shiro.ini文件默認(rèn)在/WEB-INF/shiro.ini 或_classpath_下。shiro會(huì)自動(dòng)查找
#'#'為注釋[main]#↓修改默認(rèn)跳轉(zhuǎn)頁#↓shiro 認(rèn)證失敗后默認(rèn)redirect到/login.jsp.這里修改默認(rèn)項(xiàng)authc.loginUrl= /login#↓登錄成功默認(rèn)跳轉(zhuǎn)頁面,不配置則跳轉(zhuǎn)至”/”。如果登陸前點(diǎn)擊的一個(gè)需要登錄的頁面,則在登錄自動(dòng)跳轉(zhuǎn)到那個(gè)需要登錄的頁面。不跳轉(zhuǎn)到此。authc.successUrl= /user#↓修改角色認(rèn)證默認(rèn)地址roles.unauthorizedUrl= /roles/unauthorized#↓修改權(quán)限認(rèn)證默認(rèn)地址perms.unauthorizedUrl= /perms/unauthorized#realm#↓默認(rèn)會(huì)按此聲明順序攔截判斷,這里的順序是先走myRealm2,再走myRealmmyRealm2= com.myPRoject.shiro.ShiroRealm2myRealm= com.myproject.shiro.ShiroRealm#↓可使用此方法,配置單個(gè)或多個(gè),或指定順序#↓如果這里注釋去掉,則指定只走myRealm2#securityManager.realm = $myRealm2#dateSource#↓ 使用 JdbcRealm 作為當(dāng)前驗(yàn)證的RealmjdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm#↓ 使用druid數(shù)據(jù)源dataSource=com.alibaba.druid.pool.DruidDataSource#↓ MySQL驅(qū)動(dòng)dataSource.driverClassName=com.mysql.jdbc.Driver#↓ MySQL相關(guān)參數(shù)配置dataSource.url=jdbc:mysql://localhost:3306/msshopdataSource.username=rootdataSource.passWord=root#↓ 引入相關(guān)數(shù)據(jù)配置jdbcRealm.dataSource=$dataSource#↓這里是默認(rèn)的sql查詢語句,可以自己設(shè)定,但參數(shù)不能修改,只有一個(gè),且相對(duì)應(yīng)。jdbcRealm.authenticationQuery= select passwordfrom users where username = ?#jdbcRealm.userRolesQuery = select role_name from user_roles where username = ?#jdbcRealm.permissionsQuery = select permission from roles_permissions where role_name = ?#↓是否#jdbcRealm.permissionsLookupEnabled = false#saltStyle =NO_SALT , CRYPT, COLUMN, EXTERNAL;#jdbcRealm.saltStyle = COLUMNsecurityManager.realms=$jdbcRealm#cache#shiroCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager#shiroCacheManager.cacheManagerConfigFile = classpath:ehcache-shiro.xml#securityManager.cacheManager = $shiroCacheManager#sessionsessionDAO= org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAOsessionManager= org.apache.shiro.web.session.mgt.DefaultWebSessionManagersessionDAO.activeSessionsCacheName= shiro-activeSessionCachesessionManager.sessionDAO= $sessionDAOsecurityManager.sessionManager= $sessionManagersecurityManager.sessionManager.globalSessionTimeout= 3600000#這里的規(guī)則,web.xml中的配置的ShiroFilter會(huì)使用到。[urls]/= anon/login= anon/suc= authc#/rpc/rest/** = perms[rpc:invoke], authc/admin/** = authc#用戶身份/憑據(jù)[users]li=123,guestsun=123,admin[roles]admin = *///////////////////////////////////////////////////////這是授權(quán)方法protectedAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals){ String userName = (String) getAvailablePrincipal(principals);//TODO 通過用戶名獲得用戶的所有資源,并把資源存入info中 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();//這里有一點(diǎn)說明下://這里set的只是把【已有】的權(quán)限、角色放到當(dāng)前驗(yàn)證的集合中,并不是給用戶【設(shè)置新的】權(quán)限、角色//【已有】的權(quán)限、角色是在配置文件中,或在庫表中,這里只是取出放到集合中。info.setStringPermissions(set集合);info.setRoles(set集合);info.setObjectPermissions(set集合);return info; }新聞熱點(diǎn)
疑難解答
圖片精選
網(wǎng)友關(guān)注
