Shiro 小筆記

`
shiro.ini

[main]
# 沒有登入的用戶 跳轉到 /login url
authc.loginUrl=/login
# 不是這個角色 或者權限所調整的頁面
roles.unauthorizedUrl=page/err.jsp
perms.unauthorizedUrl=page/err.jsp
[users]
admin=123,admin,user
guan=123,user
tome=333,student
jocke=321,teacher
test=123
test1=123
[roles]

# admin 角色擁有 user ， student ， teacher 的操做權限
admin=user:*,student:*,teacher:*
# teacher 角色擁有student，teacher的角色全部操做權限
teacher=student:*，teacher：*
# student 角色擁有student 的全部操做權限
student:student:*
[urls]
#login 這個url 不須要身份認證
/login=anon
# 訪問admin url 須要身份認證
/admin=authc
# ?匹配一個字符 /admin1  /adminx
/admin?=autch
# *匹配多個或者零個字符 lg : /admin1  /admin1as
/admin*
# /** 匹配多路徑的url  lg : /admin/a   /admin/a/b
/admin/**
# 訪問 student url 須要 teacher 這個角色才行
/student=roles[teacher]
# 訪問teacher url 須要有 user 的create 這個權限才行
/teacher=perms["user:create"]

jsp

<strong>
  登入成功~~
  ${username}
   <!-- 查看是否擁有該角色 -->
    <shiro:hasAnyRoles name="admin">
        歡迎 你 admin  管理者 <shiro:principal/>
    </shiro:hasAnyRoles>
    <br>
    <!-- 查看是否擁有該權限 -->
    <shiro:hasPermission name="student:select">
        擁有 student:select 查詢權限的 用戶 <shiro:principal/>
    </shiro:hasPermission>
    <br>
    ${info}
</strong>

servlet

package core.java.controller.servlet;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


public class LoginServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //doPost(req,resp);
        System.out.println("doing do get");
        req.getRequestDispatcher("page/login.jsp").forward(req,resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
      //  super.doPost(req, resp);
        System.out.println("doing do post ~~~");
        String username = req.getParameter("userName");
        String password = req.getParameter("password");
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
        Subject user = SecurityUtils.getSubject();
        try{
           user.login(token);
            // 登入後能夠得到到session
            Session session = user.getSession();
            System.out.println("Host:"+session.getHost());
            System.out.println("sessionId:"+session.getId());
            System.out.println("Timeout:"+session.getTimeout());
            System.out.println("AttributeKeys:"+session.getAttributeKeys());
            System.out.println("StartTimestamp:"+session.getStartTimestamp());

            // 設置session 參數
            session.setAttribute("info","session 專屬參數");
            req.setAttribute("username",username);
         //   resp.sendRedirect("page/success.jsp");
            req.getRequestDispatcher("page/success.jsp").forward(req,resp);

        }catch (Exception e){
            e.printStackTrace();
            req.getRequestDispatcher("page/login.jsp").forward(req,resp);
        }
    }
}

`