jsgkj/gkjsjy/trunk/resources/spring/applicationContext-shiro.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:jpa="http://www.springframework.org/schema/data/jpa"
    xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
        http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa.xsd"
    default-lazy-init="true">

    <description>xtframe Security Configuration</description>
<context:property-placeholder
		ignore-resource-not-found="true" location="classpath*:spring/application.properties" />
    <!-- Shiro's main business-tier object for web-enabled applications -->
    <!-- 配置权限管理器-->
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager" depends-on="">
    	<property name="authenticator" ref="authenticator" /><!-- 缓存管理器 -->
    	<property name="realms">
    		 <list>
                 <ref bean="customRealm"/>
                 <ref bean="casRealm"/>
            </list>
    	</property>
        <property name="cacheManager" ref="cacheManager" /><!-- 缓存管理器 -->
    </bean>
<!-- 认证策略 -->
<bean id="authenticator" class="org.apache.shiro.authc.pam.ModularRealmAuthenticator">  
    <property name="authenticationStrategy">  
        <bean class="org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy" />  
    </property>  
</bean>  

 <!-- 加密方式 -->
    <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <property name="hashAlgorithmName" value="SHA-256" />
    </bean>
   <!-- 项目自定义的Realm -->
   <bean id="customRealm" factory-bean="securityContext" factory-method="getRealm">
        <constructor-arg name="credentialsMatcher" ref="credentialsMatcher" />
    </bean> 
    
    <!-- 项目自定义的单点登录Realm -->
    <bean id="casRealm" factory-bean="securityContext" factory-method="getCasRealm">
		<property name="casServerUrlPrefix" value="http://${cas.serverIp}:${cas.serverPort}/znjg/" />
		<!--客户端的回调地址设置，必须和上面的shiro-cas过滤器拦截的地址一致 -->
		<property name="casService" value="http://${cas.localIp}:${cas.localPort}/jsjy/shiro-cas/"/>
    </bean>

   
    <!-- Shiro Filter -->
   <bean id="myFilter" class="com.xtframe.sec.common.CaptchaFormAuthenticationFilter" >
   		<property name="loginUrl" value="/login" />
        <property name="successUrl" value="/main" /> 
   </bean>
   
   <!-- 单点登录的filter -->
   <bean id="casfilter" factory-bean="securityContext" factory-method="getCasFilter" >
   		<property name="loginUrl" value="http://${cas.serverIp}:${cas.serverPort}/znjg?service=http://${cas.localIp}:${cas.localPort}/jsjy/shiro-cas/" />
        <property name="successUrl" value="/main" /> 
        <property name="failureUrl" value="/error/404.jsp" /> 
   </bean> 
   
    <bean id="ssologout" class="org.apache.shiro.web.filter.authc.LogoutFilter">          
   	<property name="redirectUrl"  value="http://${cas.serverIp}:${cas.serverPort}/znjg/logout?service=http://${cas.localIp}:${cas.localPort}/jsjy/shiro-cas"/>
   </bean>

    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="filters">
            <map>
                <entry key="authc" value-ref="myFilter" />
                <entry key="casfilter" value-ref="casfilter"/><!-- sso的filter -->
                <entry key="ssologout" value-ref="ssologout"/><!-- sso的filter -->
            </map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /favicon.ico = anon
                /ssologout = ssologout
                /logout = logout
                /static/** = anon
                /error/** = anon
                /test.jsp = anon
                 /yzm=anon
                /services/** = anon
                /xkzfz/viewWhfzList = anon 
                /xkzfz/getFileList = anon 
                /xkzxx/viewxkzList = anon
                /xkzxx/getFileList = anon
                /shiro-cas/** = casfilter
                /**=authc
                <!-- 所有请求都要通过登录验证，未登录就跳转到登录页面 -->
            </value>
        </property>
    </bean>

    <!-- 用户授权信息Cache -->
    <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />
    
	
    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
    <bean class="com.xtframe.web.authz.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager" />
    </bean>
</beans>