1 前言 :?

shiro代碼參考java1234網站《一頭扎進shiro》視頻敲出來的，原理這些請參視頻 ,

點擊?下載源碼

2 項目結構

3 代碼

AdminServlet.java

/*** */ package com.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;/*** @author Administrator**/ public class AdminServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("admin doGet");req.getRequestDispatcher("/jsp/admin.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
LoginServlet.java

/*** */ package com.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject;/*** @author Administrator**/ public class LoginServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("loginServlet doGet");String username = req.getParameter("username");String password = req.getParameter("password");Subject subject = SecurityUtils.getSubject();UsernamePasswordToken token = new UsernamePasswordToken(username,password);try{subject.login(token);}catch(Exception e){e.printStackTrace();System.out.println("here test");req.setAttribute("messageTips", "登錄失敗");req.getRequestDispatcher("/jsp/login.jsp").forward(req, resp);}req.getRequestDispatcher("index.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
StudentServlet.java

/*** */ package com.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject;/*** @author Administrator**/ public class StudentServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("student servlet");req.getRequestDispatcher("index.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
?TeacherServlet.java

/*** */ package com.shiro.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject;/*** @author Administrator**/ public class TeacherServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {System.out.println("teacher servlet");req.getRequestDispatcher("index.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {}}
ShiroUtil.java

package com.shiro.util;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; import org.apache.shiro.mgt.SecurityManager;public class ShiroUtil {public static Subject login(String configFile,String username,String password){// 讀取配置文件,初始化SecurityManager工廠Factory<SecurityManager> factory = new IniSecurityManagerFactory(configFile);// 獲取securityManager實例SecurityManager securityManager = factory.getInstance();// 把securityManager綁定到SecurityUtils中SecurityUtils.setSecurityManager(securityManager);// 得到當前執行的用戶Subject currentUser = SecurityUtils.getSubject();// 創建token令牌,用戶名/密碼UsernamePasswordToken token = new UsernamePasswordToken(username,password);// 身份驗證try{currentUser.login(token);System.out.println("身份驗證成功");}catch(Exception e){e.printStackTrace();System.out.println("身份驗證失敗");}return currentUser;} }
admin.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title>My JSP 'login.jsp' starting page</title></head><body>welcome to admin page </body> </html>
login.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title>My JSP 'login.jsp' starting page</title></head><body>${requestScope.messageTips }<form action="login" method="get">username : <input type="text" name="username"/><br/>password : <input type="text" name="password"/><br/><input type="submit" value="登錄"/></form></body> </html>
unauthorized.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><title>My JSP 'unauthorized.jsp' starting page</title></head><body>role not pass</body> </html> shiro.ini

[main] authc.loginUrl=/login roles.unauthorizedUrl=/jsp/unauthorized.jsp ;roles.unauthorizedUrl角色不足跳轉的頁面 perms.unauthorizedUrl=/jsp/unauthorized.jsp ;perms.unauthorizedUrl權限不足跳轉的頁面 [users] java1234=123456,admin jack=123,teacher [roles] admin=user:* teacher=student:* [urls] /login=anon ;anon為游客身份登錄 /admin*=authc ;authc為form需要身份認證 /student=roles[teacher] ;請求student需要teacher角色 /teacher=perms[student:*] ;請求teacher需要student:*權限
web.xml

<?xml version="1.0" encoding="utf-8"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"><welcome-file-list><welcome-file>/jsp/login.jsp</welcome-file></welcome-file-list><!-- 添加shiro相關配置 開始 --><listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class><init-param><param-name>configPath</param-name><param-value>/WEB-INF/shiro.ini</param-value></init-param> </filter><filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- 添加shiro相關配置 結束 --><!-- servlet配置 開始 --><servlet><servlet-name>loginServlet</servlet-name><servlet-class>com.shiro.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>loginServlet</servlet-name><url-pattern>/login</url-pattern></servlet-mapping><servlet><servlet-name>adminServlet</servlet-name><servlet-class>com.shiro.servlet.AdminServlet</servlet-class></servlet><servlet-mapping><servlet-name>adminServlet</servlet-name><url-pattern>/admin</url-pattern></servlet-mapping><servlet><servlet-name>studentServlet</servlet-name><servlet-class>com.shiro.servlet.StudentServlet</servlet-class></servlet><servlet-mapping><servlet-name>studentServlet</servlet-name><url-pattern>/student</url-pattern></servlet-mapping><servlet><servlet-name>teacherServlet</servlet-name><servlet-class>com.shiro.servlet.TeacherServlet</servlet-class></servlet><servlet-mapping><servlet-name>teacherServlet</servlet-name><url-pattern>/teacher</url-pattern></servlet-mapping><!-- servlet配置 結束 --> </web-app>

index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!-- 添加shiro標簽 --> <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head></head><body>index.jsp </br><!-- 假設有admin角色 --><shiro:hasRole name="admin">you have admin role</shiro:hasRole><!-- 假設有student:* 權限 --><shiro:hasPermission name="student:*">you have student:* permisson</shiro:hasPermission></body> </html>
pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>shiro.leanring</groupId><artifactId>shiro</artifactId><version>0.0.1-SNAPSHOT</version><packaging>jar</packaging><properties><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding></properties><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version><scope>test</scope></dependency><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.1</version></dependency><dependency><groupId>jstl</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加 shiro需要一些包 開始 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.12</version></dependency> <!-- 添加 shiro需要一些包 結束 --><!-- 添加servlet,jstl,jsp支持 開始 --><!-- 添加servlet,jstl,jsp支持 結束 --></dependencies> </project>
4 結果

啟動tomcat ，輸入用戶和密碼(java1234和123456) ,入下圖所示

顯示結果,有admin角色（采用shiro標簽進行控制）

除此之外,參考shiro.ini配置，可以測試

1 角色不足跳轉到?/jsp/unauthorized.jsp

2?權限不足跳轉的頁面?/jsp/unauthorized.jsp

3 訪問?http://localhost:8080/shiro04_web/login ，游客可以訪問

4??訪問?http://localhost:8080/shiro04_web//admin, 需要有該角色權限的認證

創作挑戰賽新人創作獎勵來咯，堅持創作打卡瓜分現金大獎

總結

以上是生活随笔為你收集整理的(五) shiro web应用的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。