k18-ntcs-web-ntc/src/main/resources/applicationContext-shiro.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
		http://www.springframework.org/schema/context  http://www.springframework.org/schema/context/spring-context-4.1.xsd"
	default-lazy-init="true">
	
	<description>Shiro Configuration</description>
	
	 <!-- 引入jdbc.properties,加密密码 ;<context:property-placeholder location="classpath:jdbc.properties" />-->
	<bean id="propertyConfigurer"  class="com.nis.util.PropertyPlaceholderConfigurerCrypt">
		<property name="locations" >
			<list>
				<value>classpath:jdbc.properties</value>
				<value>classpath:nis.properties</value>
			</list>
		</property>
	</bean>
	
	<!-- autodetection of such annotated controllers -->
	<!-- 使用Annotation自动注册Bean，解决事物失效问题：在主容器中不扫描@Controller注解，在SpringMvc中只扫描@Controller注解。  -->
	<context:component-scan base-package="com.nis.web">
		<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
	</context:component-scan>
	
	<!-- 缓存配置 -->
	<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
		<property name="configLocation" value="classpath:${ehcache.configFile}" />
	</bean>
	
	<!-- Shiro权限过滤过滤器定义 -->
	<bean name="shiroFilterChainDefinitions" class="java.lang.String">
		<constructor-arg>
			<value>
				/static/** = anon
				/userfiles/** = anon
				${adminPath}/cas = cas
				/login = authc
				/logout = logout
				${adminPath}/** = user
				<!-- 
				/act/rest/service/editor/** = perms[act:model:edit]
				/act/rest/service/model/** = perms[act:model:edit]
				/act/rest/service/** = user
				/ReportServer/** = user
				 -->
				
			</value>
		</constructor-arg>
	</bean>
	
	
	<!-- 安全认证过滤器 -->
	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
		<property name="securityManager" ref="securityManager"></property>
		<property name="loginUrl" value="/login"></property>
		<property name="successUrl" value="${adminPath}/index"></property>
		<property name="unauthorizedUrl" value="/unauthorized"></property>
		<property name="filters">
			<map>
				<entry key="cas" value-ref="casFilter"></entry>
				<entry key="authc" value-ref="formAuthenticationFilter"/>
			</map>
		</property>
		<property name="filterChainDefinitions">
			<ref bean="shiroFilterChainDefinitions"/>
		</property>
		
	</bean>
	
	
	<!-- CAS认证过滤器 -->  
	<bean id="casFilter" class="org.apache.shiro.cas.CasFilter">  
		<property name="failureUrl" value="/login"/>
	</bean>
	
	<!-- 定义Shiro安全管理配置 -->
	<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 		<property name="realm" ref="systemAuthorizingRealm" /> -->
		<property name="realm" ref="shiroRealm" />
		<property name="sessionManager" ref="sessionManager" />
		<property name="cacheManager" ref="shiroCacheManager" />
	</bean>
	
	<bean id="shiroRealm" class="com.nis.web.security.SystemAuthorizingRealm">
		<!-- 启用缓存 -->
		<property name="cachingEnabled" value="true"></property>
		<!-- 启用身份验证缓存 -->
		<property name="authenticationCachingEnabled" value="true"></property>
		<!-- 启用授权缓存 -->
		<property name="authorizationCachingEnabled" value="true"></property>
	</bean>
	
	<!-- 自定义会话管理配置 -->
	<bean id="sessionManager" class="com.nis.web.security.SessionManager"> 
		<!-- <property name="sessionDAO" ref="sessionDAO"/> -->
		<property name="sessionDAO" ref="redisSessionDAO"/>
		
		<!-- 会话超时时间，单位：毫秒  -->
		<property name="globalSessionTimeout" value="${session.sessionTimeout}"/>
		
		<!-- 定时清理失效会话, 清理用户直接关闭浏览器造成的孤立会话   -->
		<property name="sessionValidationInterval" value="${session.sessionTimeoutClean}"/>
<!--  		<property name="sessionValidationSchedulerEnabled" value="false"/> -->
 		<property name="sessionValidationSchedulerEnabled" value="true"/>
 		
		<property name="sessionIdCookie" ref="sessionIdCookie"/>
		<property name="sessionIdCookieEnabled" value="true"/>
	</bean>
	
	<bean id="redisSessionDAO" class="com.nis.web.security.CacheSessionDAO">
		<property name="expire" value="${redis.expire}"></property>
		<property name="redisManager" ref="redisManager"></property>
		<property name="keyPrefix" value="shiro_redis_"></property>
	</bean>
	
	<!-- 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
		当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
	<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
	    <constructor-arg name="name" value="nis.session.id"/>
	</bean>

	<!-- <bean id="sessionDAO" class="com.nis.web.security.CacheSessionDAO">
		<property name="sessionIdGenerator" ref="idGen" />
		<property name="activeSessionsCacheName" value="activeSessionsCache" />
		<property name="cacheManager" ref="shiroCacheManager" />
	</bean> -->
	
	<!-- 定义授权缓存管理器 -->
<!-- 	<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
		<property name="cacheManager" ref="cacheManager"/>
	</bean> -->
	<bean id="shiroCacheManager" class="org.crazycake.shiro.RedisCacheManager">
		<property name="redisManager" ref="redisManager"/>
	</bean>
	
	<bean id="redisManager" class="org.crazycake.shiro.RedisManager">
		<property name="host" value="${redis.host}"></property>
		<property name="timeout" value="${redis.timeout}"></property>
	</bean>
	
	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
	
	<!-- AOP式方法级权限检查,enable shiro annotations for Spring-configured beans.only run after  -->
	<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
		<property name="proxyTargetClass" value="true" />
	</bean>
	<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    	<property name="securityManager" ref="securityManager"/>
	</bean>
	
	   
	<!-- 登陆时验证码的配置 -->
	<bean id="captchaProducer" class="com.google.code.kaptcha.impl.DefaultKaptcha">
		<property name="config">
			<bean class="com.google.code.kaptcha.util.Config">
				<!--通过构造函数注入属性值 -->
				<constructor-arg type="java.util.Properties">
					<props>
						<!-- 验证码宽度 -->
						<prop key="kaptcha.image.width">115</prop>
						<!-- 验证码高度 -->
						<prop key="kaptcha.image.height">46</prop>
						<!-- 生成验证码内容范围 -->
						<prop key="kaptcha.textproducer.char.string">abcde012345678gfynmnpwx</prop>
						<!-- 验证码个数 -->
						<prop key="kaptcha.textproducer.char.length">5</prop>
						<!-- 是否有边框 -->
						<prop key="kaptcha.border">no</prop>
						<!-- 验证码字体颜色 -->
						<prop key="kaptcha.textproducer.font.color">white</prop>
						<!-- 验证码字体大小 -->
						<prop key="kaptcha.textproducer.font.size">25</prop>
						<!-- 验证码所属字体样式 -->
						<prop key="kaptcha.textproducer.font.names">Arial, Courier</prop>
						<prop key="kaptcha.background.clear.from">104,183,26</prop>
						<prop key="kaptcha.background.clear.to">104,183,26</prop>
						<prop key="kaptcha.obscurificator.impl">com.google.code.kaptcha.impl.ShadowGimpy</prop>
						<prop key="kaptcha.noise.impl">com.google.code.kaptcha.impl.NoNoise</prop>
						<!-- 干扰线颜色 -->
						<prop key="kaptcha.noise.color">red</prop>
						<!-- 验证码文本字符间距 -->
						<prop key="kaptcha.textproducer.char.space">1</prop>
					</props>
				</constructor-arg>
			</bean>
		</property>
	</bean>
	    
  	
  	


</beans>