I'm trying to set up an environment with Spring MVC and Apache Shiro. I'm following articles mentioned in shiro.apache.org.
I'm using Spring's DelegatingFilterProxy as Shiro Filter in web.xml.
The current filtering is done using :
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/dashboard"/>
<property name="unauthorizedUrl" value="/unauthorized"/>
<property name="filterChainDefinitions">
<value>
/** = authc, user, admin
/admin/** = authc, admin
/login = anon
</value>
</property>
</bean>
Question is, how do I use shiro.ini file defining security settings?
You don't need to use shiro.ini. All of the rest of your configuration can (and should, since you're using ShiroFilterFactoryBean) be done in Spring.
For example, adding a securityManager and ehCache based cache manager to your shiroFilter:
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
<property name="sessionMode" value="native"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="cacheManager" ref="cacheManager"/>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManager" ref="ehCacheManager"/>
</bean>
<bean id="ehCacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="sessionDAO"/>
</bean>
<bean id="myRealm" class="com.foo.MyRealm"/>