标签:返回 filter 管理器 inf mapping 实现 manage img ***
1、修改pom.xml文件
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
2、在web中使用shiro时必须配置监听器,web.xml
参考地址:http://shiro.apache.org/webapp-tutorial.html
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
3、在整个web开发中,用户的登录检测一定要有过滤器
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
<!-- 指定配置文件的路径 -->
<init-param>
<param-name>configpath</param-name>
<param-value>classpath:shiro.ini</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
此时web程序就与shiro集成好了
4、创建shiro.ini文件
[main]
#定义本次要基于JDBC实现的Realm的认证的配置类 jdbcRealm=com.wyl.realm.MyRealm #配置安全管理器所使用的Realm securityManager.realms=$jdbcRealm
5、创建MyRealm类,完成用户验证
package com.wyl.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.wyl.entity.Member; import com.wyl.service.MemberLoginService; /** * 自定义用户认证 * @author wyl */ public class MyRealm extends AuthorizingRealm{ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("1、**************用户登录验证:doGetAuthenticationInfo***************"); // 1、登录认证的方法需要先执行,用来判断登录的用户信息是否合法 String username = (String) token.getPrincipal();//取得用户名 MemberLoginService service = new MemberLoginService(); //通过用户名获得用户的完整信息 Member vo = service.get(username);//取得用户信息 service.close(); if(vo == null){ throw new UnknownAccountException("该用户名不存在!!!"); }else{ //进行密码验证处理 String password = new String((char[]) token.getCredentials());//取得登录密码 //将数据库密码与登录密码比较 if(!password.equals(vo.getPassword())){ throw new AuthenticationException("密码错误!!!"); }else{ AuthenticationInfo auth = new SimpleAuthenticationInfo(username, password, "memberRealm"); return auth; } } } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub System.out.println("2、**************用户角色与权限:doGetAuthorizationInfo***************"); // 1、登录认证的方法需要先执行,用来判断登录的用户信息是否合法 String username = (String) principals.getPrimaryPrincipal();//取得用户名 SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();//定义授权信息的返回数据 MemberLoginService service = new MemberLoginService(); auth.setRoles(service.listRolesByMember(username)); //设置角色信息 auth.setStringPermissions(service.listJurisdictionsByMember(username)); //设置权限信息 service.close(); return auth; } }
6、创建LoginServlet类
package com.wyl.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; @WebServlet("/shiroLogin") public class LoginServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub String mid = req.getParameter("mid"); String password = req.getParameter("password"); //获取进行用户名和密码验证的接口对象 Subject subject = SecurityUtils.getSubject(); //实现身份认证信息保存 UsernamePasswordToken token = new UsernamePasswordToken(mid,password); subject.login(token); req.setAttribute("mid", mid); req.getRequestDispatcher("/pages/welcom.jsp").forward(req, resp);; } @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub this.doPost(req, resp); } }
7、在根目录下创建login.jsp文件
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://" +request.getServerName()+":" +request.getServerPort()+path+"/"; %> <html> <head> <base href="<%=basePath%>"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>shiro登录</title> </head> <body> <form action="shiroLogin" method="post"> 用户名:<input type="text" name="mid" id="mid"> 密码:<input type="password" name="password" id="password"> <input type="submit" value="登录"> <input type="reset" value="重置"> </form> </body> </html>
8、创建/pages/welcom.jsp文件
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Insert title here</title>
</head>
<body>
<h1>welcom</h1>
</body>
</html>
9、结果显示
标签:返回 filter 管理器 inf mapping 实现 manage img ***
原文地址:http://www.cnblogs.com/studyDetail/p/7345274.html
