标签:
1.) web.xml - enable shiro filter:<listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
[main] saltedJdbcRealm = com.czetsuya.commons.web.security.shiro.JdbcRealmImpl # any object property is automatically configurable in Shiro.ini file saltedJdbcRealm.jndiDataSourceName = dropshipDS # the realm should handle also authorization saltedJdbcRealm.permissionsLookupEnabled = true # If not filled, subclasses of JdbcRealm assume "select password from users where username = ?" # first result column is password, second result column is salt saltedJdbcRealm.authenticationQuery = SELECT password, salt FROM crm_users WHERE disabled = false AND username = ? # If not filled, subclasses of JdbcRealm assume "select role_name from user_roles where username = ?" saltedJdbcRealm.userRolesQuery = SELECT name FROM crm_roles a INNER JOIN crm_user_roles b ON a.id = b.role_id INNER JOIN crm_users c ON c.id = b.user_id WHERE c.username = ? # If not filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name = ?" saltedJdbcRealm.permissionsQuery = SELECT action FROM crm_permissions WHERE role = ? # password hashing specification, put something big for hasIterations sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher sha256Matcher.hashAlgorithmName = SHA-256 sha256Matcher.hashIterations = 1 saltedJdbcRealm.credentialsMatcher = $sha256Matcher securityManager.realms = $saltedJdbcRealm cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager cacheManager.cacheManagerConfigFile = classpath:ehcache.xml securityManager.cacheManager = $cacheManager dsFilter = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter dsFilter.loginUrl = /login.xhtml roles = com.czetsuya.commons.web.security.shiro.RolesAuthorizationFilter [urls] /login.xhtml = dsFilter /backend/** = dsFilter, roles[backend] /affiliate/** = dsFilter, roles[affiliate] /api/** = noSessionCreation, dsFilter /logout = logout3.) Enable shiro‘s native session:
[main] saltedJdbcRealm = com.czetsuya.commons.web.security.shiro.JdbcRealmImpl # any object property is automatically configurable in Shiro.ini file saltedJdbcRealm.jndiDataSourceName = dummyDS # the realm should handle also authorization saltedJdbcRealm.permissionsLookupEnabled = true # If not filled, subclasses of JdbcRealm assume "select password from users where username = ?" # first result column is password, second result column is salt saltedJdbcRealm.authenticationQuery = SELECT password, salt FROM crm_users WHERE disabled = false AND username = ? # If not filled, subclasses of JdbcRealm assume "select role_name from user_roles where username = ?" saltedJdbcRealm.userRolesQuery = SELECT name FROM crm_roles a INNER JOIN crm_user_roles b ON a.id = b.role_id INNER JOIN crm_users c ON c.id = b.user_id WHERE c.username = ? # If not filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name = ?" saltedJdbcRealm.permissionsQuery = SELECT action FROM crm_permissions WHERE role = ? # password hashing specification, put something big for hasIterations sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher sha256Matcher.hashAlgorithmName = SHA-256 sha256Matcher.hashIterations = 1 saltedJdbcRealm.credentialsMatcher = $sha256Matcher securityManager.realms = $saltedJdbcRealm sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO sessionDAO.activeSessionsCacheName = dropship-activeSessionCache sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager sessionManager.sessionDAO = $sessionDAO #sessionManager.sessionIdCookie.domain = com.sido # 1,800,000 milliseconds = 30 mins #sessionManager.globalSessionTimeout = 1800000 sessionValidationScheduler = org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler # 1,800,000 milliseconds = 30 mins sessionValidationScheduler.interval = 1800000 sessionManager.sessionValidationScheduler = $sessionValidationScheduler securityManager.sessionManager = $sessionManager cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager cacheManager.cacheManagerConfigFile = classpath:ehcache.xml securityManager.cacheManager = $cacheManager sidoFilter = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter sidoFilter.loginUrl = /login.xhtml # logout.redirectUrl = /login.xhtml [urls] /login.xhtml = sidoFilter /secure/** = sidoFilter /api/** = noSessionCreation, sidoFilter # /logout = logout
Using shiro‘s native and the default http session
标签:
原文地址:http://my.oschina.net/seamanmei/blog/424158
