，好记性不如烂笔头

Shiro 的组件都是JavaBean/POJO 式的组件，所以非常容易使用Spring进行组件管理，可以非常方便的从ini配置迁移到Spring进行管理，且支持JavaSE应用及Web 应用的集成。

Web Applications

1、web.xml

     
     
          
      
       shiroFilter
          
      
       org.springframework.web.filter.DelegatingFilterProxy
          
      
               
       
        targetFilterLifecycle
               
       
        true
           
      
     
     
     
     
     
          
      
       shiroFilter
          
      
       /*
      
     

2、applicationContext.xml

In your applicationContext.xml file, define the web-enabled SecurityManager and the 'shiroFilter' bean that will be referenced from web.xml.

     
     
     
      ...
      
      
      
      
      
      
        ... ...
       
            
            
            
            
        
        
             
             
             
             
             
             
             
         
                  
          
                       # some example chain definitions:            /admin/** = authc, roles[admin]            /docs/** = authc, perms[document:read]            /** = authc            # more URL-to-FilterChain definitions here        
              
          
         
        
       
      
     

Enabling Shiro Annotations

In both standalone and web applications, you might want to use Shiro's Annotations for security checks (for example, @RequiresRoles,@RequiresPermissions, etc. This requires Shiro's Spring AOP integration to scan for the appropriate annotated classes and perform security logic as necessary.

Here is how to enable these annotations. Just add these two bean definitions to applicationContext.xml: