shiro学习之路(5)------集成Web
来源:互联网 发布:淘宝类目怎么修改 编辑:程序博客网 时间:2024/06/05 18:01
1.新建一个maven web项目
2.导包
<dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope></dependency><!--添加servlet支持--><dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.0.1</version></dependency><dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>2.1</version></dependency><!--end--><!--添加jstl支持--><dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version></dependency><!--end--><!--日志--><dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version></dependency><!--end--><!--数据源--><dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.0.29</version></dependency><dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.6</version></dependency><dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version></dependency><!--end--><!--shiro--><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version></dependency><dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.21</version> <scope>test</scope></dependency><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version></dependency><!--end-->
3.新建一个login.jsp登录页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%><%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head> <base href="<%=basePath%>"> <title>登录</title></head><body> <form action="login" method="post"> userName:<input type="text" name="userName"/><br/> password:<input type="password" name="password"/><br/> <input type="submit" value="登录"/> </form></body></html>
4.建立意见 LoginSetvlet 来获取请求
package com.spf.servlet;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.session.Session;import org.apache.shiro.subject.Subject;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/** * @Auther SPF */public class LoginSetvlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("Login doGet"); req.getRequestDispatcher("login.jsp").forward(req,resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String username = req.getParameter("userName"); String pwd = req.getParameter("password"); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(username,pwd); try{ subject.login(token); Session session = subject.getSession(); System.out.println("session id:"+session.getId()); System.out.println("session time:"+session.getTimeout()); resp.sendRedirect("success.jsp"); } catch (AuthenticationException e) { e.printStackTrace(); req.setAttribute("erroe","用户名或密码错误"); req.getRequestDispatcher("login.jsp").forward(req,resp); } }}
身份验证成功后跳转到成功页面
5.新建一个success.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%><%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %><% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head> <base href="<%=basePath%>"> <title>welcome</title></head><body> 登录成功<shiro:hasRole name="admin"> 欢迎admin超级用户通过身份认证!</shiro:hasRole><shiro:hasPermission name="student:add"> 欢迎teacher用户通过权限认证!</shiro:hasPermission><shiro:hasRole name="student"></shiro:hasRole></body></html>
shiro标签:
shiro:hasRole 判断用户当前角色
shiro:hasPermission 判断当前用户权限
6.配置web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>ShrioWeb</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <!--shiro--> <listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> <init-param> <param-name>shiroConfigLocations</param-name> <param-value>classpath*:/shiro_jdbc.ini</param-value> </init-param> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>loginServlet</servlet-name> <servlet-class>com.spf.servlet.LoginSetvlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginServlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>adminServlet</servlet-name> <servlet-class>com.spf.servlet.AdminSetvlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>adminServlet</servlet-name> <url-pattern>/admin</url-pattern> </servlet-mapping> </web-app>
7.新建一个shiro.ini,注意这里这个名字时候规定了的
[main]authc.loginUrl=/login -->配置需要认证的路径roles.unauthorizedUrl=/unauthorized.jsp --> 配置角色认证不成功跳转路径perms.unauthorizedUrl=/unauthorized.jsp --> 配置权限验证不成功跳转路径#配置自定义RealmjdbcRealm=com.spf.utils.realm.MyRealmsecurityManager.realms=$jdbcRealm[urls]/login=anon -->配置login路径不需要验证/admin*/**=authc -->配置admin需要验证,若没用验证直接访问,就通过上面的配置,跳转到login路径/student=roles[teacher] -->配置访问该路径所需要的角色/teacher=perms["user:create"] -->配置访问该路径所需要的权限8.我们在新建一个权限验证不通过跳转的unauthorized.jsp<%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head> <title>unauthorized</title></head><body>认证未通过,或者权限不足!</body></html>然后再把前面自定义Realm的三个方法导入
9.数据库新建三个表,根据自己自定义的Realm来设置表名,和字段
t_user用户表:id:序号username:用户名password: 密码roleId :用户与角色表id的关联字段t_role角色表:id:序号roleName:角色名称t_permission权限表:id:序号permissionName:权限名roleId :权限与角色表id的关联字段好了现在可以去运行跑跑看了,根据我们配置
当我们访问 admin 路径的时候由于需要身份认证,所以就会跳转到登录页面,
登录成功后,因为数据库给admin配置的权限是user:creat,角色是admin;所以当我再去访问student 这个路径会提示权限不足,访问 teacher 这个路径就会提示 欢迎admin超级用户通过身份认证!当然,我们也可以在数据库给admin用户配置所有角色与权限!ok!
阅读全文
1 0
- shiro学习之路(5)------集成Web
- 【Shiro】Apache Shiro架构之集成web
- 【Shiro】Apache Shiro架构之集成web
- 【Shiro】Apache Shiro架构之集成web
- Shiro学习笔记(5)——web集成
- shiro 框架之与WEB集成
- Shiro 学习笔记(7)—— Shiro 集成 Web
- Shiro集成Web
- 【shiro】--- 集成web
- shiro学习-shiro集成cas
- Shiro学习(20)无状态Web应用集成
- Shiro学习(20)无状态Web应用集成
- Shiro学习系列教程四:集成web(二)
- shiro框架之无状态Web应用集成 二十
- shiro 的web集成使用
- Shiro与web的集成
- 3 、shiro与Web集成
- java安全框架-Shiro学习笔记(五)-Shiro集成Web
- 生日祝福
- oracle出现no listener报错
- mysql 关于查询时间的中工作中遇到的一些问题 有代表性的
- Android开发之RecyclerView的使用全解
- LeetCode.1 Two Sum
- shiro学习之路(5)------集成Web
- Delete和delete[]的区别
- 详解PHP实现定时任务的五种方法
- 银行联行号
- git从远程到本地,拉取分支,拉取项目,从其它分支拉取,推送,同步的操作
- 旋转数组的最小数字
- IO
- js中的反射机制
- 使用PyCharm进行远程开发和调试