Web 集成 Shiro 的练习项目。
Servlet + Shiro
项目结构
- 新建Maven项目,pom配置如下
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.zhen.shiro</groupId> <artifactId>0322ShiroWeb</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>0322ShiroWeb Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <!-- 添加servlet支持 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <!-- servlet end --> <!-- jsp --> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.1</version> </dependency> <!-- jsp end --> <!-- 添加 jstl 支持 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <!-- 添加 log4j 日志支持 --> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.21</version> </dependency> <!-- commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <!-- 添加 shiro 支持 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <!-- 添加 shiro web 支持 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency> </dependencies> <build> <finalName>0322ShiroWeb</finalName> </build> </project> - 两个Servlet类
- LoginServlet 代码如下
package com.zhen.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; public class LoginServlet extends HttpServlet{ /** * */ private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub System.out.println("login doGet"); req.getRequestDispatcher("login.jsp").forward(req, resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("login doPost"); String userName = req.getParameter("userName"); String password = req.getParameter("password"); System.out.println("login:name="+userName+" password="+password); Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(userName, password); try { currentUser.login(token); resp.sendRedirect("success.jsp"); } catch (Exception e) { e.printStackTrace(); req.setAttribute("errorInfo", "用户名或者密码错误"); req.getRequestDispatcher("login.jsp").forward(req, resp); } } } - AdminServlet 代码如下
package com.zhen.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AdminServlet extends HttpServlet{ /** * */ private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("admin doGet"); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("admin doPost"); } }
- LoginServlet 代码如下
- 配置 web.xml 文件,如下
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>0322ShiroWeb</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <!-- 添加 shiro 支持 --> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> <!-- <init-param> <param-name>configPath</param-name> <param-value>/WEB-INF/shiro.ini</param-value> </init-param> --> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <!-- <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> --> </filter-mapping> <servlet> <servlet-name>LoginServlet</servlet-name> <servlet-class>com.zhen.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LoginServlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>adminServlet</servlet-name> <servlet-class>com.zhen.servlet.AdminServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>adminServlet</servlet-name> <url-pattern>/admin</url-pattern> </servlet-mapping> </web-app> - WEB-INF 下创建 shiro.ini文件,如下
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp [users] zhen=123,admin jack=jack,teacher marry=marry json=json [roles] admin=user:* teacher=student:* [urls] /login=anon /admin=authc
/admin?=authc
/admin*=authc
/admin/**=authc /student=roles[teacher] /teacher=perms[user:create]
项目大概就这么些东西,主要来看下 shiro.ini 文件中每行代表的意思
[main]
authc.loginUrl=/login :身份验证的登录路径
roles.unauthorizedUrl=/unauthorized.jsp :角色认证不通过要跳转到的路径
perms.unauthorizedUrl=/unauthorized.jsp :权限认证不通过要跳转到的路径
[users]
zhen=123,admin :zhen用户,密码为123,角色为admin
jack=jack,teacher :jack用户,密码为jack,角色为teacher
marry=marry :marry用户,密码为marry
[roles]
admin=user:* :admin角色拥有的权限为 user:*
teacher=student:* :teacher角色拥有的权限为 student:*
[urls]
/login=anon : 表明 /login 此请求不需要进行身份认证
/admin=authc : 表明 /admin 请求需要进行身份认证,身份认证的登录路径对应上边的 authc.loginUrl
/admin?=authc : 表明 /admin? 请求需要进行身份认证,/admin? 可以匹配为 /admin1 /admin2,?匹配一个字符
/admin*=authc : 表明 /admin* 请求需要进行身份认证,/admin* 可以匹配为 /admin1,/admin12,/admin, * 匹配零个、一个或多个字符
/admin/**=authc :表明 /admin/** 请求需要进行身份认证,/admin/** 可以匹配为 /admin/a , /admin/a/b, **匹配零个或多个路径
/student=roles[teacher] : 表明 /student 请求只有角色为 teacher 的用户才能访问
/teacher=perms[user:create] : 表明 /teacher 请求只有拥有 user:create 权限的用户才能访问
url 匹配符
- ?
匹配一个字符 - *
匹配零个、一个或多个字符 - **
匹配零个或多个路径