Shiro Spring JDBCRealm Authentication and Authorization

Idea

I need to develop a web application using Spring MVC with Shiro as Security Framework.

Requirements

The usernames, passwords, roles etc to be stored in a database. Database Schema:

authorities[id, authorty_name] 
role[id, role_name] 
role_authorities_map[authority.id, role.id] 
user[id, username, password] 
user_rol_map[user.id, role_id]

The Password should be hashed and salted in the table.

Shiro Filter in web application should be DeligatingFilterProxy to utilize Spring's configuration mechanisms

All requests should be aut开发者_C百科henticated except /login, e.g.

/** = authc
/login = anon
/admin/** = authc, admin

If the authentication is successful, the framework should route to /dashboard

All URLs are processed by Spring Controller called MainController

Problem

How do we solve above requirements? What configuration goes to what file?

Please help.

I found this website quite use

http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-2

Check it out