app-shiro.xml 2.9 KB
edit raw blame history

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">

	<!-- 开启Apache Shiro注解 否则使用SHIRO的注解后 @Autowired注解将会失效 -->
    <aop:config proxy-target-class="true"></aop:config>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

    <!-- rememberMe-->
    <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
        <constructor-arg value="rememberMe"/>
        <property name="httpOnly" value="true"/>
        <property name="maxAge" value="2592000"/><!-- 30天 -->
    </bean>

    <!-- rememberMe管理器 -->
    <bean id="rememberMeManager"
          class="org.apache.shiro.web.mgt.CookieRememberMeManager">
        <!--<property name="cipherKey" value="\#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>-->
        <property name="cookie" ref="rememberMeCookie"/>
    </bean>

    <bean id="shiroRealm" class="com.lyms.hospital.shiro.ShiroRealm"/>
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="shiroRealm" />
		<property name="rememberMeManager" ref="rememberMeManager"/>
	</bean>

    <bean id="forceLogoutFilter" class="com.lyms.web.filter.ForceLogoutFilter"/>
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="loginUrl" value="/login/tokens" />
        <property name="successUrl" value="/index" />
        <property name="filters">
            <util:map>
                <entry key="forceLogout" value-ref="forceLogoutFilter"/>
            </util:map>
        </property>
        <property name="filterChainDefinitions">
            <value>
                /login/tokens = anon
                /** = user,forceLogout
                <!--
                /logout = logout
                /captcha/* = anon
                /upload/* = anon
                /static/** = anon
                /dubboService/** = anon
                /authenticated = authc
                /test/** = anon
                 -->
            </value>
        </property>
    </bean>
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
</beans>