zoukankan      html  css  js  c++  java
  • Shiro与基本web环境整合登陆验证实例

    1. 用maven导入Shiro依赖包

     <dependency>  
        <groupId>org.apache.shiro</groupId>  
        <artifactId>shiro-web</artifactId>  
        <version>1.2.2</version>  
    </dependency> 
     <dependency>  
            <groupId>commons-logging</groupId>  
            <artifactId>commons-logging</artifactId>  
            <version>1.1.3</version>  
      </dependency> 

    2.配置web.xml

       <!-- 初始化shiro web environment -->
        <listener>
              <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
      </listener>
      
    <!-- 设置shiro拦截器-->
       <filter>
          <filter-name>ShiroFilter</filter-name>
          <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
      </filter>
      
      <filter-mapping>
          <filter-name>ShiroFilter</filter-name>
          <url-pattern>/*</url-pattern>
      </filter-mapping>

    3.配置初始化shiro的配置文件 shiro.ini放在类文件根目录

    [main]
    authc.loginUrl=/login
    authc.successUrl=/index
    [users]
    zhang=123,role1,role2  
    wang=123,role1  
    [urls]
    /login=authc
    /logout=logout
    /* = authc

    4.创建一个servlet并映射至登陆路径/login

    public class LoginServlet extends HttpServlet {
    	private static final long serialVersionUID = 1L;
        public LoginServlet() {
            super();
        }
    	/**GET请求显示登录界面同时显示错误信息
    	 */
    	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    		//显示登录界面
    		request.getRequestDispatcher("/login.jsp").forward(request, response);	
    	}
    
    	/**FormAuthenticationFilter将会拦截POST请求进行登录操作,我们不需要再做登录操作。
    	 */
    	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    		System.out.println("登录失败才会进入doPost方法。因为拦截器拦截了POST请求进行登录,登录成功则直接跳转至访问页面。登录失败后才进入Post方法");
    		System.out.println("登录失败才再登录界面,并添加错误信息");
    		
    		//FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME值为shiroLoginFailure,保存了登录错误信息,值为异常的类全名
    		String errorFullClassName = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
    		String cerrorKey="error";//客户端显示的错误信息
    		if(UnknownAccountException.class.getName().equals(errorFullClassName)){
    			//未知账户
    			request.setAttribute(cerrorKey, "用户名密码错误");
    		}else if(IncorrectCredentialsException.class.getName().equals(errorFullClassName)){
    			//密码错误
    			request.setAttribute(cerrorKey, "用户名密码错误");
    		}else{
    			//其他错误如账户锁定等等
    			request.setAttribute(cerrorKey, "其他错误");
    		}
    		//显示登录界面
    		doGet(request, response);
    	}
    
    }
    

      

      <servlet>
          <servlet-name>LoginServlet</servlet-name>
          <servlet-class>baseshiroweb.LoginServlet</servlet-class>
      </servlet>
      
      <servlet-mapping>
          <servlet-name>LoginServlet</servlet-name>
          <url-pattern>/login</url-pattern>
      </servlet-mapping>

    5.创建一个登陆界面login.jsp

    <%@ page language="java" contentType="text/html; charset=UTF-8"
        pageEncoding="UTF-8"%>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
    </head>
    <body>
    登陆界面<br/>
    <form action="/baseshiroweb/login" method="post">
    
       Username: <input type="text" name="username"/> <br/>
       Password: <input type="password" name="password"/><br/>
       <input type="checkbox" name="rememberMe" value="true"/>Remember Me?<br/>
       <input type="submit" value="提交"/>
    </form>
    ${error}
    </body>
    </html>

    6.创建一个登陆成功后的信息显示servlet并添加退出

    public class MyServlet extends HttpServlet{
    
    	
    	@Override
    	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    		resp.getWriter().println("<html>");
    		resp.getWriter().println("hello shiro web"+"<br/>");
    		Subject subject = SecurityUtils.getSubject();
    		resp.getWriter().println("principal:"+subject.getPrincipal()+"<br/>");
    		resp.getWriter().println("isAuthenticated"+subject.isAuthenticated()+"<br/>");
    		resp.getWriter().println("<a href='/baseshiroweb/logout'>logout</a>");
    		resp.getWriter().println("</html>");
    	}
    }
    
      <servlet>
          <servlet-name>myservlet</servlet-name>
          <servlet-class>baseshiroweb.MyServlet</servlet-class>
      </servlet>
      
        <servlet-mapping>
          <servlet-name>myservlet</servlet-name>
          <url-pattern>/index</url-pattern>
      </servlet-mapping>

     此时访问http://localhost:8080/baseshiroweb/index

    执行流程:

    1.将会请求/index路径 

    2.匹配Shiro配置文件里的[urls]内的/*路径的authc拦截器,跳转至登陆登陆界面/login

    3.在/login进行登录操作,成功则跳转至/index,失败则返回/login界面并显示错误信息

    4./index成功登录后,点击超链接logout访问/logout进行退出操作。/logout路径匹配logout拦截器。

    完整的web.xml为

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
     
      <display-name>Archetype Created Web Application</display-name>
       <!-- 初始化shiro web environment -->
        <listener>
              <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
      </listener>
      
    <!-- 设置shiro拦截器-->
       <filter>
          <filter-name>ShiroFilter</filter-name>
          <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
      </filter>
      
      <filter-mapping>
          <filter-name>ShiroFilter</filter-name>
          <url-pattern>/*</url-pattern>
      </filter-mapping>
      
      <servlet>
          <servlet-name>myservlet</servlet-name>
          <servlet-class>baseshiroweb.MyServlet</servlet-class>
      </servlet>
      
        <servlet-mapping>
          <servlet-name>myservlet</servlet-name>
          <url-pattern>/index</url-pattern>
      </servlet-mapping>
      
      <servlet>
          <servlet-name>LoginServlet</servlet-name>
          <servlet-class>baseshiroweb.LoginServlet</servlet-class>
      </servlet>
      
      <servlet-mapping>
          <servlet-name>LoginServlet</servlet-name>
          <url-pattern>/login</url-pattern>
      </servlet-mapping>
    
    </web-app>
  • 相关阅读:
    【足迹C++primer】32、定制操作_2
    pom文件miss artifact com.sun:tools:jar:1.5.0:system问题
    cents上运行wget报错:unable to resolve host address
    怎样定义函数模板
    06006_redis数据存储类型——String
    雷林鹏分享:C# 类型转换
    雷林鹏分享:C# 运算符
    雷林鹏分享:C# 循环
    雷林鹏分享:C# 判断
    雷林鹏分享:C# 方法
  • 原文地址:https://www.cnblogs.com/beenupper/p/6884412.html
Copyright © 2011-2022 走看看