spring.spring-shiro.xml Maven / Gradle / Ivy
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd" default-lazy-init="true"> <description>Shiro Configuration</description> <!-- 加载配置属性文件 --> <context:property-placeholder ignore-unresolvable="true" location="classpath:applications.properties" /> <!-- Shiro权限过滤过滤器定义 --> <bean name="shiroFilterChainDefinitions" class="java.lang.String"> <constructor-arg> <value> /static/** = anon /services/** = anon <!-- /cas = casLogout,cas --> /login = authc /logout = logout /** = user </value> </constructor-arg> </bean> <!-- 安全认证过滤器 --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <!--<property name="loginUrl" value="${cas.server.url}/login?service=${cas.project.url}${adminPath}/cas" /> --> <property name="loginUrl" value="/login" /> <property name="successUrl" value="/index" /> <property name="filters"> <map> <entry key="cas" value-ref="casFilter"/> <entry key="authc" value-ref="formAuthenticationFilter"/> <!-- <entry key="logout" value-ref="logoutFilter" /> --> </map> </property> <property name="filterChainDefinitions"> <ref bean="shiroFilterChainDefinitions"/> </property> </bean> <!-- CAS认证过滤器 --> <bean id="casFilter" class="org.apache.shiro.cas.CasFilter"> <!-- <property name="failureUrl" value="${adminPath}/login"/> --> <property name="failureUrl" value="/login"/> </bean> <bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <property name="redirectUrl" value="${cas.server.url}/logout?service=${cas.project.url}${adminPath}/cas"/> </bean> <!-- CASRealm--> <bean id="casRealm" class="com.yqjr.framework.component.shiro.CASAuthrizingRealm"> <property name="casServerUrlPrefix" value="${cas.server.url}"/> <property name="casService" value="${cas.project.url}/cas"/> </bean> <!-- 定义Shiro安全管理配置 --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="systemAuthorizingRealm" /> <!--<property name="realm" ref="casRealm" /> --> <property name="sessionManager" ref="sessionManager" /> <!-- <property name="cacheManager" ref="shiroCacheManager" /> --> </bean> <!-- 自定义会话管理配置 --> <bean id="sessionManager" class="com.yqjr.framework.component.shiro.SessionManager"> <property name="sessionDAO" ref="sessionDAO"/> <!-- 会话超时时间,单位:毫秒 --> <property name="globalSessionTimeout" value="1800000"/> <!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话 --> <property name="sessionValidationInterval" value="120000"/> <!-- <property name="sessionValidationSchedulerEnabled" value="false"/> --> <property name="sessionValidationSchedulerEnabled" value="true"/> <property name="sessionIdCookie" ref="sessionIdCookie"/> <property name="sessionIdCookieEnabled" value="true"/> </bean> <!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID, 当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! --> <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg name="name" value="yqjrframe.session.id"/> </bean> <!-- 自定义Session存储容器 --> <!-- <bean id="sessionDAO" class="com.yqjr.base.framework.security.shiro.session.JedisSessionDAO"> --> <!-- <property name="sessionIdGenerator" ref="idGen" /> --> <!-- <property name="sessionKeyPrefix" value="${redis.keyPrefix}_session_" /> --> <!-- </bean> --> <bean id="sessionDAO" class="com.yqjr.framework.component.shiro.CacheSessionDAO"> <!-- <property name="sessionIdGenerator" ref="idGen" /> --> <property name="activeSessionsCacheName" value="activeSessionsCache" /> <!-- <property name="cacheManager" ref="shiroCacheManager" /> --> </bean> <!-- 定义授权缓存管理器 不使用 --> <!-- <bean id="shiroCacheManager" class="com.yqjr.base.framework.security.shiro.cache.SessionCacheManager" /> --> <!-- <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <property name="cacheManager" ref="cacheManager"/> </bean> --> <!-- 保证实现了Shiro内部lifecycle函数的bean执行 --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> </beans>