Getpermissionname ());}    Returninfo;} Querying the user's identity @overrideprotectedauthenticationinfo dogetauthenticationinfo (Authenticationtokentoken) throws authenticationexception {shirouseruser=usermgr.getuserbyname (Token.getprincipal (). toString ()); if (user==null) { Thrownew unknownaccountexception ();} Else{returnnew Simpleauthenticationinfo (User,user.getpassword (), GetName ());}} Publicusermanager getusermgr () {returnusermgr;} Publicvoid SetUsermgr (Usermanager usermgr) {this.usermgr= usermgr;} Publicpermissionmanager getpermgr () {returnpermgr;} publicvoid setpermgr (Permissionmanager permgr) {this.permgr= Permgr;}} </span>

There are basically so many things to do, and the other classes in my example are basic spring things. is not all posted, here is the full download link.

Apache Shiro (2)-first Demo (Web+spring+shiro)