一、在web.xml中添加shiro过滤器
shiroFilter org.springframework.web.filter.DelegatingFilterProxy shiroFilter protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { String username=(String)principals.fromRealm(getName()).iterator().next(); if( username != null ){ User user = accountManager.get( username ); if( user != null && user.getRoles() != null ){ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for( SecurityRole each: user.getRoles() ){ info.addRole(each.getName()); info.addStringPermissions(each.getPermissionsAsString()); } return info; } } return null; } protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken ) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String userName = token.getUsername(); if( userName != null && !"".equals(userName) ){ User user = accountManager.login(token.getUsername(), String.valueOf(token.getPassword())); if( user != null ) return new SimpleAuthenticationInfo( user.getLoginName(),user.getPassword(), getName()); } return null; } }
参考资料:让Apache Shiro保护你的应用
