shiro筆記

shiro入門demo

創建ini配置文件

 1 [main]
 2 jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
 3 dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
 4 dataSource.driverClass=com.mysql.jdbc.Driver
 5 dataSource.jdbcUrl=jdbc:mysql://localhost:3306/shiro
 6 
 7 dataSource.user=root
 8 
 9 #dataSource.password=
10 
11 jdbcRealm.dataSource=$dataSource
12 
13 securityManager.realms=$jdbcRealm

一開始，我按照教程的方法，配置的方法是

1 dataSource=com.mchange.v2.c3p0.ComboPooledDataSource
2 dataSource.driverClassName=com.mysql.jdbc.Driver
3 dataSource.url=jdbc:mysql://localhost:3306/shiro
4 dataSource.username=root
5 #dataSource.password=

可是控制檯一直報錯

Line argument must contain a key anda value. Only one string token was found.
糾結了半天，後來下午的時候查了資料發現c3p0的配置寫法好像不太同樣，修改了之後就跑通了。

具體緣由還不是很清楚。mark。

測試代碼

 1 public static void main(String[] args) {
 2         Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:jdbc.ini");
 3         SecurityManager securityManager = factory.getInstance();
 4         SecurityUtils.setSecurityManager(securityManager);
 5         Subject currentUser = SecurityUtils.getSubject();
 6         UsernamePasswordToken token = new UsernamePasswordToken("admin","123");
 7         try{
 8             currentUser.login(token);
 9             System.out.println("身份認證成功");
10         }catch(AuthenticationException e){
11             e.printStackTrace();
12             System.out.println("身份認證失敗");
13         }
14     }

另外，數據庫裏的表 表名必須爲users ，字段必須爲userName，password，否則會報錯。

測試經過的話。

log4j:WARN No appenders could be found for logger (com.mchange.v2.log.MLog).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
2015-11-19 15:46:34 org.apache.shiro.realm.AuthorizingRealm getAuthorizationCacheLazy
信息: No cache or cacheManager properties have been set.  Authorization cache cannot be obtained.
2015-11-19 15:46:34 org.apache.shiro.config.IniSecurityManagerFactory isAutoApplyRealms
信息: Realms have been explicitly set on the SecurityManager instance - auto-setting of realms will not occur.
2015-11-19 15:46:35 org.apache.shiro.session.mgt.AbstractValidatingSessionManager enableSessionValidation
信息: Enabling session validation scheduler...
身份認證成功

不經過的話會報錯。

 

結合web

配置文件

 1 [main]
 2 authc.loginUrl=/login
 3 roles.unauthorizedUrl=/unauthorized.jsp
 4 perms.unauthorizedUrl=/unauthorized.jsp
 5 [users]
 6 admin=123,admin
 7 jack=1234,teacher
 8 marry=234
 9 json=345
10 [roles]
11 admin=user:*
12 teacher=student:*
13 [urls]
14 /login=anon
15 /admin=authc
16 /student=roles[teacher]
17 /teacher=perms["user:create"]
18 /student_test=roles["student:create"]

[urls]
anon攔截器表示匿名訪問（即不須要登陸便可訪問）；
authc攔截器表示須要身份認證經過後才能訪問；
roles[admin]攔截器表示須要有admin角色受權才能訪問；
perms["user:create"]攔截器表示須要有「user:create」權限才能訪問。

web.xml

 1 <listener>
 2       <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
 3   </listener>
 4   
 5   <filter>
 6       <filter-name>ShiroFilter</filter-name>
 7       <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
 8         <init-param>
 9                 <param-name>configPath</param-name>
10                 <param-value>/WEB-INF/shiro.ini</param-value>
11         </init-param>
12   </filter>
13   
14   <filter-mapping>
15       <filter-name>ShiroFilter</filter-name>
16       <url-pattern>/*</url-pattern>
17   </filter-mapping>