[本系列文章是博主的学习笔记,而非经典教程,特此说明]
前面的几篇文章我们都是通过单元用例的方式来介绍shiro中基础核心的概念,接下来,我们来介绍在web开发中如何集成shiro。惯例,我们需要读者准备基础开发环境:
a.操作系统:win7 x64
b.开发工具:myeclipse 2014,jdk1.7,maven3.3.3,jsp基础,
------------------------------------------------------------------------------------------------------------------------------------------------
正文开始:1.创建shiro05工程,工程结构如下:
2.我们接着来引入本例中所需要的jar包,pom文件的内容如下:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.java.shiro</groupId> <artifactId>shiro05</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>shiro05 Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.1</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.4</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.4</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.13</version> </dependency> </dependencies> <build> <finalName>shiro05</finalName> </build> </project>写入上面的依赖,保存,maven会帮助我们自动的下载相关的包。下载号之后,我们在工程的maven dependencies下就可以看到如下内容,如果有遗漏,请读者认真检查。
3.创建shiro.ini配置文件,位置在WEB-INF下,请注意,一定按照如下的格式书写:
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp [users] shiro05=1234,admin shiro051=1234,teacher shiro052=1234 [roles] admin=user:* teacher=student:* [urls] /login=anon /admin=authc /student=roles[teacher] /teacher=perms["user:create"]现在,我们先逐一解释上面配置项的作用:
authc.loginUrl:身份认证没有通过时,跳转的路径
roles.unauthorizedUrl:角色认证没有通过时,跳转的路径
perms.unauthorizedUrl:权限认证没有通过时,跳转的路径
[urls]
/login=anon:访问login路径时,不需要任何权限,即游客身份
/admin=authc:访问admin路径时,需要身份认证
/student=roles[teacher]:访问student路径时,需要teacher角色才能访问
/teacher=perms["user:create"]:访问teacher路径时,需要user:create权限才能访问
shiro中提供的所有配置项如下,读者可以按照自身需求参考官方文档配置:
4.配置web.xml,具体内容如下:[这部分的基础知识请读者自行查阅]
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>ss</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>iniShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> <init-param> <param-name>shiroConfigLocations</param-name> <param-value>/WEB-INF/shiro.ini</param-value> </init-param> </filter> <filter-mapping> <filter-name>iniShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>loginServlet</servlet-name> <servlet-class>shiro05.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginServlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>adminServlet</servlet-name> <servlet-class>shiro05.AdminServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>adminServlet</servlet-name> <url-pattern>/admin</url-pattern> </servlet-mapping> </web-app>
package shiro05; import java.io.IOException; /** *@author 作者 E-mail: *@version 创建时间:2016年2月11日下午4:24:21 *类说明 */ public class LoginServlet extends HttpServlet{ /** * */ private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("login doget"); req.getRequestDispatcher("login.jsp").forward(req, resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("login dopost"); String username= req.getParameter("username"); String password=req.getParameter("password"); Subject sub = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(username,password); try { sub.login(token); resp.sendRedirect("success.jsp"); } catch (AuthenticationException e) { // TODO Auto-generated catch block e.printStackTrace(); req.setAttribute("errorInfo","用户名密码错误"); req.getRequestDispatcher("login.jsp").forward(req, resp); } } }6.创建login.jsp,具体内容如下:
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'login.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> <form action="login" method="post"> username:<input type="text" name="username"/><br> password:<input type="password" name="password"/><br> <input type="submit" value="login"/> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> 欢迎您 </body> </html>
package shiro05; import java.io.IOException; /** *@author 作者 E-mail: *@version 创建时间:2016年2月11日下午4:24:21 *类说明 */ public class AdminServlet extends HttpServlet{ /** * */ private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("admin doget"); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("admin dopost"); } }
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> 认证未通过,或者,权限不足 </body> </html>
a.启动服务器,尝试访问已经配置好的路径,如/login,/admin。此时,浏览器都将跳转到login.jsp页面
b.在login.jsp页面上输入已经预置好的用户名,密码。如:shiro05=1234,admin。接着,直接修改浏览地址栏后缀为admin。请查看浏览器跳转结果,及控制台结果输出。接着,直接修改浏览地址栏后缀为student。请查看浏览器跳转结果,及控制台结果输出。最后,直接修改浏览地址栏后缀为teacher。再查看浏览器跳转结果,及控制台结果输出。
c.再在login.jsp页面上分别输入已经预置好的其他两个用户名,密码。按照b步骤的流程在尝试一遍,查看每一个步骤的结果有何区别。
d.将上面的结果与配置文件设置的内容进行对参照对比,便非常容易理解用户,角色,权限在web中的使用方法。
-------------------------------------------------------------------------------------------------------------------------------------------------
至此,shiro入门实战笔记(7)--Web集成结束
参考资料:
官方文档:http://shiro.apache.org/documentation.html
其他博文:http://jinnianshilongnian.iteye.com/blog/2018936