All Downloads are FREE. Search and download functionalities are using the official Maven repository.

spring.spring-shiro.xml Maven / Gradle / Ivy

Go to download 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
		http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-4.0.xsd"
	default-lazy-init="true">

	<description>Shiro Configuration</description>

    <!-- 加载配置属性文件 -->
	<context:property-placeholder ignore-unresolvable="true" location="classpath:applications.properties" />
	
	<!-- Shiro权限过滤过滤器定义 -->
	<bean name="shiroFilterChainDefinitions" class="java.lang.String">
		<constructor-arg>
			<value>
				/static/** = anon 
				/services/** = anon 
				<!-- /cas = casLogout,cas -->
				/login = authc
				/logout = logout
				/** = user
			</value>
		</constructor-arg>
	</bean>
	
	<!-- 安全认证过滤器 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager" />
		<!--<property name="loginUrl" value="${cas.server.url}/login?service=${cas.project.url}${adminPath}/cas" /> -->
		<property name="loginUrl" value="/login" />
		<property name="successUrl" value="/index" />
		<property name="filters">
            <map>
                <entry key="cas" value-ref="casFilter"/>
                <entry key="authc" value-ref="formAuthenticationFilter"/>
               <!--  <entry key="logout" value-ref="logoutFilter" /> -->
            </map>
        </property>
		<property name="filterChainDefinitions">
			<ref bean="shiroFilterChainDefinitions"/>
		</property>
	</bean>
	
	<!-- CAS认证过滤器 -->  
	<bean id="casFilter" class="org.apache.shiro.cas.CasFilter">  
		<!-- <property name="failureUrl" value="${adminPath}/login"/> -->
		<property name="failureUrl" value="/login"/>
	</bean>
	
	<bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
          <property name="redirectUrl" value="${cas.server.url}/logout?service=${cas.project.url}${adminPath}/cas"/>
	</bean>
    
	<!-- CASRealm--> 
	<bean id="casRealm" class="com.yqjr.framework.component.shiro.CASAuthrizingRealm">   
    	<property name="casServerUrlPrefix" value="${cas.server.url}"/>  
    	<property name="casService" value="${cas.project.url}/cas"/>  
	</bean>   	
	
	<!-- 定义Shiro安全管理配置 -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="systemAuthorizingRealm" />
		<!--<property name="realm" ref="casRealm" /> -->
		<property name="sessionManager" ref="sessionManager" />
		<!-- <property name="cacheManager" ref="shiroCacheManager" /> -->
	</bean>
	
	<!-- 自定义会话管理配置 -->
	<bean id="sessionManager" class="com.yqjr.framework.component.shiro.SessionManager"> 
		<property name="sessionDAO" ref="sessionDAO"/>
		
		<!-- 会话超时时间,单位:毫秒  -->
		<property name="globalSessionTimeout" value="1800000"/>
		
		<!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->
		<property name="sessionValidationInterval" value="120000"/>
<!--  		<property name="sessionValidationSchedulerEnabled" value="false"/> -->
 		<property name="sessionValidationSchedulerEnabled" value="true"/>
 		
		<property name="sessionIdCookie" ref="sessionIdCookie"/>
		<property name="sessionIdCookieEnabled" value="true"/>
	</bean>
	
	<!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
		当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
	<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
	    <constructor-arg name="name" value="yqjrframe.session.id"/>
	</bean>

	<!-- 自定义Session存储容器 -->
<!-- 	<bean id="sessionDAO" class="com.yqjr.base.framework.security.shiro.session.JedisSessionDAO"> -->
<!-- 		<property name="sessionIdGenerator" ref="idGen" /> -->
<!-- 		<property name="sessionKeyPrefix" value="${redis.keyPrefix}_session_" /> -->
<!-- 	</bean> -->
	<bean id="sessionDAO" class="com.yqjr.framework.component.shiro.CacheSessionDAO">
		<!-- <property name="sessionIdGenerator" ref="idGen" /> -->
		<property name="activeSessionsCacheName" value="activeSessionsCache" />
		<!-- <property name="cacheManager" ref="shiroCacheManager" /> -->
	</bean>
	
	<!-- 定义授权缓存管理器 不使用 -->
<!-- 	<bean id="shiroCacheManager" class="com.yqjr.base.framework.security.shiro.cache.SessionCacheManager" /> -->
	<!-- <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
		<property name="cacheManager" ref="cacheManager"/>
	</bean> -->
	
	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
	
	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    	<property name="securityManager" ref="securityManager"/>
	</bean>
	
</beans>




© 2015 - 2024 Weber Informatics LLC | Privacy Policy