web项目整合Shiro框架
1、修改pom.xml文件
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency>
2、在web中使用shiro时必须配置监听器,web.xml
参考地址:http://shiro.apache.org/webapp-tutorial.html
<listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener>
3、在整个web开发中,用户的登录检测一定要有过滤器
<filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> <!-- 指定配置文件的路径 --> <init-param> <param-name>configpath</param-name> <param-value>classpath:shiro.ini</param-value> </init-param> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
此时web程序就与shiro集成好了
4、创建shiro.ini文件
[main]
#如果现在认证失败,应该跳转到loginUrl配置的路径
authc.loginUrl=/login.jsp
#需要配置上当角色认证失败后的跳转页面
roles.unauthorizedUrl=/role.jsp
#需要配置上当权限认证失败后的跳转页面
perms.unauthorizedUrl=/role.jsp
#定义本次要基于JDBC实现的Realm的认证的配置类
jdbcRealm=com.wyl.realm.MyRealm
#配置安全管理器所使用的Realm
securityManager.realms=$jdbcRealm
#配置所有需要进行路径检测的页面
[urls]
#登录的页面不需要检测
/shiroLogin=anon
#指定的页面需要检测,需要先进行身份认证,然后进行角色处理
#此时角色的关系是或的关系
/pages/welcom.jsp=authc,roles[member],roles[dept]
#登录之后对指定的权限处理
/pages/welcom.jsp=authc,perms[member:add],perms[dept:add]
5、创建MyRealm类,完成用户验证
package com.wyl.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.wyl.entity.Member; import com.wyl.service.MemberLoginService; /** * 自定义用户认证 * @author wyl */ public class MyRealm extends AuthorizingRealm{ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("1、**************用户登录验证:doGetAuthenticationInfo***************"); // 1、登录认证的方法需要先执行,用来判断登录的用户信息是否合法 String username = (String) token.getPrincipal();//取得用户名 MemberLoginService service = new MemberLoginService(); //通过用户名获得用户的完整信息 Member vo = service.get(username);//取得用户信息 service.close(); if(vo == null){ throw new UnknownAccountException("该用户名不存在!!!"); }else{ //进行密码验证处理 String password = new String((char[]) token.getCredentials());//取得登录密码 //将数据库密码与登录密码比较 if(!password.equals(vo.getPassword())){ throw new AuthenticationException("密码错误!!!"); }else{ AuthenticationInfo auth = new SimpleAuthenticationInfo(username, password, "memberRealm"); return auth; } } } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub System.out.println("2、**************用户角色与权限:doGetAuthorizationInfo***************"); // 1、登录认证的方法需要先执行,用来判断登录的用户信息是否合法 String username = (String) principals.getPrimaryPrincipal();//取得用户名 SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();//定义授权信息的返回数据 MemberLoginService service = new MemberLoginService(); auth.setRoles(service.listRolesByMember(username)); //设置角色信息 auth.setStringPermissions(service.listJurisdictionsByMember(username)); //设置权限信息 service.close(); return auth; } }
6、创建LoginServlet类
package com.wyl.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; @WebServlet("/shiroLogin") public class LoginServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub String mid = req.getParameter("mid"); String password = req.getParameter("password"); //获取进行用户名和密码验证的接口对象 Subject subject = SecurityUtils.getSubject(); //实现身份认证信息保存 UsernamePasswordToken token = new UsernamePasswordToken(mid,password); subject.login(token); req.setAttribute("mid", mid); req.getRequestDispatcher("/pages/welcom.jsp").forward(req, resp);; } @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub this.doPost(req, resp); } }
7、在根目录下创建login.jsp文件
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://" +request.getServerName()+":" +request.getServerPort()+path+"/"; %> <html> <head> <base href="<%=basePath%>"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>shiro登录</title> </head> <body> <form action="shiroLogin" method="post"> 用户名:<input type="text" name="mid" id="mid"> 密码:<input type="password" name="password" id="password"> <input type="submit" value="登录"> <input type="reset" value="重置"> </form> </body> </html>
8、创建/pages/welcom.jsp文件
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Insert title here</title>
</head>
<body>
<h1>welcom</h1>
</body>
</html>
9、结果显示