多单位版国产化地质资料管理系统
blame | 历史 | 原始文档
zhai
2025-09-17 7a8a84577894b766a95c6cbfa5ac7b51e54ac242 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

<?xml version="1.0" encoding="UTF-8"?>


<beans xmlns="http://www.springframework.org/schema/beans"


       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"


       xsi:schemaLocation="


       http://www.springframework.org/schema/beans


       http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">


 


    <!--自定义过滤器bean-->


    <bean id="tokenFilter" class="com.ruili.wcp.web.common.TokenFilter"></bean>


 


    <!-- 对应于web.xml中配置的那个shiroFilter -->


    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">


        <!-- Shiro的核心安全接口,这个属性是必须的 -->


        <property name="securityManager" ref="securityManager"/>


        <!-- 要求登录时的链接(登录页面地址),非必须的属性,默认会自动寻找Web工程根目录下的"/login.jsp"页面 -->


        <property name="loginUrl" value="/account/login"/>


        <!-- 用户访问未对其授权的资源时,所显示的连接 -->


        <property name="unauthorizedUrl" value="/account/login"/>


        <property name="filters">


            <map>


                <entry key="token" value-ref="tokenFilter"/>


            </map>


        </property>


 


        <property name="filterChainDefinitions">


            <value>


                /poserver*=anon


                /poclient=anon


                /api/**=token


            </value>


        </property>


    </bean>


 


    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"></bean>


 


    <!-- 缓存管理 -->


    <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">


        <property name="cacheManager" ref="cacheManagerFactory"/>


    </bean>


 


    <!-- 使用自定义的Realm类 -->


    <bean id="defaultRealm" class="com.ruili.wcp.common.ShiroDefaultRealm">


        <!-- 将凭证匹配器设置到realm中,realm按照凭证匹配器的要求进行散列 -->


        <property name="credentialsMatcher" ref="credentialsMatcher"/>


    </bean>


 


    <!-- 凭证匹配器 -->


    <bean id="credentialsMatcher" class="com.ruili.wcp.common.RetryLimitCredentialsMatcher">


        <constructor-arg ref="shiroCacheManager"/>


    </bean>


    <!-- RememberMe 管理器 -->


    <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">


        <property name="cookie" ref="rememberMeCookie"/>


    </bean>


    <!-- RememberMe Cookie 配置 -->


    <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">


        <property name="name" value="rememberMe"/>


        <property name="maxAge" value="2592000"/> <!-- 30天 -->


        <property name="httpOnly" value="true"/>


    </bean>


 


    <!-- Shiro安全管理器 -->


    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">


        <property name="realm" ref="defaultRealm"></property>


        <property name="cacheManager" ref="shiroCacheManager"></property>


        <!-- 注入session管理器 -->


        <property name="sessionManager" ref="sessionManager"/>


        <property name="rememberMeManager" ref="rememberMeManager"/>


    </bean>


 


    <!-- 会话ID生成器 -->


    <bean id="sessionIdGenerator"


          class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>


 


    <!-- 会话管理器,设定会话超时及保存 -->


    <bean id="sessionManager"


          class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">


        <!-- 全局会话超时时间(单位毫秒),设置360分钟 -->


        <property name="globalSessionTimeout" value="21600000"/>


        <property name="sessionDAO" ref="sessionDAO"/>


    </bean>


 


    <!-- 会话验证调度器,每30分钟执行一次验证 -->


    <!-- <bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.quartz.QuartzSessionValidationScheduler"> -->


    <bean id="sessionValidationScheduler"


          class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">


        <property name="interval" value="1800000"/>


        <property name="sessionManager" ref="sessionManager"/>


    </bean>


 


    <!-- sessionDAO保存认证信息 -->


    <bean id="sessionDAO"


          class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">


        <property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>


        <property name="cacheManager" ref="shiroCacheManager"/>


        <property name="sessionIdGenerator" ref="sessionIdGenerator"/>


    </bean>


 


    <bean


            class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">


        <property name="exceptionMappings">


            <props>


                <!--登录 -->


                <prop key="org.apache.shiro.authz.UnauthenticatedException">


                    redirect:/account/login


                </prop>


                <!--授权 -->


                <prop key="org.apache.shiro.authz.UnauthorizedException">


                    redirect:/admin/common/exceptionLog


                </prop>


            </props>


        </property>


        <property name="defaultErrorView" value="error/genericView"/>


    </bean>


</beans>