Shiro框架從入門到實戰代碼（五）springMVC結合Shiro實現權限驗證

LoginController

@Controller
public class LoginController {
    @RequestMapping("gologin.html")
    public String goLogin() {
        return "login";
    }

    @RequestMapping("logout.html")
    public String logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "login";
    }

    @RequestMapping("login.html")
    public String login(String username, String password, HttpServletRequest request) {
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            subject.login(token);
            return "redirect:index.html";
        } catch (AuthenticationException e) {
            e.printStackTrace();
            request.setAttribute("error", "用戶名或密碼錯誤");
            return "login";
        }
    }
}

MenuController

@Controller
@RequestMapping("/menu")
public class MenuController {

    @RequestMapping("list.html")
    public String list() {
        return "/menu_list";
    }

    @RequestMapping("go_edit.html")
    @RequiresPermissions("menu:edit")
    public String goEdit() {
        return "/menu_edit";
    }
}

PageController

@Controller
public class PageController {

    @RequestMapping("index.html")
    public String index() {
        return "index";
    }
    @RequestMapping("error.html")
    public String error() {
        return "error";
    }
}

shiro-web.ini

[users]
root = secret, admin
guest = guest, guest
test = 123456, guest,test

[roles]
admin = *
guest = user:list
test = menu:list,menu:add

spring-config.xml

<context:component-scan base-package="com.shiro.test.mvc">
        <context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
    </context:component-scan>

    <bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm">
        <constructor-arg name="resourcePath" value="classpath:shiro-web.ini"/>
    </bean>

    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name="realm" ref="iniRealm"/>
    </bean>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/gologin.html"/>
        <property name="successUrl" value="/index.html"/>
        <property name="unauthorizedUrl" value="/error.html"/>
        <property name="filterChainDefinitions">
            <value>
                /login.html=anon
                /gologin.html=anon
                /index.html = authc
                /role.html=authc,roles[admin]
                /menu/** = authc
            </value>
        </property>
    </bean>
</beans>