shiro学习之路(5)------集成Web

来源：互联网发布：淘宝类目怎么修改编辑：程序博客网时间：2024/06/05 18:01

1.新建一个maven web项目

2.导包

<dependency>  <groupId>junit</groupId>  <artifactId>junit</artifactId>  <version>4.11</version>  <scope>test</scope></dependency><!--添加servlet支持--><dependency>  <groupId>javax.servlet</groupId>  <artifactId>javax.servlet-api</artifactId>  <version>3.0.1</version></dependency><dependency>  <groupId>javax.servlet.jsp</groupId>  <artifactId>jsp-api</artifactId>  <version>2.1</version></dependency><!--end--><!--添加jstl支持--><dependency>  <groupId>javax.servlet</groupId>  <artifactId>jstl</artifactId>  <version>1.2</version></dependency><!--end--><!--日志--><dependency>  <groupId>log4j</groupId>  <artifactId>log4j</artifactId>  <version>1.2.17</version></dependency><!--end--><!--数据源--><dependency>  <groupId>com.alibaba</groupId>  <artifactId>druid</artifactId>  <version>1.0.29</version></dependency><dependency>  <groupId>mysql</groupId>  <artifactId>mysql-connector-java</artifactId>  <version>5.1.6</version></dependency><dependency>  <groupId>commons-logging</groupId>  <artifactId>commons-logging</artifactId>  <version>1.2</version></dependency><!--end--><!--shiro--><dependency>  <groupId>org.apache.shiro</groupId>  <artifactId>shiro-core</artifactId>  <version>1.3.2</version></dependency><dependency>  <groupId>org.slf4j</groupId>  <artifactId>slf4j-api</artifactId>  <version>1.7.21</version>  <scope>test</scope></dependency><dependency>  <groupId>org.apache.shiro</groupId>  <artifactId>shiro-web</artifactId>  <version>1.3.2</version></dependency><!--end-->

3.新建一个login.jsp登录页面

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%><%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><%    String path = request.getContextPath();    String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>    <base href="<%=basePath%>">    <title>登录</title></head><body>    <form action="login" method="post">        userName:<input type="text" name="userName"/><br/>        password:<input type="password" name="password"/><br/>        <input type="submit" value="登录"/>    </form></body></html>

4.建立意见 LoginSetvlet 来获取请求

package com.spf.servlet;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.session.Session;import org.apache.shiro.subject.Subject;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/** * @Auther SPF */public class LoginSetvlet extends HttpServlet {    @Override    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {        System.out.println("Login doGet");        req.getRequestDispatcher("login.jsp").forward(req,resp);    }    @Override    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {        String username = req.getParameter("userName");        String pwd = req.getParameter("password");        Subject subject = SecurityUtils.getSubject();        UsernamePasswordToken token = new UsernamePasswordToken(username,pwd);        try{            subject.login(token);            Session session = subject.getSession();            System.out.println("session id:"+session.getId());            System.out.println("session time:"+session.getTimeout());            resp.sendRedirect("success.jsp");        } catch (AuthenticationException e) {            e.printStackTrace();            req.setAttribute("erroe","用户名或密码错误");            req.getRequestDispatcher("login.jsp").forward(req,resp);        }    }}

身份验证成功后跳转到成功页面

5.新建一个success.jsp

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%><%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %><%    String path = request.getContextPath();    String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>    <base href="<%=basePath%>">    <title>welcome</title></head><body>   登录成功<shiro:hasRole name="admin">    欢迎admin超级用户通过身份认证！</shiro:hasRole><shiro:hasPermission name="student:add">    欢迎teacher用户通过权限认证！</shiro:hasPermission><shiro:hasRole name="student"></shiro:hasRole></body></html>

shiro标签：

shiro:hasRole 判断用户当前角色

shiro:hasPermission  判断当前用户权限

6.配置web.xml

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">  <display-name>ShrioWeb</display-name>  <welcome-file-list>    <welcome-file>index.html</welcome-file>    <welcome-file>index.htm</welcome-file>    <welcome-file>index.jsp</welcome-file>    <welcome-file>default.html</welcome-file>    <welcome-file>default.htm</welcome-file>    <welcome-file>default.jsp</welcome-file>  </welcome-file-list>  <!--shiro-->  <listener>    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>  </listener>  <filter>    <filter-name>ShiroFilter</filter-name>    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>    <init-param>      <param-name>shiroConfigLocations</param-name>      <param-value>classpath*:/shiro_jdbc.ini</param-value>    </init-param>  </filter>  <filter-mapping>    <filter-name>ShiroFilter</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>  <servlet>    <servlet-name>loginServlet</servlet-name>    <servlet-class>com.spf.servlet.LoginSetvlet</servlet-class>  </servlet>  <servlet-mapping>    <servlet-name>loginServlet</servlet-name>    <url-pattern>/login</url-pattern>  </servlet-mapping>  <servlet>    <servlet-name>adminServlet</servlet-name>    <servlet-class>com.spf.servlet.AdminSetvlet</servlet-class>  </servlet>  <servlet-mapping>    <servlet-name>adminServlet</servlet-name>    <url-pattern>/admin</url-pattern>  </servlet-mapping>  </web-app>

7.新建一个shiro.ini，注意这里这个名字时候规定了的

  [main]authc.loginUrl=/login -->配置需要认证的路径roles.unauthorizedUrl=/unauthorized.jsp --> 配置角色认证不成功跳转路径perms.unauthorizedUrl=/unauthorized.jsp --> 配置权限验证不成功跳转路径
#配置自定义RealmjdbcRealm=com.spf.utils.realm.MyRealmsecurityManager.realms=$jdbcRealm[urls]/login=anon -->配置login路径不需要验证/admin*/**=authc -->配置admin需要验证，若没用验证直接访问，就通过上面的配置，跳转到login路径/student=roles[teacher] -->配置访问该路径所需要的角色/teacher=perms["user:create"] -->配置访问该路径所需要的权限
8.我们在新建一个权限验证不通过跳转的unauthorized.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head>    <title>unauthorized</title></head><body>认证未通过，或者权限不足！</body></html>
然后再把前面自定义Realm的三个方法导入
9.数据库新建三个表，根据自己自定义的Realm来设置表名，和字段
  t_user用户表：id：序号username：用户名password: 密码roleId  ：用户与角色表id的关联字段
  t_role角色表：id：序号roleName：角色名称
  t_permission权限表:id：序号permissionName：权限名roleId ：权限与角色表id的关联字段

好了现在可以去运行跑跑看了，根据我们配置
当我们访问 admin 路径的时候由于需要身份认证，所以就会跳转到登录页面，
登录成功后，因为数据库给admin配置的权限是user:creat，角色是admin；所以当我再去访问
student 这个路径会提示权限不足，访问 teacher 这个路径就会提示 欢迎admin超级用户通过身份认证！
当然，我们也可以在数据库给admin用户配置所有角色与权限！
ok!

阅读全文

1 0