1. 项目中需要包含shrio包

    WebContent.WEB-INF.lib.shrio-all-1.2.1.jar

  2. 在项目的web.xml文件中加入

    <filter>

        <filter-name>shiroFilter</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
      </init-param>
      </filter>
      <filter-mapping>
        <filter-name>shiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>

    其中 <filter-name>shiroFilter</filter-name>需要与之后的xml配置中的名字相关联

    <url-pattern>/*</url-pattern>将会拦截所有url,这里可能会由于之后xml配置中的url拦截设置出问题。、

  3. 在config-log.xml配置文件中(此配置文件是当前项目特有的,相当于spring对应的正规.xml配置文件)添加

    首先创建一个bean,名字关联2中的filter-name

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

      <property name="securityManager" ref="securityManager" />
      <property name="loginUrl" value="/login.jsp" />
      <!-- <property name="successUrl" value="/main" /> -->
      <property name="unauthorizedUrl" value="/login.jsp" />
      <property name="filterChainDefinitions">
       <value>
        /login = anon
        /logout = logout
            /view/** = anon
            /UI/** = anon
            /user/login = anon

    <!-- /login = anon                        (这里开始被注释掉)

        /logout = logout
        /p_w_picpaths/** = anon
        /scripts/** = anon
        /frames/** = anon
        /Flex/** = anon
        /Flex/**/** = anon
        /Flex/apps/qxgt/** = anon
        /Flex/**/**/** = anon
        /Flex/**/**/**/** = anon
        /Flex/widgets/DKAnalysis/DKAnalysisWidget.swf = anon
        /*.swf = anon
        /*.xml = anon
        /logout = logout
        /login = anon
        /** = anon                                   (如果此行不被注释掉,将引起问题,与2中拦截所有url有关联)
           /view/** = user
           /** = user
           -->
           
        </value>
      </property>
     </bean>

  4. 继续3,继续添加bean

    定义自定义的realm,后面的class是自己编写的类,其中有需要注入的dao层实例

    <!--自定义Realm 继承自AuthorizingRealm -->

     <bean id="myDaoRealm" class="cn.stargis.estar.basic.log.realm.myrealm">
      <property name="logindao" ref="logtestdao"></property>
     </bean>

    利用自定义的realm制作securityManager

     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
      <!--设置自定义realm -->
      <property name="realm" ref="myDaoRealm" />
     </bean>

  5. 继续4,继续添加bean

    此处相当于securityManager的factory的生成,此处如果正常工作,在代码中就可直接得到subject然后进行login,集成spring之前需要factory.xx

    <!-- securityManager -->

     <bean
      class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
      <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" />
      <property name="arguments" ref="securityManager" />
     </bean>

至此,需要配置的内容已经完毕