shiro第三天——声明式授权（jsp+servlet+ini）

工程目录

pom.xml:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.java.shiro</groupId><artifactId>ShiroWeb01</artifactId><packaging>war</packaging><version>0.0.1-SNAPSHOT</version><name>ShiroWeb01 Maven Webapp</name><url>http://maven.apache.org</url><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>3.8.1</version><scope>test</scope></dependency><!-- servlet依赖 --><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version><scope>provided</scope></dependency><!-- jsp依赖 --><dependency><groupId>javax.servlet.jsp</groupId><artifactId>jsp-api</artifactId><version>2.2</version><scope>provided</scope></dependency><!-- jstl依赖 --><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!-- 添加日志支持 --><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><!-- commonsLogin --><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加shiro核心包 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.3.2</version></dependency><!-- 添加shiro-web包 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.3.2</version></dependency><!-- 添加log4j sl4j --><dependency><groupId>org.apache.logging.log4j</groupId><artifactId>log4j-slf4j-impl</artifactId><version>2.9.1</version></dependency></dependencies><build><finalName>ShiroWeb01</finalName></build></project>

web.xml中设置shiro过滤器

<!-- shiro监听器 --><listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><!-- 添加shiro过滤器 --><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class></filter><!-- 对所有资源进行过滤 --><filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern><dispatcher>REQUEST</dispatcher><dispatcher>FORWARD</dispatcher><dispatcher>INCLUDE</dispatcher><dispatcher>ERROR</dispatcher></filter-mapping>

没有设置shiro.ini文件的路径，则默认会去src/main/webapp/WEB-INF/这个目录下寻找shiro.ini这个文件。

所以我们在src/main/webapp/WEB-INF/这个目录下创建shiro.ini这个文件：

[main]authc.loginUrl=/LoginServletroles.unauthorizedUrl=/unauthorized.jspperms.unauthorizedUrl=/unauthorized.jsp[users]java1234=123456,adminjack=123,teachermarry=234[roles]admin=user:*teacher=student:*[urls]/LoginServlet=anon/AdminServlet=authc/student=roles[teacher]/teacher=perms["user:create"]

创建LoginServlet用来测试身份验证：

package com.java.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;/** * Servlet implementation class LoginServlet */public class LoginServlet extends HttpServlet {private static final long serialVersionUID = 1L;/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("login doGet");request.getRequestDispatcher("login.jsp").forward(request, response);}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("login doPost");String userName = request.getParameter("userName");String password = request.getParameter("password");Subject subject = SecurityUtils.getSubject();UsernamePasswordToken token = new UsernamePasswordToken(userName,password);try {subject.login(token);response.sendRedirect("success.jsp");} catch (AuthenticationException e) {// TODO Auto-generated catch blocke.printStackTrace();request.setAttribute("errorInfo", "用户名或者密码错误");request.getRequestDispatcher("login.jsp").forward(request, response);}}}

创建AdminServlet用来测试角色和权限

package com.java.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Servlet implementation class AdminServlet */public class AdminServlet extends HttpServlet {private static final long serialVersionUID = 1L;    /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {System.out.println("admin doGet");}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("admin doPost");}}

创建login.jsp（简单的一个登录界面）：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录界面</title></head><body><form action="LoginServlet" method="post">userName:<input type="text" name="userName"/><br/>password:<input type="password" name="password"/><br/><input type="submit" value="登录"/></form></body></html>

创建success.jsp，当登录成功则跳转到此页面：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>登录成功</body></html>

unauthorized.jsp(身份认证失败或者权限不足时跳转到此页面)：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body>身份认证失败或者权限不足</body></html>

注意事项（测试过程出现的问题）：

shiro.ini文件中的authc.loginUrl=...不能打错，否则运行之后会出现404错误。