shiro权限管理的配置
建立一個(gè)權(quán)限管理配置類(lèi),在類(lèi)上添加注解@Configuration,如下:
1、設(shè)置安全管理
@Bean
public DefaultWebSecurityManager securityManager(CookieRememberMeManager rememberMeManager,
CacheManager cacheShiroManager,
SessionManager sessionManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(this.shiroDbRealm());
securityManager.setCacheManager(cacheShiroManager);
//securityManager.setRememberMeManager(rememberMeManager);
securityManager.setSessionManager(sessionManager);
return securityManager;
}
2、 spring session管理器(多機(jī)環(huán)境)
@Bean
@ConditionalOnProperty(prefix = “oa”, name = “spring-session-open”, havingValue = “true”)
public ServletContainerSessionManager servletContainerSessionManager() {
return new ServletContainerSessionManager();
}
3、session管理器(單機(jī)環(huán)境)
@Bean
@ConditionalOnProperty(prefix = “oa”, name = “spring-session-open”, havingValue = “false”)
public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager, OaProperties gunsProperties) {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setCacheManager(cacheShiroManager);
sessionManager.setSessionValidationInterval(gunsProperties.getSessionValidationInterval() * 1000);
sessionManager.setGlobalSessionTimeout(gunsProperties.getSessionInvalidateTime() * 1000);
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionValidationSchedulerEnabled(true);
Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
cookie.setName(“shiroCookie”);
cookie.setHttpOnly(true);
sessionManager.setSessionIdCookie(cookie);
return sessionManager;
}
4、緩存管理器 使用Ehcache實(shí)現(xiàn)
@Bean
public CacheManager getCacheShiroManager(EhCacheManagerFactoryBean ehcache) {
EhCacheManager ehCacheManager = new EhCacheManager();
ehCacheManager.setCacheManager(ehcache.getObject());
return ehCacheManager;
}
5、項(xiàng)目自定義的Realm
@Bean
public ShiroDbRealm shiroDbRealm() {
return new ShiroDbRealm();
}
6、rememberMe管理器, cipherKey生成鍵
7、記住密碼Cookie
@Bean
public SimpleCookie rememberMeCookie() {
SimpleCookie simpleCookie = new SimpleCookie(“rememberMe”);
simpleCookie.setHttpOnly(true);
simpleCookie.setMaxAge(7 * 24 * 60 * 60);//7天
return simpleCookie;
}
8、Shiro的過(guò)濾器鏈
@Bean
public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
/**
* 默認(rèn)的登陸訪(fǎng)問(wèn)url
/
shiroFilter.setLoginUrl("/login");
/*
* 登陸成功后跳轉(zhuǎn)的url
/
shiroFilter.setSuccessUrl("/");
/*
* 沒(méi)有權(quán)限跳轉(zhuǎn)的url
*/
shiroFilter.setUnauthorizedUrl("/global/error");
9、 在方法中 注入 securityManager,進(jìn)行代理控制
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) {
MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
bean.setStaticMethod(“org.apache.shiro.SecurityUtils.setSecurityManager”);
bean.setArguments(securityManager);
return bean;
}
10、Shiro生命周期處理器
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
11、啟用shrio授權(quán)注解攔截方式,AOP式方法級(jí)權(quán)限檢查
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =
new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
總結(jié)
以上是生活随笔為你收集整理的shiro权限管理的配置的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: vue解决mintui中使用Messag
- 下一篇: 普通话测试软件字体怎么调整,普通话考试常