web項目整合Shiro框架

時間  2019-12-10
標籤 web 項目 整合 shiro 框架 欄目 HTML 简体版
原文   原文鏈接

一、修改pom.xml文件html

  <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-core</artifactId>
      <version>1.3.2</version>
    </dependency>
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-web</artifactId>
      <version>1.3.2</version>
    </dependency>

二、在web中使用shiro時必須配置監聽器,web.xml
java

  參考地址:http://shiro.apache.org/webapp-tutorial.htmlweb

  <listener>
        <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
    </listener>

三、在整個web開發中,用戶的登陸檢測必定要有過濾器數據庫

  <filter>
        <filter-name>ShiroFilter</filter-name>
        <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
        <!-- 指定配置文件的路徑 -->
        <init-param>
            <param-name>configpath</param-name>
            <param-value>classpath:shiro.ini</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>ShiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>

  此時web程序就與shiro集成好了
apache

四、建立shiro.ini文件安全

[main]
#若是如今認證失敗,應該跳轉到loginUrl配置的路徑
authc.loginUrl=/login.jsp

#須要配置上當角色認證失敗後的跳轉頁面
roles.unauthorizedUrl=/role.jsp

#須要配置上當權限認證失敗後的跳轉頁面
perms.unauthorizedUrl=/role.jsp

#定義本次要基於JDBC實現的Realm的認證的配置類
jdbcRealm=com.wyl.realm.MyRealm

#配置安全管理器所使用的Realm
securityManager.realms=$jdbcRealm

#配置全部須要進行路徑檢測的頁面
[urls]
#登陸的頁面不須要檢測
/shiroLogin=anon

#指定的頁面須要檢測,須要先進行身份認證,而後進行角色處理
#此時角色的關係是或的關係
/pages/welcom.jsp=authc,roles[member],roles[dept]
#登陸以後對指定的權限處理
/pages/welcom.jsp=authc,perms[member:add],perms[dept:add]

五、建立MyRealm類,完成用戶驗證
app

package com.wyl.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.wyl.entity.Member;
import com.wyl.service.MemberLoginService;
/**
 * 自定義用戶認證
 * @author wyl
 */
public class MyRealm extends AuthorizingRealm{

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        
        System.out.println("一、**************用戶登陸驗證:doGetAuthenticationInfo***************");
        // 一、登陸認證的方法須要先執行,用來判斷登陸的用戶信息是否合法
        String username = (String) token.getPrincipal();//取得用戶名
        MemberLoginService service = new MemberLoginService();
        //經過用戶名得到用戶的完整信息
        Member vo = service.get(username);//取得用戶信息
        service.close();
        if(vo == null){
            throw new UnknownAccountException("該用戶名不存在!!!");
        }else{ //進行密碼驗證處理
            String password = new String((char[]) token.getCredentials());//取得登陸密碼
            //將數據庫密碼與登陸密碼比較
            if(!password.equals(vo.getPassword())){
                throw new AuthenticationException("密碼錯誤!!!");
            }else{
                AuthenticationInfo auth = new SimpleAuthenticationInfo(username, password, "memberRealm"); 
                return auth;
            }
        }
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        // TODO Auto-generated method stub
        System.out.println("二、**************用戶角色與權限:doGetAuthorizationInfo***************");
        // 一、登陸認證的方法須要先執行,用來判斷登陸的用戶信息是否合法
        String username = (String) principals.getPrimaryPrincipal();//取得用戶名
        SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();//定義受權信息的返回數據
        MemberLoginService service = new MemberLoginService();
        auth.setRoles(service.listRolesByMember(username)); //設置角色信息
        auth.setStringPermissions(service.listJurisdictionsByMember(username)); //設置權限信息
        service.close();
        return auth;
    }
}

六、建立LoginServlet類webapp

package com.wyl.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

@WebServlet("/shiroLogin")
public class LoginServlet extends HttpServlet {

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        // TODO Auto-generated method stub
        String mid = req.getParameter("mid");
        String password = req.getParameter("password");

        //獲取進行用戶名和密碼驗證的接口對象
        Subject subject = SecurityUtils.getSubject();
        //實現身份認證信息保存
        UsernamePasswordToken token = new UsernamePasswordToken(mid,password); 
        subject.login(token);
        req.setAttribute("mid", mid);
        req.getRequestDispatcher("/pages/welcom.jsp").forward(req, resp);;
    }
    
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        // TODO Auto-generated method stub
        this.doPost(req, resp);
    }
}

七、在根目錄下建立login.jsp文件jsp

<%@ page language="java" contentType="text/html; charset=utf-8"
    pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
    String path = request.getContextPath();
    String basePath = request.getScheme()+"://"
            +request.getServerName()+":"
            +request.getServerPort()+path+"/";
%>
<html>
<head>
<base href="<%=basePath%>">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>shiro登陸</title>
</head>
<body>
    <form action="shiroLogin" method="post">
    用戶名:<input type="text" name="mid" id="mid">
    密碼:<input type="password" name="password" id="password">
    <input type="submit" value="登陸">
    <input type="reset" value="重置">
    </form>
</body>
</html>

八、建立/pages/welcom.jsp文件ide

<%@ page language="java" contentType="text/html; charset=utf-8"
    pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Insert title here</title>
</head>
<body>
    <h1>welcom</h1>
</body>
</html>

九、結果顯示

 

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程