1.EhCacheManager EhCache緩存管理也可將shiro session存入redis中

@Beanpublic EhCacheManager getEhCacheManager() {EhCacheManager em = new EhCacheManager();em.setCacheManagerConfigFile("classpath:ehcache-shiro.xml");return em;}

ehcache-shiro.xml中的配置

<?xml version="1.0" encoding="utf-8"?><ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="ehcache.xsd"><diskStore path="java.io.tmpdir"/><defaultCache maxElementsInMemory="10000" eternal="false" timeToIdleSeconds="30" timeToLiveSeconds="30" overflowToDisk="false"/><!--配置自定義緩存maxElementsInMemory：緩存中允許創(chuàng)建的最大對(duì)象數(shù)eternal：緩存中對(duì)象是否為永久的，如果是，超時(shí)設(shè)置將被忽略，對(duì)象從不過期。timeToIdleSeconds：緩存數(shù)據(jù)的鈍化時(shí)間，也就是在一個(gè)元素消亡之前，兩次訪問時(shí)間的最大時(shí)間間隔值，這只能在元素不是永久駐留時(shí)有效，如果該值是 0 就意味著元素可以停頓無窮長(zhǎng)的時(shí)間。timeToLiveSeconds：緩存數(shù)據(jù)的生存時(shí)間，也就是一個(gè)元素從構(gòu)建到消亡的最大時(shí)間間隔值，這只能在元素不是永久駐留時(shí)有效，如果該值是0就意味著元素可以停頓無窮長(zhǎng)的時(shí)間。overflowToDisk：內(nèi)存不足時(shí)，是否啟用磁盤緩存。memoryStoreEvictionPolicy：緩存滿了之后的淘汰算法。--><cache name="erpCache"maxElementsInMemory="10000"eternal="true"overflowToDisk="false"timeToIdleSeconds="0"timeToLiveSeconds="600"memoryStoreEvictionPolicy="LFU" /> </ehcache>

2.配置 LifecycleBeanPostProcessor（管理shiro Bean的生命周期)

public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {return new LifecycleBeanPostProcessor();}

3.配置 DefaultAdvisorAutoProxyCreator（用來掃描上下文，尋找所有的Advistor，將這些Advistor應(yīng)用到符合其定義的切入點(diǎn)的Bean中）

@Beanpublic DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();daap.setProxyTargetClass(true);return daap;}

4.配置SecurityManager (管理器，管理subject及其相關(guān)的登陸驗(yàn)證，授權(quán)等，需配置realm和緩存管理)

@Bean(name = "securityManager")public DefaultWebSecurityManager getDefaultWebSecurityManager(SystemAuthorizingRealm realm) {DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();dwsm.setRealm(realm); // <!-- 用戶授權(quán)/認(rèn)證信息Cache, 采用EhCache 緩存 ,此處是使用EhCache,可換成redis緩存--> dwsm.setCacheManager(getEhCacheManager());return dwsm;}

5.配置 AuthorizationAttributeSourceAdvisor（開啟shiro spring aop 權(quán)限注解支持，即：@RequiresPermissions(“權(quán)限code”)

@Beanpublic AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();aasa.setSecurityManager(securityManager);return aasa;}

6.配置shiroFilter

@Bean(name = "shiroFilter")public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager, UserService userService,MaterialCategoryService materialCategoryMapper,PermissionsServcie permissionsServcie,OrgService orgService) {ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();// 必須設(shè)置 SecurityManager shiroFilterFactoryBean.setSecurityManager(securityManager);// 如果不設(shè)置默認(rèn)會(huì)自動(dòng)尋找Web工程根目錄下的"/login.jsp"頁面shiroFilterFactoryBean.setLoginUrl("/login");// 登錄成功后要跳轉(zhuǎn)的連接shiroFilterFactoryBean.setSuccessUrl("/user");shiroFilterFactoryBean.setUnauthorizedUrl("/403");//設(shè)置過濾鏈的私有方法loadShiroFilterChain(shiroFilterFactoryBean, userService,materialCategoryMapper,permissionsServcie,orgService);return shiroFilterFactoryBean;}

7.private loadShiroFilterChain 私有過濾鏈定義，供6使用

/*** 加載shiroFilter權(quán)限控制規(guī)則（從數(shù)據(jù)庫讀取然后配置）*/private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean, UserService userService, MaterialCategoryService materialCategoryMapper, PermissionsServcie permissionsServcie, OrgService orgService) {//攔截規(guī)則，//CaptchaFormAuthenticationFilter extends FormAuthenticationFilter（shiro認(rèn)證）//MapLogoutFilter extends org.apache.shiro.web.filter.authc.LogoutFilter(shiro Logout)Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();filters.put("authc", new CaptchaFormAuthenticationFilter(userService,materialCategoryMapper, permissionsServcie,orgService));filters.put("logout", new MapLogoutFilter());/// 下面這些規(guī)則配置最好配置到配置文件中 ///Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();// authc：該過濾器下的頁面必須驗(yàn)證后才能訪問，它是Shiro內(nèi)置的一個(gè)攔截器org.apache.shiro.web.filter.authc.FormAuthenticationFilterfilterChainDefinitionMap.put("/myCode/**", "authc");// 這里為了測(cè)試，只限制/user，實(shí)際開發(fā)中請(qǐng)修改為具體攔截的請(qǐng)求規(guī)則// anon：它對(duì)應(yīng)的過濾器里面是空的,什么都沒做logger.info("##################從數(shù)據(jù)庫讀取權(quán)限規(guī)則，加載到shiroFilter中##################");filterChainDefinitionMap.put("/user/edit/**", "authc,perms[user:edit]");// 這里為了測(cè)試，固定寫死的值，也可以從數(shù)據(jù)庫或其他配置中讀取//什么請(qǐng)求對(duì)應(yīng)什么攔截規(guī)則filterChainDefinitionMap.put("/login", "authc");filterChainDefinitionMap.put("/logout", "logout");filterChainDefinitionMap.put("/**", "anon");//anon 可以理解為不攔截shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);}

總結(jié)

以上是生活随笔為你收集整理的springboot+shiro：ShiroConfiguration配置的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。