spring-shiro.xml
4.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd" default-lazy-init="true">
<bean id="runsaRealm" class="cn.runsa.portal.web.shiro.RunsaAuthorizingRealm" />
<!-- shiro redisManager -->
<bean id="shiroRedisManager" class="org.crazycake.shiro.RedisManager">
<property name="host" value="${redis.host}"/>
<property name="port" value="${redis.port}"/>
<property name="password" value="${redis.password}"/>
<property name="expire" value="${redis.expire}"/>
<!-- optional properties:
<property name="timeout" value="10000"/>
-->
</bean>
<!-- shiroCacheManager -->
<bean id="shiroCacheManager" class="org.crazycake.shiro.RedisCacheManager">
<property name="redisManager" ref="shiroRedisManager" />
</bean>
<!-- redisSessionDAO -->
<bean id="shiroRedisSessionDAO" class="org.crazycake.shiro.RedisSessionDAO">
<property name="redisManager" ref="shiroRedisManager" />
</bean>
<!-- sessionManager -->
<bean id="shiroSessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="86400000"></property>
<property name="sessionDAO" ref="shiroRedisSessionDAO" />
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="cacheManager" ref="shiroCacheManager"/>
<property name="sessionManager" ref="shiroSessionManager"/>
<!--
<property name="sessionMode" value="native"/>
-->
<property name="realms">
<list>
<ref bean="runsaRealm"/>
</list>
</property>
</bean>
<bean id="authcFilter" class="cn.runsa.portal.web.shiro.RunsaFormAuthenticationFilter"/>
<bean id="userFilter" class="cn.runsa.portal.web.shiro.RunsaTokenUserFilter">
<property name="includeUrl">
<array>
<value>/platform,get</value>
</array>
</property>
</bean>
<bean id="anonFilter" class="cn.runsa.portal.web.shiro.RunsaTokenAnonymousFilter">
<property name="includeUrl">
<array>
<value>/users/select/username.json</value>
<value>/users/captcha/send.json</value>
<value>/users/password/send.json</value>
<value>/public/check/username.json</value>
<value>/public/check/captcha.json</value>
</array>
</property>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/"/>
<!-- <property name="unauthorizedUrl" value="/authz"></property> -->
<!-- 指定过滤器 -->
<property name="filters">
<map>
<entry key="authc" value-ref="authcFilter" />
<entry key="user" value-ref="userFilter" />
<entry key="anon" value-ref="anonFilter" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
/excelImport/**=anon
/favicon.ico=anon
/js/**=anon
/fonts/**=anon
/css/**=anon
/public/**=anon
/captcha.jpg = anon
/unauthz = anon
/users/select/username.json=anon
/users/captcha/send.json=anon
/users/password/send.json=anon
/login=authc
/logout =logout
/pages/**=anon
/field/query=anon
/phoneCap/send=anon
/customer/restRegister=anon
/oauth2/access_token=anon
/oauth2/refresh_token=anon
/oauth2/resource=anon
/**=user
</value>
</property>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
</beans>