1. <dependency>
2. <groupId>commons-collections</groupId>
3. <artifactId>commons-collections</artifactId>
4. <version>3.2.1</version>
5. </dependency>
6. <dependency>
7. <groupId>net.sf.ehcache</groupId>
8. <artifactId>ehcache-core</artifactId>
9. <version>2.6.9</version>
10. </dependency>
11. <dependency>
12. <groupId>org.apache.shiro</groupId>
13. <artifactId>shiro-spring</artifactId>
14. <version>1.2.3</version>
15. </dependency>
16. <dependency>
17. <groupId>org.apache.shiro</groupId>
18. <artifactId>shiro-ehcache</artifactId>
19. <version>1.2.3</version>
20. </dependency>
21. <dependency>
22. <groupId>org.apache.shiro</groupId>
23. <artifactId>shiro-quartz</artifactId>
24. <version>1.2.3</version>
25. </dependency>

Xml代码  

1. <bean id="sessionFactory"
2. class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
3. <property name="dataSource" ref="dataSource"></property>
4. <property name="hibernateProperties">
5. <props>
6. <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
7. <prop key="hibernate.show_sql">true</prop>
8. <prop key="hibernate.hbm2ddl.auto">update</prop>
9. <!--
10. <prop key="hibernate.cache.region.factory_class">org.hibernate.cache.EhCacheRegionFactory</prop>
11. -->
12. <prop key="hibernate.cache.region.factory_class">
13. org.hibernate.cache.SingletonEhCacheRegionFactory
14. </prop>
15. <prop key="hibernate.cache.provider_class">net.sf.ehcache.hibernate.SingletonEhCacheProvider</prop>
16. <prop key="hibernate.cache.use_second_level_cache">true</prop>
17. <prop key="hibernate.cache.use_query_cache">true</prop>
18. <prop key="hibernate.cache.use_structured_entries">true</prop>
19. <prop key="hibernate.cache.provider_configuration_file_resource_path">WEB-INF/classes/ehcache.xml</prop>
20. <prop key="hibernate.current_session_context_class">org.springframework.orm.hibernate4.SpringSessionContext</prop>
21. </props>
22. </property>
23. <property name="packagesToScan">
24. <list>
25. <value>com.xxx.entity</value>
26. </list>
27. </property>
28. </bean>

Xml代码  

1. <?xml version="1.0" encoding="UTF-8"?>
2. <ehcache>
3. <diskStore path="java.io.tmpdir" />
4. <defaultCache maxElementsInMemory="10000" eternal="false"
5. timeToIdleSeconds="120" timeToLiveSeconds="120" overflowToDisk="true" />
6. <cache name="org.hibernate.cache.UpdateTimestampsCache"
7. maxElementsInMemory="5000" eternal="true" overflowToDisk="true" />
8. <cache name="org.hibernate.cache.StandardQueryCache"
9. maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="120"
10. overflowToDisk="true" />
11. <!-- 登录记录缓存 锁定10分钟 -->
12. <cache name="passwordRetryCache"
13. maxEntriesLocalHeap="2000"
14. eternal="false"
15. timeToIdleSeconds="3600"
16. timeToLiveSeconds="0"
17. overflowToDisk="false"
18. statistics="true">
19. </cache>
20. <cache name="authorizationCache"
21. maxEntriesLocalHeap="2000"
22. eternal="false"
23. timeToIdleSeconds="3600"
24. timeToLiveSeconds="0"
25. overflowToDisk="false"
26. statistics="true">
27. </cache>
28. <cache name="authenticationCache"
29. maxEntriesLocalHeap="2000"
30. eternal="false"
31. timeToIdleSeconds="3600"
32. timeToLiveSeconds="0"
33. overflowToDisk="false"
34. statistics="true">
35. </cache>
36. <cache name="shiro-activeSessionCache"
37. maxEntriesLocalHeap="2000"
38. eternal="false"
39. timeToIdleSeconds="3600"
40. timeToLiveSeconds="0"
41. overflowToDisk="false"
42. statistics="true">
43. </cache>
44. </ehcache>

Xml代码  

1. <!-- shiro 安全过滤器 -->
2. <!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->
3. <filter>
4. <filter-name>shiroFilter</filter-name>
5. <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
6. <async-supported>true</async-supported>
7. <init-param>
8. <param-name>targetFilterLifecycle</param-name>
9. <param-value>true</param-value>
10. </init-param>
11. </filter>
12. <!-- Make sure any request you want accessible to Shiro is filtered. /* catches all -->
13. <!-- requests.  Usually this filter mapping is defined first (before all others) to -->
14. <!-- ensure that Shiro works in subsequent filters in the filter chain:             -->
15. <filter-mapping>
16. <filter-name>shiroFilter</filter-name>
17. <url-pattern>/*</url-pattern>
18. </filter-mapping>

Xml代码  

1. <?xml version="1.0" encoding="UTF-8"?>
2. <beans xmlns="http://www.springframework.org/schema/beans"
3. xmlns:util="http://www.springframework.org/schema/util"
4. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5. xsi:schemaLocation="
6. http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
7. http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
8. <!-- 缓存管理器 使用Ehcache实现-->
9. <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
10. <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"/>
11. </bean>
12. <bean id="passwordHelper" class="com.shinowit.framework.security.PasswordHelper">
13. </bean>
14. <!-- 凭证匹配器 -->
15. <bean id="credentialsMatcher"
16. class="com.shinowit.framework.security.credentials.RetryLimitSimpleCredentialsMatcher">
17. <constructor-arg ref="cacheManager"/>
18. <property name="passwordHelper" ref="passwordHelper"/>
19. </bean>
20. <bean id="shiro_user_dao" class="com.shinowit.framework.security.dao.UserDAO">
21. <property name="jt" ref="jdbcTemplate"/>
22. </bean>
23. <!-- Realm实现 -->
24. <bean id="userRealm" class="com.shinowit.framework.security.realm.UserRealm">
25. <property name="userDAO" ref="shiro_user_dao"/>
26. <property name="credentialsMatcher" ref="credentialsMatcher"/>
27. <!--密码校验接口-->
28. <property name="cachingEnabled" value="true"/>
29. <property name="authenticationCachingEnabled" value="true"/>
30. <property name="authenticationCacheName" value="authenticationCache"/>
31. <property name="authorizationCachingEnabled" value="true"/>
32. <property name="authorizationCacheName" value="authorizationCache"/>
33. </bean>
34. <!-- 会话ID生成器 -->
35. <bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
36. <!-- 会话Cookie模板 -->
37. <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
38. <constructor-arg value="sid"/>
39. <property name="httpOnly" value="true"/>
40. <property name="maxAge" value="180000"/>
41. </bean>
42. <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
43. <constructor-arg value="rememberMe"/>
44. <property name="httpOnly" value="true"/>
45. <property name="maxAge" value="2592000"/>
46. <!-- 30天 -->
47. </bean>
48. <!-- rememberMe管理器 -->
49. <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
50. <property name="cipherKey"
51. value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
52. <property name="cookie" ref="rememberMeCookie"/>
53. </bean>
54. <!-- 会话DAO -->
55. <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
56. <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>
57. <property name="sessionIdGenerator" ref="sessionIdGenerator"/>
58. </bean>
59. <!-- 会话验证调度器 -->
60. <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler">
61. <property name="sessionValidationInterval" value="1800000"/>
62. <property name="sessionManager" ref="sessionManager"/>
63. </bean>
64. <!-- 会话管理器 -->
65. <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
66. <property name="globalSessionTimeout" value="1800000"/>
67. <property name="deleteInvalidSessions" value="true"/>
68. <property name="sessionValidationSchedulerEnabled" value="true"/>
69. <property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
70. <property name="sessionDAO" ref="sessionDAO"/>
71. <property name="sessionIdCookieEnabled" value="true"/>
72. <property name="sessionIdCookie" ref="sessionIdCookie"/>
73. </bean>
74. <!-- 安全管理器 -->
75. <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
76. <property name="realm" ref="userRealm"/>
77. <property name="sessionManager" ref="sessionManager"/>
78. <property name="cacheManager" ref="cacheManager"/>
79. <property name="rememberMeManager" ref="rememberMeManager"/>
80. </bean>
81. <!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
82. <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
83. <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
84. <property name="arguments" ref="securityManager"/>
85. </bean>
86. <!--下面的loginUrl有两个必要条件,一个登陆校验失败以后会强制客户端redirect到这个url，
87. 另外一个是登陆的表单(含有用户名及密码)必须action到这个url-->
88. <!-- 自定义的能够接收校验码的身份验证过滤器
89. 跳转问题太他妈诡异了,不用了，自己写代码控制如何跳转了
90. <bean id="formAuthenticationFilter" class="com.shinowit.framework.security.filter.ValidFormAuthenticationFilter">
91. <property name="usernameParam" value="loginName"/>
92. <property name="passwordParam" value="loginPass"/>
93. <property name="loginUrl" value="/login/"/>
94. </bean>
95. -->
96. <!-- Shiro的Web过滤器 -->
97. <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
98. <property name="securityManager" ref="securityManager"/>
99. <property name="loginUrl" value="/login/"/>
100. <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
101. <property name="filters">
102. <map>
103. <entry key="authc">
104. <bean class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter"/>
105. </entry>
106. </map>
107. <!--
108. <util:map>
109. <entry key="authc" value-ref="formAuthenticationFilter"/>
110. </util:map>
111. -->
112. </property>
113. <property name="filterChainDefinitions">
114. <value>
115. /index.jsp = anon
116. /validcode.jsp = anon
117. /login/ = anon
118. /static/** = anon
119. /js/** = anon
120. /img/** = anon
121. /unauthorized.jsp = anon
122. #/login/checklogin = authc
123. /login/checklogin = anon
124. /login/logoutlogout = logout
125. /** = user
126. </value>
127. </property>
128. </bean>
129. <!-- Shiro生命周期处理器-->
130. <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
131. </beans>

特别提醒：开发人员在开发的时候可以将自己的业务REST服务化或者Dubbo服务化

2.    项目依赖介绍

2.1 后台管理系统、Rest服务系统、Scheculer定时调度系统依赖如下图：