Shiro 集成 Web
Web 集成 Shiro 的练习项目。
Servlet + Shiro
项目结构
- 新建Maven项目,pom配置如下
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
<project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.zhen.shiro</groupId><artifactId>0322ShiroWeb</artifactId><packaging>war</packaging><version>0.0.1-SNAPSHOT</version><name>0322ShiroWeb Maven Webapp</name><url>http://maven.apache.org</url><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>3.8.1</version><scope>test</scope></dependency><!-- 添加servlet支持 --><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><!-- servlet end --><!-- jsp --><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.1</version></dependency><!-- jsp end --><!-- 添加 jstl 支持 --><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!-- 添加 log4j 日志支持 --><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.21</version></dependency><!-- commons-logging --><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加 shiro 支持 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.3.2</version></dependency><!-- 添加 shiro web 支持 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.3.2</version></dependency></dependencies><build><finalName>0322ShiroWeb</finalName></build></project> - 两个Servlet类
- LoginServlet 代码如下
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
packagecom.zhen.servlet;importjava.io.IOException;importjavax.servlet.ServletException;importjavax.servlet.http.HttpServlet;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importorg.apache.shiro.SecurityUtils;importorg.apache.shiro.authc.UsernamePasswordToken;importorg.apache.shiro.subject.Subject;publicclassLoginServletextendsHttpServlet{/****/privatestaticfinallongserialVersionUID = 1L;@OverrideprotectedvoiddoGet(HttpServletRequest req, HttpServletResponse resp)throwsServletException, IOException {// TODO Auto-generated method stubSystem.out.println("login doGet");req.getRequestDispatcher("login.jsp").forward(req, resp);}@OverrideprotectedvoiddoPost(HttpServletRequest req, HttpServletResponse resp)throwsServletException, IOException {System.out.println("login doPost");String userName = req.getParameter("userName");String password = req.getParameter("password");System.out.println("login:name="+userName+" password="+password);Subject currentUser = SecurityUtils.getSubject();UsernamePasswordToken token =newUsernamePasswordToken(userName, password);try{currentUser.login(token);resp.sendRedirect("success.jsp");}catch(Exception e) {e.printStackTrace();req.setAttribute("errorInfo","用户名或者密码错误");req.getRequestDispatcher("login.jsp").forward(req, resp);}}} - AdminServlet 代码如下
1234567891011121314151617181920212223242526
packagecom.zhen.servlet;importjava.io.IOException;importjavax.servlet.ServletException;importjavax.servlet.http.HttpServlet;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;publicclassAdminServletextendsHttpServlet{/****/privatestaticfinallongserialVersionUID = 1L;@OverrideprotectedvoiddoGet(HttpServletRequest req, HttpServletResponse resp)throwsServletException, IOException {System.out.println("admin doGet");}@OverrideprotectedvoiddoPost(HttpServletRequest req, HttpServletResponse resp)throwsServletException, IOException {System.out.println("admin doPost");}}
- LoginServlet 代码如下
- 配置 web.xml 文件,如下
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
<?xml version="1.0"encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"id="WebApp_ID"version="2.5"><display-name>0322ShiroWeb</display-name><welcome-file-list><welcome-file>index.html</welcome-file><welcome-file>index.htm</welcome-file><welcome-file>index.jsp</welcome-file><welcome-file>default.html</welcome-file><welcome-file>default.htm</welcome-file><welcome-file>default.jsp</welcome-file></welcome-file-list><listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><!-- 添加 shiro 支持 --><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class><!-- <init-param><param-name>configPath</param-name><param-value>/WEB-INF/shiro.ini</param-value></init-param> --></filter><filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern><!-- <dispatcher>REQUEST</dispatcher><dispatcher>FORWARD</dispatcher><dispatcher>INCLUDE</dispatcher><dispatcher>ERROR</dispatcher> --></filter-mapping><servlet><servlet-name>LoginServlet</servlet-name><servlet-class>com.zhen.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>LoginServlet</servlet-name><url-pattern>/login</url-pattern></servlet-mapping><servlet><servlet-name>adminServlet</servlet-name><servlet-class>com.zhen.servlet.AdminServlet</servlet-class></servlet><servlet-mapping><servlet-name>adminServlet</servlet-name><url-pattern>/admin</url-pattern></servlet-mapping></web-app> - WEB-INF 下创建 shiro.ini文件,如下
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp [users] zhen=123,admin jack=jack,teacher marry=marry json=json [roles] admin=user:* teacher=student:* [urls] /login=anon /admin=authc
/admin?=authc
/admin*=authc
/admin/**=authc /student=roles[teacher] /teacher=perms[user:create]
项目大概就这么些东西,主要来看下 shiro.ini 文件中每行代表的意思
[main]
authc.loginUrl=/login :身份验证的登录路径
roles.unauthorizedUrl=/unauthorized.jsp :角色认证不通过要跳转到的路径
perms.unauthorizedUrl=/unauthorized.jsp :权限认证不通过要跳转到的路径
[users]
zhen=123,admin :zhen用户,密码为123,角色为admin
jack=jack,teacher :jack用户,密码为jack,角色为teacher
marry=marry :marry用户,密码为marry
[roles]
admin=user:* :admin角色拥有的权限为 user:*
teacher=student:* :teacher角色拥有的权限为 student:*
[urls]
/login=anon : 表明 /login 此请求不需要进行身份认证
/admin=authc : 表明 /admin 请求需要进行身份认证,身份认证的登录路径对应上边的 authc.loginUrl
/admin?=authc : 表明 /admin? 请求需要进行身份认证,/admin? 可以匹配为 /admin1 /admin2,?匹配一个字符
/admin*=authc : 表明 /admin* 请求需要进行身份认证,/admin* 可以匹配为 /admin1,/admin12,/admin, * 匹配零个、一个或多个字符
/admin/**=authc :表明 /admin/** 请求需要进行身份认证,/admin/** 可以匹配为 /admin/a , /admin/a/b, **匹配零个或多个路径
/student=roles[teacher] : 表明 /student 请求只有角色为 teacher 的用户才能访问
/teacher=perms[user:create] : 表明 /teacher 请求只有拥有 user:create 权限的用户才能访问
url 匹配符
- ?
匹配一个字符 - *
匹配零个、一个或多个字符 - **
匹配零个或多个路径
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 记一次.NET内存居高不下排查解决与启示