Shiro集成Web

废话不多说，Demo演示自己体会

创建一个Maven 项目，自己准备一个logj.properties放在source下

自己再创键一个动态web项目 把 maven web.xml替换 ，再把META-INF放在对应目录下，把创建的动态web项目删掉，maven创建的jsp干掉，自己新建

在pom.xml贴上相关依赖

<dependencies>    <dependency>      <groupId>junit</groupId>      <artifactId>junit</artifactId>      <version>3.8.1</version>      <scope>test</scope>    </dependency>        <!-- 添加servlet支持 -->    <dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.1</version></dependency><!-- 添加jstl支持 --><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!-- 添加日志支持 -->    <dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency>            <dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加shiro支持 -->    <dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency>        <dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.4</version></dependency>        <dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.12</version></dependency>          </dependencies>

在WEB-INF下新建shiro.ini

在web.xml进行配置

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"  id="WebApp_ID" version="2.5">  <display-name>ShrioWeb</display-name>  <welcome-file-list>    <welcome-file>index.html</welcome-file>    <welcome-file>index.htm</welcome-file>    <welcome-file>index.jsp</welcome-file>    <welcome-file>default.html</welcome-file>    <welcome-file>default.htm</welcome-file>    <welcome-file>default.jsp</welcome-file>  </welcome-file-list>    <listener>    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>  </listener>   <!-- 添加shiro支持 --><filter>    <filter-name>ShiroFilter</filter-name>    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>    <!-- 这里默认加载 WEB-INF/shiro.ini 所以不用写 --></filter><filter-mapping>    <filter-name>ShiroFilter</filter-name>    <url-pattern>/*</url-pattern></filter-mapping><servlet><servlet-name>loginServlet</servlet-name><servlet-class>com.gcx.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>loginServlet</servlet-name><url-pattern>/login</url-pattern></servlet-mapping><servlet><servlet-name>adminServlet</servlet-name><servlet-class>com.gcx.servlet.AdminServlet</servlet-class></servlet><servlet-mapping><servlet-name>adminServlet</servlet-name><url-pattern>/admin</url-pattern></servlet-mapping></web-app>

admin Servlet

package com.gcx.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;public class AdminServlet extends HttpServlet{/** *  */private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {System.out.println("admin do get");}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {System.out.println("admin do post");}}

LoginServlet  doGet 是身份验证未登录会到这  doPost是form提交 到这里来  这里的Token指定的用户是shiro.ini [users]里面的

package com.gcx.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.session.Session;import org.apache.shiro.subject.Subject;public class LoginServlet extends HttpServlet{/** *  */private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("login doget");req.getRequestDispatcher("login.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {System.out.println("login dopost");String userName=req.getParameter("userName");String password=req.getParameter("password");Subject subject=SecurityUtils.getSubject();UsernamePasswordToken token=new UsernamePasswordToken(userName, password);try{subject.login(token);//Session会话机制Session session=subject.getSession();System.out.println("sessionId:"+session.getId());System.out.println("sessionHost:"+session.getHost());System.out.println("sessionTimeout:"+session.getTimeout());session.setAttribute("info", "session的数据");resp.sendRedirect("success.jsp");}catch(Exception e){e.printStackTrace();req.setAttribute("errorInfo", "用户名或者密码错误");req.getRequestDispatcher("login.jsp").forward(req, resp);}}}

login.jsp  验证未登录会到这个页面来

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body><form action="login" method="post">userName:<input type="text" name="userName"/><br/>password:<input type="password" name="password"/><br/><input type="submit" value="登录"/></form></body></html>

认证登陆成功后进来的页面 shiro标签判断当前用户是否符合这个标签要求

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>${info }欢迎你!<shiro:hasRole name="admin">欢迎有admin角色的用户！<shiro:principal/></shiro:hasRole><shiro:hasPermission name="student:create">欢迎有student:create权限的用户！<shiro:principal/></shiro:hasPermission></body></html>

身份认证失败或者权限不足 看到的页面

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>认证未通过，或者权限不足</body></html>

URL的匹配方式：

具体情况自己弄好环境后，不同用户进行调试，查看对比结果，比较重要也是Shiro核心