apahce shiro:1.6.0,依赖shiro-web部分
一、shiro与web集成
1、Shiro1.1 及以前版本配置方式
使用org.apache.shiro.web.servlet.IniShiroFilter作为Shiro安全控制的入口点。
web.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0" metadata-complete="false"> <!--- shiro 1.1 --> <filter> <filter-name>iniShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class> <init-param> <param-name>configPath</param-name> <param-value>classpath:shiro.ini</param-value> <!--默认先从/WEB-INF/shiro.ini,如果没有找classpath:shiro.ini--> </init-param> <init-param> <param-name>config</param-name> <param-value> [main] authc.loginUrl=/login [users] zhang=123,admin [roles] admin=user:*,menu:* [urls] /login=anon /static/**=anon /authenticated=authc /role=authc,roles[admin] /permission=authc,perms["user:create"] </param-value> </init-param> </filter> <filter-mapping> <filter-name>iniShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <error-page> <error-code>401</error-code> <location>/WEB-INF/jsp/unauthorized.jsp</location> </error-page> </web-app>