6

I'm trying to set up an environment with Spring MVC and Apache Shiro. I'm following articles mentioned in shiro.apache.org.

I'm using Spring's DelegatingFilterProxy as Shiro Filter in web.xml.

The current filtering is done using :

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login"/>
        <property name="successUrl" value="/dashboard"/>
        <property name="unauthorizedUrl" value="/unauthorized"/>
        <property name="filterChainDefinitions">
            <value>
                /** = authc, user, admin
                /admin/** = authc, admin
                /login = anon
            </value>
        </property>
    </bean>

Question is, how do I use shiro.ini file defining security settings?

Firdous Amir
  • 1,297
  • 5
  • 21
  • 39

2 Answers2

8

You can check shiro documentation here http://shiro.apache.org/reference.html, it contains everything, in spring, as Les said, usually define different beans instead of using the shiro.ini file, but also you can use this file for authentication, use IniRealm like:

<bean id="myRealm" class="org.apache.shiro.realm.text.IniRealm">
  <property name="resourcePath" value="classpath:/shiro.ini" />
</bean>

more detail refers to here

Andy Ma
  • 328
  • 3
  • 7
8

You don't need to use shiro.ini. All of the rest of your configuration can (and should, since you're using ShiroFilterFactoryBean) be done in Spring.

For example, adding a securityManager and ehCache based cache manager to your shiroFilter:

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realm" ref="myRealm"/>
    <property name="sessionMode" value="native"/>
    <property name="sessionManager" ref="sessionManager"/>
    <property name="cacheManager" ref="cacheManager"/>
</bean>

<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property name="cacheManager" ref="ehCacheManager"/>
</bean>

<bean id="ehCacheManager" 
    class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>

<bean id="sessionDAO" 
    class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>

<bean id="sessionManager"
    class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
    <property name="sessionDAO" ref="sessionDAO"/>
</bean>

<bean id="myRealm" class="com.foo.MyRealm"/>
sourcedelica
  • 23,940
  • 7
  • 66
  • 74
  • Yep, ericacm is right; INI is Shiro's default config format if no other config mechanism is available. Since Spring does already provide a very powerful config mechanism, Spring apps should configure Shiro via Spring directly. This is also typically more powerful than INI since you can use things like Spring's PropertyPlaceholderConfigurer and other Spring config conveniences to make Shiro config even better. – Les Hazlewood Sep 17 '11 at 04:04
  • Eric/Les, Thanks. I'm still pitching up with Shiro and it's great. I still didn't get a right documentation which explains spring-shiro-jdbcRealm integration with a sample app. Could you please help? – Firdous Amir Sep 17 '11 at 05:21
  • @sourcedelica I need to add FacesAjaxAwareUserFilter.How can i do that.? [main] user = com.example.filter.FacesAjaxAwareUserFilter user.loginUrl = /login.xhtml [users] admin = password [urls] /login.xhtml = user /app/** = user – Dileep Feb 03 '14 at 07:00