shiro第三天——声明式授权(jsp+servlet+ini)
来源:互联网 发布:淘宝手机端详情页模板 编辑:程序博客网 时间:2024/06/05 04:28
工程目录
pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.java.shiro</groupId><artifactId>ShiroWeb01</artifactId><packaging>war</packaging><version>0.0.1-SNAPSHOT</version><name>ShiroWeb01 Maven Webapp</name><url>http://maven.apache.org</url><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>3.8.1</version><scope>test</scope></dependency><!-- servlet依赖 --><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version><scope>provided</scope></dependency><!-- jsp依赖 --><dependency><groupId>javax.servlet.jsp</groupId><artifactId>jsp-api</artifactId><version>2.2</version><scope>provided</scope></dependency><!-- jstl依赖 --><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!-- 添加日志支持 --><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><!-- commonsLogin --><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加shiro核心包 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.3.2</version></dependency><!-- 添加shiro-web包 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.3.2</version></dependency><!-- 添加log4j sl4j --><dependency><groupId>org.apache.logging.log4j</groupId><artifactId>log4j-slf4j-impl</artifactId><version>2.9.1</version></dependency></dependencies><build><finalName>ShiroWeb01</finalName></build></project>web.xml中设置shiro过滤器
<!-- shiro监听器 --><listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><!-- 添加shiro过滤器 --><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class></filter><!-- 对所有资源进行过滤 --><filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern><dispatcher>REQUEST</dispatcher><dispatcher>FORWARD</dispatcher><dispatcher>INCLUDE</dispatcher><dispatcher>ERROR</dispatcher></filter-mapping>
没有设置shiro.ini文件的路径,则默认会去src/main/webapp/WEB-INF/这个目录下寻找shiro.ini这个文件。
所以我们在src/main/webapp/WEB-INF/这个目录下创建shiro.ini这个文件:
[main]authc.loginUrl=/LoginServletroles.unauthorizedUrl=/unauthorized.jspperms.unauthorizedUrl=/unauthorized.jsp[users]java1234=123456,adminjack=123,teachermarry=234[roles]admin=user:*teacher=student:*[urls]/LoginServlet=anon/AdminServlet=authc/student=roles[teacher]/teacher=perms["user:create"]创建LoginServlet用来测试身份验证:
package com.java.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;/** * Servlet implementation class LoginServlet */public class LoginServlet extends HttpServlet {private static final long serialVersionUID = 1L;/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("login doGet");request.getRequestDispatcher("login.jsp").forward(request, response);}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("login doPost");String userName = request.getParameter("userName");String password = request.getParameter("password");Subject subject = SecurityUtils.getSubject();UsernamePasswordToken token = new UsernamePasswordToken(userName,password);try {subject.login(token);response.sendRedirect("success.jsp");} catch (AuthenticationException e) {// TODO Auto-generated catch blocke.printStackTrace();request.setAttribute("errorInfo", "用户名或者密码错误");request.getRequestDispatcher("login.jsp").forward(request, response);}}}
创建AdminServlet用来测试角色和权限
package com.java.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Servlet implementation class AdminServlet */public class AdminServlet extends HttpServlet {private static final long serialVersionUID = 1L; /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {System.out.println("admin doGet");}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("admin doPost");}}
创建login.jsp(简单的一个登录界面):
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录界面</title></head><body><form action="LoginServlet" method="post">userName:<input type="text" name="userName"/><br/>password:<input type="password" name="password"/><br/><input type="submit" value="登录"/></form></body></html>
创建success.jsp,当登录成功则跳转到此页面:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>登录成功</body></html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>身份认证失败或者权限不足</body></html>
注意事项(测试过程出现的问题):
shiro.ini文件中的authc.loginUrl=...不能打错,否则运行之后会出现404错误。
阅读全文
0 0
- shiro第三天——声明式授权(jsp+servlet+ini)
- Shiro Review——使用ini文件进行授权测试
- Shiro入门—授权
- Shiro(3)——授权
- java安全框架-Shiro学习笔记(四)-注解式授权+Jsp标签授权
- (四)shiro注解授权和jsp标签授权
- shiro基础学习(三)—shiro授权
- Servlet第三天
- Servlet学习第三天
- Shiro学习笔记(4)——ini 配置
- JSP第三天
- JSP第三天
- 学习jsp第三天
- JSP学习第三天
- JSP第三天
- Shiro教程之注解式&jsp标签授权
- Shiro学习笔记(3)——授权(Authorization)
- Shiro 学习笔记(2)—— 授权初步
- JAVA调用函数,求两个数的最大公约数和最小公倍数。
- Kali Linux------代理简介
- js作用域中的那些事儿(you don‘t know javascript)
- CSDN-markdown编辑器语法——字体、字号与颜色,背景色
- 进程线程协程那些事儿
- shiro第三天——声明式授权(jsp+servlet+ini)
- Ngrok服务器的搭建
- 盒模型——标准盒模型与怪异盒模型
- 169. Majority Element
- 在python3中,编写GUI调用window下的notepad应用程序
- 大型网站技术架构笔记-第2篇 架构(4)
- 雇佣问题(hireassistant)-c++代码实现
- 求方程的根
- Android 绘制文本的一些方法