web項目整合Shiro框架
阿新 • • 發佈:2017-08-11
dtd con ron package ini 認證 utf ide -type
1、修改pom.xml文件
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency>
2、在web中使用shiro時必須配置監聽器,web.xml
參考地址:http://shiro.apache.org/webapp-tutorial.html
<listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener>
3、在整個web開發中,用戶的登錄檢測一定要有過濾器
<filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> <!-- 指定配置文件的路徑 --> <init-param> <param-name>configpath</param-name> <param-value>classpath:shiro.ini</param-value> </init-param> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
此時web程序就與shiro集成好了
4、創建shiro.ini文件
[main]
#定義本次要基於JDBC實現的Realm的認證的配置類 jdbcRealm=com.wyl.realm.MyRealm #配置安全管理器所使用的Realm securityManager.realms=$jdbcRealm
5、創建MyRealm類,完成用戶驗證
package com.wyl.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import com.wyl.entity.Member; import com.wyl.service.MemberLoginService; /** * 自定義用戶認證 * @author wyl */ public class MyRealm extends AuthorizingRealm{ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("1、**************用戶登錄驗證:doGetAuthenticationInfo***************"); // 1、登錄認證的方法需要先執行,用來判斷登錄的用戶信息是否合法 String username = (String) token.getPrincipal();//取得用戶名 MemberLoginService service = new MemberLoginService(); //通過用戶名獲得用戶的完整信息 Member vo = service.get(username);//取得用戶信息 service.close(); if(vo == null){ throw new UnknownAccountException("該用戶名不存在!!!"); }else{ //進行密碼驗證處理 String password = new String((char[]) token.getCredentials());//取得登錄密碼 //將數據庫密碼與登錄密碼比較 if(!password.equals(vo.getPassword())){ throw new AuthenticationException("密碼錯誤!!!"); }else{ AuthenticationInfo auth = new SimpleAuthenticationInfo(username, password, "memberRealm"); return auth; } } } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { // TODO Auto-generated method stub System.out.println("2、**************用戶角色與權限:doGetAuthorizationInfo***************"); // 1、登錄認證的方法需要先執行,用來判斷登錄的用戶信息是否合法 String username = (String) principals.getPrimaryPrincipal();//取得用戶名 SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo();//定義授權信息的返回數據 MemberLoginService service = new MemberLoginService(); auth.setRoles(service.listRolesByMember(username)); //設置角色信息 auth.setStringPermissions(service.listJurisdictionsByMember(username)); //設置權限信息 service.close(); return auth; } }
6、創建LoginServlet類
package com.wyl.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; @WebServlet("/shiroLogin") public class LoginServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub String mid = req.getParameter("mid"); String password = req.getParameter("password"); //獲取進行用戶名和密碼驗證的接口對象 Subject subject = SecurityUtils.getSubject(); //實現身份認證信息保存 UsernamePasswordToken token = new UsernamePasswordToken(mid,password); subject.login(token); req.setAttribute("mid", mid); req.getRequestDispatcher("/pages/welcom.jsp").forward(req, resp);; } @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub this.doPost(req, resp); } }
7、在根目錄下創建login.jsp文件
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://" +request.getServerName()+":" +request.getServerPort()+path+"/"; %> <html> <head> <base href="<%=basePath%>"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>shiro登錄</title> </head> <body> <form action="shiroLogin" method="post"> 用戶名:<input type="text" name="mid" id="mid"> 密碼:<input type="password" name="password" id="password"> <input type="submit" value="登錄"> <input type="reset" value="重置"> </form> </body> </html>
8、創建/pages/welcom.jsp文件
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Insert title here</title>
</head>
<body>
<h1>welcom</h1>
</body>
</html>
9、結果顯示
web項目整合Shiro框架