<?xml version="1.0" encoding="UTF-8"?>
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns:util="http://www.springframework.org/schema/util" xmlns:cache="http://www.springframework.org/schema/cache"
|
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
|
|
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
|
|
<!-- Shiro的核心安全接口,这个属性是必须的 -->
|
<property name="securityManager" ref="securityManager"/>
|
|
<!-- loginUrl认证提交地址,如果没有认证将会请求此地址进行认证,请求此地址将由formAuthenticationFilter进行表单认证 -->
|
<property name="loginUrl" value="/login.xhtml"/>
|
|
<!-- 认证成功统一跳转到first.action,建议不配置,shiro认证成功自动到上一个请求路径 -->
|
<property name="successUrl" value="/"/>
|
|
<!-- 通过unauthorizedUrl指定没有权限操作时跳转页面 -->
|
<property name="unauthorizedUrl" value="/login.xhtml"/>
|
|
<!-- Shiro连接约束配置,即过滤链的定义 -->
|
<property name="filterChainDefinitions">
|
<value>
|
/javax.faces.resource/** = anon
|
/resources/** = anon
|
/mobile/** = anon
|
/api/** = anon
|
/wechat/** = anon
|
/login.xhtml = anon
|
/** = authc
|
</value>
|
</property>
|
|
<!-- 自定义filter配置 -->
|
<property name="filters">
|
<map>
|
<!-- 将自定义 的FormAuthenticationFilter注入shiroFilter中 -->
|
<entry key="authc" value-ref="formAuthenticationFilter" />
|
</map>
|
</property>
|
</bean>
|
|
<!-- remember me -->
|
<bean id="formAuthenticationFilter"
|
class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
|
<property name="rememberMeParam" value="rememberMe"/>
|
</bean>
|
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
|
<!--AES 加密的Key-->
|
<property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('DJqeCF2q+gwuHPxNw6+apA==')}"/>
|
<property name="cookie" ref="rememberMeCookie"/>
|
</bean>
|
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
|
<constructor-arg value="rememberMe"/>
|
<property name="httpOnly" value="true"/>
|
<property name="maxAge" value="2592000"/>
|
<!-- 30天 -->
|
</bean>
|
|
<!-- Cache Manager -->
|
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
|
<property name="cacheManager" ref="ehcacheManager"/>
|
<property name="transactionAware" value="true"/>
|
</bean>
|
|
<!-- 如果有多个ehcacheManager要在bean加上p:shared="true" -->
|
<bean id="ehcacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
|
<property name="configLocation" value="WEB-INF/ehcache.xml"/>
|
</bean>
|
|
<!-- cache注解,和spring-redis.xml中的只能使用一个 -->
|
<cache:annotation-driven cache-manager="cacheManager" proxy-target-class="true"/>
|
|
<bean id="shiroSpringCacheManager" class="com.nanometer.smartlab.realm.ShiroSpringCacheManager">
|
<property name="cacheManager" ref="cacheManager"></property>
|
</bean>
|
|
<!--session manager-->
|
<bean id="sessionManager"
|
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
|
<!-- url上带sessionId 默认为true -->
|
<property name="sessionIdUrlRewritingEnabled" value="false"/>
|
<property name="sessionDAO" ref="sessionDAO"/>
|
<!-- cookie名称 -->
|
<property name="sessionIdCookie.name" value="gasid"/>
|
<!-- cookie生效路径 -->
|
<property name="sessionIdCookie.path" value="/"/>
|
</bean>
|
|
<!-- 会话DAO 用于会话的CRUD -->
|
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
|
<!-- Session缓存名字,默认就是shiro-activeSessionCache -->
|
<property name="activeSessionsCacheName" value="activeSessionCache"/>
|
<property name="cacheManager" ref="shiroSpringCacheManager"/>
|
</bean>
|
|
<!--credentialsMatcher 密码加密-->
|
<bean id="md5Matcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
|
<property name="hashAlgorithmName" value="MD5"/>
|
<property name="storedCredentialsHexEncoded" value="true"/>
|
<property name="hashIterations" value="1"/>
|
</bean>
|
|
<!--自定义 Realm-->
|
<bean id="authorizationRealm" class="com.nanometer.smartlab.realm.ShiroDbRealm">
|
<constructor-arg index="0" name="cacheManager" ref="shiroSpringCacheManager"/>
|
<constructor-arg index="1" name="matcher" ref="credentialsMatcher"/>
|
<!-- 启用身份验证缓存,即缓存AuthenticationInfo信息,默认false -->
|
<property name="authenticationCachingEnabled" value="true"/>
|
<!-- 缓存AuthenticationInfo信息的缓存名称 -->
|
<property name="authenticationCacheName" value="authenticationCache"/>
|
<!-- 缓存AuthorizationInfo信息的缓存名称 -->
|
<property name="authorizationCacheName" value="authorizationCache"/>
|
</bean>
|
<!-- 密码错误5次锁定5min -->
|
<bean id="credentialsMatcher" class="com.nanometer.smartlab.realm.RetryLimitCredentialsMatcher">
|
<constructor-arg ref="shiroSpringCacheManager"/>
|
<property name="retryLimitCacheName" value="oneMin"/>
|
<!-- 密码加密 1次md5,增强密码可修改此处 -->
|
<property name="hashAlgorithmName" value="MD5"/>
|
<property name="storedCredentialsHexEncoded" value="true"/>
|
<property name="hashIterations" value="1"/>
|
</bean>
|
|
<!-- Security Manager -->
|
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
|
<property name="realm" ref="authorizationRealm"/>
|
<property name="rememberMeManager" ref="rememberMeManager"/>
|
<property name="cacheManager" ref="shiroSpringCacheManager"/>
|
<property name="sessionManager" ref="sessionManager"/>
|
</bean>
|
|
<!-- shiro 注解支持 -->
|
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
|
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
|
depends-on="lifecycleBeanPostProcessor"/>
|
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
|
<property name="securityManager" ref="securityManager"/>
|
</bean>
|
|
</beans>
|
