package net.mingsoft.config; import java.util.LinkedHashMap; import java.util.Map; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import net.mingsoft.basic.security.BaseAuthRealm; import org.apache.shiro.mgt.SecurityManager; @Configuration public class ShiroConfiguration { @Value("${ms.manager.path}") private String managerPath; @Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); // 必须设置 SecurityManager shiroFilterFactoryBean.setSecurityManager(securityManager); // setLoginUrl 如果不设置值,默认会自动寻找Web工程根目录下的"/login.jsp"页面 或 "/login" 映射 shiroFilterFactoryBean.setLoginUrl(managerPath+"/login.do"); // 设置无权限时跳转的 url; shiroFilterFactoryBean.setUnauthorizedUrl(managerPath+"/404.do"); // 设置拦截器 Map filterChainDefinitionMap = new LinkedHashMap<>(); // 游客,开发权限 filterChainDefinitionMap.put("/static/**", "anon"); filterChainDefinitionMap.put("/html/**", "anon"); // 开放登陆接口 filterChainDefinitionMap.put(managerPath+"/login.do", "anon"); filterChainDefinitionMap.put(managerPath+"/checkLogin.do", "anon"); // 其余接口一律拦截 // 主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截 filterChainDefinitionMap.put(managerPath+"/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } /** * 注入 securityManager */ @Bean public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); // 设置realm. securityManager.setRealm(customRealm()); return securityManager; } /** * 自定义身份认证 realm; *

* 必须写这个类,并加上 @Bean 注解,目的是注入 CustomRealm, 否则会影响 CustomRealm类 中其他类的依赖注入 */ @Bean public BaseAuthRealm customRealm() { return new BaseAuthRealm(); } }