1、導入pom文件
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.2.2</version>
</dependency>
2、配置web.xml
<filter>
<!-- 去spring配置文件中尋找同名bean -->
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、配置applicationContext-shiro.xml
<!-- 配置Shiro核心Filter -->
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 安全管理器 -->
<property name="securityManager" ref="securityManager" />
<!-- 未認證,跳轉到哪個頁面 -->
<property name="loginUrl" value="/login.html" />
<!-- 登錄成功跳轉頁面 <property name="successUrl" value="/index.html" /> -->
<!-- 認證後,沒有權限跳轉頁面 -->
<property name="unauthorizedUrl" value="/unauthorized.html" />
<!-- shiro URL控制過濾器規則 -->
<property name="filterChainDefinitions">
<value>
/login.html* = anon
/css/** = anon
/js/** = anon
/images/** = anon
/user_login.action* = anon
/** = authc
</value>
</property>
</bean>
<!-- 安全管理器 -->
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
</bean>
<!-- Shiro生命週期處理器 -->
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- 開啓shiro註解模式 -->
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" >
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
4、測試
隨機訪問一個未被shiro管理的界面,看是否會跳轉到配置的未認證界面,即login.html