shiro笔记
shiro入门demo
建立ini配置文件
1 [main] 2 jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm 3 dataSource=com.mchange.v2.c3p0.ComboPooledDataSource 4 dataSource.driverClass=com.mysql.jdbc.Driver 5 dataSource.jdbcUrl=jdbc:mysql://localhost:3306/shiro 6 7 dataSource.user=root 8 9 #dataSource.password= 10 11 jdbcRealm.dataSource=$dataSource 12 13 securityManager.realms=$jdbcRealm
一开始,我按照教程的方法,配置的方法是
1 dataSource=com.mchange.v2.c3p0.ComboPooledDataSource 2 dataSource.driverClassName=com.mysql.jdbc.Driver 3 dataSource.url=jdbc:mysql://localhost:3306/shiro 4 dataSource.username=root 5 #dataSource.password=
但是控制台一直报错
Line argument must contain a key anda value. Only one string token was found.
纠结了半天,后来下午的时候查了资料发现c3p0的配置写法好像不太一样,修改了以后就跑通了。
具体原因还不是很清楚。mark。
测试代码
1 public static void main(String[] args) { 2 Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbc.ini"); 3 SecurityManager securityManager = factory.getInstance(); 4 SecurityUtils.setSecurityManager(securityManager); 5 Subject currentUser = SecurityUtils.getSubject(); 6 UsernamePasswordToken token = new UsernamePasswordToken("admin","123"); 7 try{ 8 currentUser.login(token); 9 System.out.println("身份认证成功"); 10 }catch(AuthenticationException e){ 11 e.printStackTrace(); 12 System.out.println("身份认证失败"); 13 } 14 }
另外,数据库里的表 表名必须为users ,字段必须为userName,password,不然会报错。
测试通过的话。
log4j:WARN No appenders could be found for logger (com.mchange.v2.log.MLog). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. 2015-11-19 15:46:34 org.apache.shiro.realm.AuthorizingRealm getAuthorizationCacheLazy 信息: No cache or cacheManager properties have been set. Authorization cache cannot be obtained. 2015-11-19 15:46:34 org.apache.shiro.config.IniSecurityManagerFactory isAutoApplyRealms 信息: Realms have been explicitly set on the SecurityManager instance - auto-setting of realms will not occur. 2015-11-19 15:46:35 org.apache.shiro.session.mgt.AbstractValidatingSessionManager enableSessionValidation 信息: Enabling session validation scheduler... 身份认证成功
不通过的话会报错。
结合web
配置文件
1 [main] 2 authc.loginUrl=/login 3 roles.unauthorizedUrl=/unauthorized.jsp 4 perms.unauthorizedUrl=/unauthorized.jsp 5 [users] 6 admin=123,admin 7 jack=1234,teacher 8 marry=234 9 json=345 10 [roles] 11 admin=user:* 12 teacher=student:* 13 [urls] 14 /login=anon 15 /admin=authc 16 /student=roles[teacher] 17 /teacher=perms["user:create"] 18 /student_test=roles["student:create"]
[urls]
anon拦截器表示匿名访问(即不需要登录即可访问);
authc拦截器表示需要身份认证通过后才能访问;
roles[admin]拦截器表示需要有admin角色授权才能访问;
perms["user:create"]拦截器表示需要有“user:create”权限才能访问。
web.xml
1 <listener> 2 <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> 3 </listener> 4 5 <filter> 6 <filter-name>ShiroFilter</filter-name> 7 <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> 8 <init-param> 9 <param-name>configPath</param-name> 10 <param-value>/WEB-INF/shiro.ini</param-value> 11 </init-param> 12 </filter> 13 14 <filter-mapping> 15 <filter-name>ShiroFilter</filter-name> 16 <url-pattern>/*</url-pattern> 17 </filter-mapping>
