<?xml version="1.0" encoding="UTF-8"?>
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns:util="http://www.springframework.org/schema/util"
|
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
|
|
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
|
|
<!-- Shiro的核心安全接口,这个属性是必须的 -->
|
<property name="securityManager" ref="securityManager"/>
|
|
<!-- loginUrl认证提交地址,如果没有认证将会请求此地址进行认证,请求此地址将由formAuthenticationFilter进行表单认证 -->
|
<property name="loginUrl" value="/login.xhtml"/>
|
|
<!-- 认证成功统一跳转到first.action,建议不配置,shiro认证成功自动到上一个请求路径 -->
|
<property name="successUrl" value="/"/>
|
|
<!-- 通过unauthorizedUrl指定没有权限操作时跳转页面 -->
|
<property name="unauthorizedUrl" value="/login.xhtml"/>
|
|
<!-- Shiro连接约束配置,即过滤链的定义 -->
|
<property name="filterChainDefinitions">
|
<value>
|
/javax.faces.resource/** = anon
|
/resources/** = anon
|
/mobile/** = anon
|
/api/** = anon
|
/wechat/** = anon
|
/login.xhtml = anon
|
/** = authc
|
</value>
|
</property>
|
|
<!-- 自定义filter配置 -->
|
<property name="filters">
|
<map>
|
<!-- 将自定义 的FormAuthenticationFilter注入shiroFilter中 -->
|
<entry key="authc" value-ref="formAuthenticationFilter" />
|
</map>
|
</property>
|
</bean>
|
|
<!-- remember me -->
|
<bean id="formAuthenticationFilter"
|
class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
|
<property name="rememberMeParam" value="rememberMe"/>
|
</bean>
|
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
|
<!--AES 加密的Key-->
|
<property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('DJqeCF2q+gwuHPxNw6+apA==')}"/>
|
<property name="cookie" ref="rememberMeCookie"/>
|
</bean>
|
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
|
<constructor-arg value="rememberMe"/>
|
<property name="httpOnly" value="true"/>
|
<property name="maxAge" value="2592000"/>
|
<!-- 30天 -->
|
</bean>
|
|
<!-- Cache Manager -->
|
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"></bean>
|
|
<!--session manager-->
|
<bean id="sessionManager"
|
class="org.apache.shiro.web.session.mgt.ServletContainerSessionManager">
|
</bean>
|
|
<!--credentialsMatcher 密码加密-->
|
<bean id="md5Matcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
|
<property name="hashAlgorithmName" value="MD5"/>
|
<property name="storedCredentialsHexEncoded" value="true"/>
|
<property name="hashIterations" value="1"/>
|
</bean>
|
|
<!--自定义 Realm-->
|
<bean id="authorizationRealm" class="com.nanometer.smartlab.realm.AuthorizationRealm">
|
<property name="credentialsMatcher" ref="md5Matcher"/>
|
</bean>
|
|
<!-- Security Manager -->
|
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
|
<property name="realm" ref="authorizationRealm"/>
|
<property name="rememberMeManager" ref="rememberMeManager"/>
|
<property name="cacheManager" ref="cacheManager"/>
|
<property name="sessionManager" ref="sessionManager"/>
|
</bean>
|
|
<!-- shiro 注解支持 -->
|
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
|
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
|
depends-on="lifecycleBeanPostProcessor"/>
|
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
|
<property name="securityManager" ref="securityManager"/>
|
</bean>
|
|
</beans>
|
