（九）shiro之web集成

• Url 匹配方式
  ? 匹配一个字符 /admin? 可以匹配/admin1 或者/admin2 但是不能匹配/admin12 或者/admin
  * 匹配零个或者一个或者多个字符 /admin* 可以匹配 /admin 或者/admin1 或者 /admin12 但是不能匹配/admin/abc
  ** 匹配零个或者多个路径 /admin/** 可以匹配/admin /admin/a 或者/admin/a/b

 

• pom.xml依赖

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.shyroke</groupId>
    <artifactId>shiro_web</artifactId>
    <packaging>war</packaging>
    <version>0.0.1-SNAPSHOT</version>
    <name>shiro_web Maven Webapp</name>
    <url>http://maven.apache.org</url>
    <dependencies>

        <dependency>
            <groupId>javax.servlet.jsp.jstl</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>

        <dependency>
            <groupId>javax.servlet.jsp</groupId>
            <artifactId>javax.servlet.jsp-api</artifactId>
            <version>2.3.1</version>
            <scope>provided</scope>
        </dependency>

        <dependency>
            <groupId>org.apache.tomcat</groupId>
            <artifactId>servlet-api</artifactId>
            <version>6.0.53</version>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0</version>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0</version>
        </dependency>

        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
            <version>1.7.25</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>

        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.17</version>
        </dependency>


    </dependencies>
    <build>
        <finalName>shiro_web</finalName>

        <plugins>
            <plugin>
                <groupId>org.mortbay.jetty</groupId>  
                <artifactId>jetty-maven-plugin</artifactId>  
                <version>8.1.15.v20140411</version> 
                <configuration>
                    <webAppSourceDirectory>src/main/webapp</webAppSourceDirectory>
                    <scanIntervalSeconds>5</scanIntervalSeconds>
                     <reload>manual</reload>  
                    <connectors>
                        <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector">
                            <port>3032</port>
                        </connector>
                    </connectors>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

 

• shiro.ini

[main]
authc.loginUrl= /login
roles.unauthorizedUrl= /unauthorized.jsp
perms.unauthorizedUrl= /unauthorized.jsp

[users]
admin=123,role1
user1=456

[roles]
role1=admin:*

#如果加入了shiro-web支持，则需要配置urls，否则报错：Caused by: org.apache.shiro.env.RequiredTypeException: Object named 'filterChainResolver' is not of required type [org.apache.shiro.web.filter.mgt.FilterChainResolver].
[urls]
/index.jsp = authc
/ = authc
/admin.jsp = authc,roles[role1]
/login = anon
/logout = logout

1. #如果加入了shiro-web支持，则需要配置urls，否则报错：Caused by: org.apache.shiro.env.RequiredTypeException:

Object named 'filterChainResolver' is not of required type [org.apache.shiro.web.filter.mgt.FilterChainResolver].

 

• web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>t</display-name>
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
    </welcome-file-list>

    <listener>
        <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
    </listener>

    <context-param>
        <param-name>shiroConfigLocations</param-name>
        <param-value>classpath:shiro.ini</param-value>
    </context-param>

    <filter>
        <filter-name>ShiroFilter</filter-name>
        <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>ShiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    <servlet>
        <servlet-name>loginServlet</servlet-name>
        <servlet-class>com.shyroke.servlet.LoginServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>loginServlet</servlet-name>
        <url-pattern>/login</url-pattern>
    </servlet-mapping>
</web-app>

 

• login.jsp

<body>
    <form action="<%=path%>/login" method="post">
        userName:<input type="text" name="username" /><br /> passWord:<input
            type="password" name="password" /><br /> <input type="submit"
            value="登录">
    </form>
</body>

 

• LoginServlet.java：【url-pattern：/login】

package com.shyroke.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

public class LoginServlet extends HttpServlet {

    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        /**
         * 如果用户没有登录就即没有在index.jsp页面登录就会跳转到这个方法
         */
        request.getRequestDispatcher("/login.jsp").forward(request, response);

    }

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        request.setCharacterEncoding("UTF-8");

        String userName = request.getParameter("username");
        String passWord = request.getParameter("password");

        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);

        try {
            subject.login(token);
            System.out.println("登录成功");
            request.getRequestDispatcher("/index.jsp").forward(request, response);
        } catch (UnknownAccountException e) {
            System.out.println("用户名错误");
            response.sendRedirect("/login.jsp");

        } catch (IncorrectCredentialsException e) {
            System.out.println("密码错误");
            response.sendRedirect("/login.jsp");
        }

    }

}

 

• index.jsp

<body>
        欢迎登陆
</body>

• admin.jsp

<body>
    admin.jsp
</body>

• unauthorized.jsp

<body>
    该用户没有权限访问
</body>

 

• 目录结构

 

 

 结果：

 

 

---

• 上例是身份和角色认证、权限认证参考第一章的demo