从实例入手学习Shiro与Web的整合
生活随笔
收集整理的這篇文章主要介紹了
从实例入手学习Shiro与Web的整合
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
場景
Shiro官網關于Web整合文檔:
http://shiro.apache.org/web.html#Web-configuration
W3Cschool Shiro Web集成:
https://www.w3cschool.cn/shiro/c52r1iff.html
實現
項目搭建
1.打開Ecllipse-新建Maven項目--選擇Webapp
2.輸入項目信息
3.項目建成后默認是1.5,是沒有src/main/java目錄的。
4.右鍵項目-Properties--Java Build Path Libraties--將原來的remove掉。
5.然后再點擊Add Library ..-JRE System Library
6.選擇自己默認的,這里是1.8
7.修改完之后。
8.建成之后項目沒有META-INF目錄,這里新建一個Dynamic Web Project 將META-INF復制過來,
并且web.xml的結構也不是我們想要的,將其也復制過來。
9.復制過來可以將原來新建的刪掉,將復制過來的web.xml中的display-name進行修改。
10.打開pom.xml添加依賴
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.badao.shiro</groupId><artifactId>ShiroWeb</artifactId><packaging>war</packaging><version>0.0.1-SNAPSHOT</version><name>ShiroWeb Maven Webapp</name><url>http://maven.apache.org</url><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>3.8.1</version><scope>test</scope></dependency><!-- 添加servlet支持 --><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.1</version></dependency><!-- 添加jstl支持 --><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!-- 添加日志支持 --><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency><dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency><!-- 添加shiro支持 --><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-core</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.apache.shiro</groupId><artifactId>shiro-web</artifactId><version>1.2.4</version></dependency><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.12</version></dependency></dependencies><build><finalName>ShiroWeb</finalName></build> </project>11.修改Index.jsp,添加Hello Shiro,然后部署運行項目。
配置項目
1.打開web.xml
<listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><!-- 添加shiro支持 --><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class><init-param><param-name>configPath</param-name><param-value>/WEB-INF/shiro.ini</param-value></init-param></filter><!-- 過濾所有請求 --><filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>注:
通過 configPath 指定 ini 配置文件位置,默認是先從 /WEB-INF/shiro.ini 加載,如果沒有就默認加載 classpath:shiro.ini,即默認相對于 web 應用上下文根路徑;
2.在WEB-INF下新建shiro.ini配置文件。
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp[users] badao=123,admin liumang=123,teacher qizhi=123[roles] admin=user:* teacher=student:*[urls] /login=anon /admin=authc /student=roles[teacher] /teacher=perms["user:create"]然后配置用戶、角色、權限等。
注:
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp以上表示:
authc.loginUrl=/login? 驗證不通過時的跳轉url
roles.unauthorizedUrl=/unauthorized.jsp? 角色驗證不通過時的跳轉頁面
perms.unauthorizedUrl=/unauthorized.jsp? 權限驗證不通過時的跳轉頁面
[users] badao=123,admin liumang=123,teacher qizhi=123以上表示有三個用戶:
badao用戶密碼為123,擁有admin角色。
liumang用戶密碼為123,擁有teacher角色。
qizhi用戶密碼為123,沒有角色。
[roles] admin=user:* teacher=student:*以上表示admin角色擁有對uset的所有權限。
teacher角色擁有對student的所有權限。
[urls] /login=anon /admin=authc /student=roles[teacher] /teacher=perms["user:create"]以上表示:
訪問/login時不進行限制。具體參照官方API
?
訪問/admin時需要進行驗證,如果沒有,則通過請求重定向到loginurl配置(authc.loginUrl=/login)體參照官方API
/student=roles[teacher]表示擁有teacher角色的才能訪問/student url
/teacher=perms["user:create"]表示擁有對user有create權限的才能訪問/teacher的url
其他配置具體參照官方文檔。
編寫業務代碼
1.編寫登錄的servlet以及主頁的servlet并在web.xml中配置
新建LoginServlet
代碼:
package com.badao.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject;public class LoginServlet extends HttpServlet{/****/private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {// TODO Auto-generated method stubSystem.out.println("login doget");req.getRequestDispatcher("login.jsp").forward(req, resp);}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {System.out.println("login dopost");String userName=req.getParameter("userName");String password=req.getParameter("password");Subject subject=SecurityUtils.getSubject();UsernamePasswordToken token=new UsernamePasswordToken(userName, password);try{subject.login(token);?resp.sendRedirect("success.jsp");}catch(Exception e){e.printStackTrace();req.setAttribute("errorInfo", "用戶名或者密碼錯誤");req.getRequestDispatcher("login.jsp").forward(req, resp);}}}打開web.xml,添加:
<servlet><servlet-name>loginServlet</servlet-name><servlet-class>com.badao.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>loginServlet</servlet-name><url-pattern>/login</url-pattern></servlet-mapping>?
2.新建login.jsp,body中添加:
<form action="login" method="post">userName:<input type="text" name="userName"/><br/>password:<input type="password" name="password"/><br/><input type="submit" value="登錄"/> </form>3.新建success.jsp,body中添加:
登錄成功,歡迎你!
4.新建unauthorized.jsp,body中添加:
認證未通過,或者權限不足
5.新建AdminServlet用于權限驗證測試。
package com.badao.servlet;import java.io.IOException;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;public class AdminServlet extends HttpServlet{private static final long serialVersionUID = 1L;@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {System.out.println("admin do get");}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {System.out.println("admin do post");}}6.打開web.xml,添加:
<servlet><servlet-name>adminServlet</servlet-name><servlet-class>com.badao.servlet.AdminServlet</servlet-class></servlet><servlet-mapping><servlet-name>adminServlet</servlet-name><url-pattern>/admin</url-pattern></servlet-mapping>?
完整web.xml代碼
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"><display-name>ShiroWeb</display-name><welcome-file-list><welcome-file>index.html</welcome-file><welcome-file>index.htm</welcome-file><welcome-file>index.jsp</welcome-file><welcome-file>default.html</welcome-file><welcome-file>default.htm</welcome-file><welcome-file>default.jsp</welcome-file></welcome-file-list><listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><!-- 添加shiro支持 --><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class><init-param><param-name>configPath</param-name><param-value>/WEB-INF/shiro.ini</param-value></init-param></filter><!-- 過濾所有請求 --><filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><servlet><servlet-name>loginServlet</servlet-name><servlet-class>com.badao.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>loginServlet</servlet-name><url-pattern>/login</url-pattern></servlet-mapping><servlet><servlet-name>adminServlet</servlet-name><servlet-class>com.badao.servlet.AdminServlet</servlet-class></servlet><servlet-mapping><servlet-name>adminServlet</servlet-name><url-pattern>/admin</url-pattern></servlet-mapping></web-app>項目結構目錄
運行效果
不登錄直接訪問admin
登錄成功
登錄后訪問admin
使用admin角色的badao用戶訪問/student
使用teacher角色的liumang用戶訪問/teacher
項目源碼
https://download.csdn.net/download/badao_liumang_qizhi/11173797
總結
以上是生活随笔為你收集整理的从实例入手学习Shiro与Web的整合的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Shiro中进行角色与权限认证流程
- 下一篇: Shiro集成Web时的url匹配规则