<!-- shiro -->

                <!-- 項目自定义的Realm -->

        <bean id="ShiroRealm" class="com.cms.shiro.ShiroRealm" ></bean>

        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">

            <property name="realm" ref="ShiroRealm" />

        </bean>

                <!-- Shiro Filter -->

        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

            <property name="securityManager" ref="securityManager" />

            <property name="loginUrl" value="/" />

            <property name="successUrl" value="/main/index" />

            <property name="unauthorizedUrl" value="/toLogin" />

            <property name="filterChainDefinitions">

                <value>

                /static/login/**             = anon   <!-- 不用认证 -->

                /static/js/myjs/**             = authc  <!-- 需要认证 -->

                /static/**                     = anon

                   /loginToIndex                 = anon

                   /toLogin                     = anon

                  /**                            = authc 

                </value>

            </property>

        </bean>

package com.cms.shiro;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.realm.Realm;

public class ShiroRealm implements Realm{

    @Override

    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {

           /*获取用户名*/

        String username = arg0.getPrincipal().toString();

        /*获取密码，由于密码是进行了加密的，所以必须转为char数组再转String

        * 否则无法识别*/

        String password =String.valueOf((char [])arg0.getCredentials());

         if(null != username && null != password){

             return new SimpleAuthenticationInfo(username, password, getName());

         }else{

             return null;

         }

    }

    @Override

    public String getName() {

        // TODO Auto-generated method stub

        return "ShiroRealm";

    }

    /**

     * 判断当前认证方式是不是用户名和密码

     */

    @Override

    public boolean supports(AuthenticationToken arg0) {

        // TODO Auto-generated method stub

        return arg0 instanceof UsernamePasswordToken;

    }

}

        Subject subject = SecurityUtils.getSubject();

        Session session = subject.getSession();

        String attribute = (String)session.getAttribute("abc");

        System.out.println(attribute);

        try {

            data.put("username", "username");

            data.put("password", "password");

            PageData pd = userService.getUserByUsernameAndPassword(data);

            System.out.println(pd);

        } catch (Exception e) {

            // TODO Auto-generated catch block

            e.printStackTrace();

        }

        UsernamePasswordToken token = new UsernamePasswordToken("abc", "abc");

        subject.login(token);