无法在自定义Apache Shiro AuthorizingRealm中@Inject我的DAO

Apache Shiro默认使用的EnvironmentLoaderListener不支持CDI。解决方案是构建一个，并将web.xml中的原始引用替换为指向您自定义的引用。

注意: CDI注入在侦听器中是自动支持的，但是侦听器必须通过CDI机制请求bean。自定义侦听器将使用@Inject请求bean，并将JpaRealm创建为CDI bean，它将注入所有依赖项。默认的Shire侦听器不会通过@Inject将JpaRealm创建为启用cdi的bean。

CustomCredentialsMatcher.java

public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {
}

CustomEnvironmentLoaderListener.java

public class CustomEnvironmentLoaderListener extends EnvironmentLoaderListener {
    @Inject
    private JpaRealm jpaRealm;
    @Override
    protected WebEnvironment createEnvironment(ServletContext pServletContext) {
        WebEnvironment environment = super.createEnvironment(pServletContext);
        RealmSecurityManager rsm = (RealmSecurityManager) environment.getSecurityManager();
        PasswordService passwordService = new DefaultPasswordService();
        PasswordMatcher passwordMatcher = new PasswordMatcher();
        passwordMatcher.setPasswordService(passwordService);
        jpaRealm.setCredentialsMatcher(passwordMatcher);
        rsm.setRealm(jpaRealm);
        ((DefaultWebEnvironment) environment).setSecurityManager(rsm);
        return environment;
    }
}

FacesAjaxAwareUserFilter.java

public class FacesAjaxAwareUserFilter extends UserFilter {
    private static final String FACES_REDIRECT_XML = "<?xml version="1.0" encoding="UTF-8"?><partial-response><redirect url="%s"></redirect></partial-response>";
    @Override
    protected void redirectToLogin(ServletRequest req, ServletResponse res) throws IOException {
        HttpServletRequest request = (HttpServletRequest) req;
        if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
            res.setContentType("text/xml");
            res.setCharacterEncoding("UTF-8");
            res.getWriter().printf(FACES_REDIRECT_XML, request.getContextPath() + getLoginUrl());
        } else {
            super.redirectToLogin(req, res);
        }
    }
}

JpaRealm.java

public class JpaRealm extends AuthorizingRealm {
    private static String REALM_NAME = "jpaRealm";
    @Inject
    private UserDao userDao;
    @Inject
    private RoleDao roleDao;
    @Inject
    private PermissionDao permissionDao;
    public JpaRealm() {
        setName(REALM_NAME); // This name must match the name in the User class's getPrincipals() method
    }
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authToken;
        User user = userDao.getForUsername(token.getUsername());
        if (user != null) {
            return new SimpleAuthenticationInfo(user.getId(), user.getPassword(), getName());
        } else {
            return null;
        }
    }
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Long userId = (Long) principals.fromRealm(getName()).iterator().next();
        User user = userDao.findByKey(userId);
        if (user != null) {
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            for (Role role : roleDao.getForUser(user)) {
                info.addRole(role.getDescription());
                for (Permition permition : permissionDao.getForRole(role)) {
                    info.addStringPermission(permition.getDescription());
                }
            }
            return info;
        } else {
            return null;
        }
    }
}

shiro.ini

[main]
user = com.boss.mrfoods.security.FacesAjaxAwareUserFilter
user.loginUrl = /pages/public/login.xhtml
[urls]
/index.html = anon
/pages/index.xhtml = anon
/pages/public/** = anon
/pages/admin/** = user, roles[ADMIN]
/pages/user/** = user, roles[USER]

web . xml

...
<listener>
    <listener-class>com.boss.mrfoods.security.CustomEnvironmentLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
...

jpaRealm恰好在'CustomEnvironmentLoaderListener'中为空。我尝试在JpaRealm类上设置@Service("JpaRealm")注释，以便容器可以知道注入，但仍然没有运气。在这两种情况下JpaRealm都为空。

如果我们想让注入在自定义领域工作，还需要做什么?

使用ShiroWebModule注入你的自定义Realm

public class PocShiroModule extends ShiroWebModule {
    public PocShiroModule(ServletContext servletContext) {
        super(servletContext);
    }
    @Override
    protected void configureShiroWeb() {
        bindConstant().annotatedWith(Names.named("shiro.globalSessionTimeout"))
                .to(30000L);
        bind(Realm.class).to(JPARealm.class);
    }
    @Provides
    @Singleton
    Set<Realm> provideRealmSet(Realm realm) {
        Set<Realm> result = new HashSet<Realm>();
        result.add(realm);
        return result;
    }
}

在您的上下文侦听器中注册这个模块

public class PocGuiceServletConfig extends GuiceServletContextListener {
    private ServletContext context = null;
    @Override
    public void contextInitialized(ServletContextEvent servletContextEvent) {
        this.context = servletContextEvent.getServletContext();
        super.contextInitialized(servletContextEvent);
    }
    @Override
    protected synchronized Injector getInjector() {
        return Guice.createInjector(
                new PocModule(), 
                new PocShiroModule(context), 
                new ShiroAopModule());
    }
}