spring-shiro.xml 4.67 KB
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
           	http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
           	http://www.springframework.org/schema/context
           	http://www.springframework.org/schema/context/spring-context-4.0.xsd
           	http://www.springframework.org/schema/tx
      		http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
           	http://www.springframework.org/schema/aop
           	http://www.springframework.org/schema/aop/spring-aop-4.0.xsd" default-lazy-init="true">
    
    <bean id="runsaRealm" class="cn.runsa.portal.web.shiro.RunsaAuthorizingRealm" />
	
	<!-- shiro redisManager -->
	<bean id="shiroRedisManager" class="org.crazycake.shiro.RedisManager">
	    <property name="host" value="${redis.host}"/>
	    <property name="port" value="${redis.port}"/>
	    <property name="password" value="${redis.password}"/>
	    <property name="expire" value="${redis.expire}"/>
	    <!-- optional properties:
	    <property name="timeout" value="10000"/>
	    -->
	</bean>
	<!-- shiroCacheManager -->
	<bean id="shiroCacheManager" class="org.crazycake.shiro.RedisCacheManager">
	    <property name="redisManager" ref="shiroRedisManager" />
	</bean>
	<!-- redisSessionDAO -->
	<bean id="shiroRedisSessionDAO" class="org.crazycake.shiro.RedisSessionDAO">
	    <property name="redisManager" ref="shiroRedisManager" />
	</bean>
	<!-- sessionManager -->
	<bean id="shiroSessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
		<property name="globalSessionTimeout" value="86400000"></property>
	    <property name="sessionDAO" ref="shiroRedisSessionDAO" />
	</bean>
	
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="cacheManager" ref="shiroCacheManager"/>
        <property name="sessionManager" ref="shiroSessionManager"/>
        <!-- 
        <property name="sessionMode" value="native"/>  
        -->
        <property name="realms">
        	<list>
        		<ref bean="runsaRealm"/>
        	</list>
        </property>
	</bean>
	
	<bean id="authcFilter" class="cn.runsa.portal.web.shiro.RunsaFormAuthenticationFilter"/>
	<bean id="userFilter" class="cn.runsa.portal.web.shiro.RunsaTokenUserFilter">
		<property name="includeUrl">
			<array>
				<value>/platform,get</value>
			</array>
		</property>
	</bean>
	<bean id="anonFilter" class="cn.runsa.portal.web.shiro.RunsaTokenAnonymousFilter">
		<property name="includeUrl">
			<array>
				<value>/users/select/username.json</value>
				<value>/users/captcha/send.json</value>
				<value>/users/password/send.json</value>
				<value>/public/check/username.json</value>
				<value>/public/check/captcha.json</value>
			</array>
		</property>
	</bean>
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
		<property name="securityManager" ref="securityManager"/>  
		<property name="loginUrl" value="/login"/>  
		<property name="successUrl" value="/"/>
		<!-- <property name="unauthorizedUrl" value="/authz"></property> -->
		<!-- 指定过滤器 -->
		<property name="filters">
			<map>
				<entry key="authc" value-ref="authcFilter" />
				<entry key="user" value-ref="userFilter" />
				<entry key="anon" value-ref="anonFilter" />
			</map>
		</property>
		<property name="filterChainDefinitions">  
			<value>
				/excelImport/**=anon
				/favicon.ico=anon
				/js/**=anon
				/fonts/**=anon
				/css/**=anon
				/public/**=anon
				/captcha.jpg = anon
				/unauthz = anon
				/users/select/username.json=anon
				/users/captcha/send.json=anon
				/users/password/send.json=anon
				/login=authc
				/logout =logout
				/pages/**=anon
				/field/query=anon
				/phoneCap/send=anon
				/customer/restRegister=anon
				/oauth2/access_token=anon
				/oauth2/refresh_token=anon
				/oauth2/resource=anon
				/**=user
			</value>  
		</property>  
	</bean> 
	
	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

	<!-- AOP式方法级权限检查 -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
		depends-on="lifecycleBeanPostProcessor">
		<property name="proxyTargetClass" value="true" />
	</bean>

	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
		<property name="securityManager" ref="securityManager" />
	</bean>
	
</beans>