1.所需要jar
1 <!-- shiro核心包 --> 2 <dependency> 3 <groupId>org.apache.shiro</groupId> 4 <artifactId>shiro-core</artifactId> 5 <version>1.2.5</version> 6 </dependency> 7 <!-- 添加shiro web支持 --> 8 <dependency> 9 <groupId>org.apache.shiro</groupId> 10 <artifactId>shiro-web</artifactId> 11 <version>1.2.5</version> 12 </dependency> 13 14 <!-- 添加sevlet支持 --> 15 <dependency> 16 <groupId>javax.servlet</groupId> 17 <artifactId>javax.servlet-api</artifactId> 18 <version>3.1.0</version> 19 </dependency> 20 <!-- 添加jsp支持 --> 21 <dependency> 22 <groupId>javax.servlet.jsp</groupId> 23 <artifactId>javax.servlet.jsp-api</artifactId> 24 <version>2.3.1</version> 25 </dependency> 26 <!-- 添加jstl支持 --> 27 <dependency> 28 <groupId>javax.servlet</groupId> 29 <artifactId>jstl</artifactId> 30 <version>1.2</version> 31 </dependency> 32 <!-- 添加log4j日志 --> 33 <dependency> 34 <groupId>log4j</groupId> 35 <artifactId>log4j</artifactId> 36 <version>1.2.17</version> 37 </dependency> 38 <dependency> 39 <groupId>commons-logging</groupId> 40 <artifactId>commons-logging</artifactId> 41 <version>1.2</version> 42 </dependency> 43 <dependency> 44 <groupId>org.slf4j</groupId> 45 <artifactId>slf4j-api</artifactId> 46 <version>1.7.21</version> 47 </dependency>
2.shiro.ini
1 [main] 2 authc.loginUrl=/login 3 4 [users] 5 csdn1=123,admin,teacher 6 csdn2=123,teacher 7 csdn3=123,student 8 csdn4=123 9 10 [roles] 11 admin=user:*,student:* 12 teacher=student:* 13 14 [urls] 15 /login=anon 16 /admin=authc
3.ShiroUtil.java
1 package util; 2 3 import org.apache.shiro.SecurityUtils; 4 import org.apache.shiro.authc.UsernamePasswordToken; 5 import org.apache.shiro.config.IniSecurityManagerFactory; 6 import org.apache.shiro.mgt.SecurityManager; 7 import org.apache.shiro.subject.Subject; 8 import org.apache.shiro.util.Factory; 9 10 public class ShiroUtil { 11 12 public static Subject getCurrUser(String config,String username,String password){ 13 //初始化工厂 14 Factory<SecurityManager> factory=new IniSecurityManagerFactory(config); 15 SecurityManager securityManager=factory.getInstance(); 16 SecurityUtils.setSecurityManager(securityManager); 17 Subject subject=SecurityUtils.getSubject(); 18 UsernamePasswordToken token=new UsernamePasswordToken(username,password); 19 try { 20 subject.login(token); 21 System.out.println("登陆成功"); 22 } catch (Exception e) { 23 e.printStackTrace(); 24 System.out.println("登陆失败"); 25 } 26 return subject; 27 } 28 }
4.AdminServlet.java
1 package servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.annotation.WebServlet; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 11 @WebServlet("/admin") 12 public class AdminServlet extends HttpServlet { 13 14 private static final long serialVersionUID = -8898740167735658141L; 15 16 @Override 17 public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 18 request.getRequestDispatcher("/admin.jsp").forward(request, response); 19 } 20 }
5.LoginSerlet.java
1 package servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.annotation.WebServlet; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 11 import org.apache.shiro.SecurityUtils; 12 import org.apache.shiro.authc.UsernamePasswordToken; 13 import org.apache.shiro.subject.Subject; 14 15 import util.ShiroUtil; 16 17 18 @WebServlet("/login") 19 public class LoginSerlet extends HttpServlet{ 20 21 private static final long serialVersionUID = 4689893605443801988L; 22 23 @Override 24 public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 25 req.getRequestDispatcher("/login.jsp").forward(req, resp); 26 } 27 @Override 28 public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 29 String username=req.getParameter("username"); 30 String password=req.getParameter("password"); 31 Subject subject=SecurityUtils.getSubject(); 32 UsernamePasswordToken token=new UsernamePasswordToken(username,password); 33 try { 34 subject.login(token); 35 resp.sendRedirect("success.jsp"); 36 } catch (Exception e) { 37 req.setAttribute("error", "用户名或密码错误"); 38 req.getRequestDispatcher("/login.jsp").forward(req, resp); 39 } 40 } 41 }
package servlet;
import java.io.IOException;
import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;
@WebServlet("/admin")public class AdminServlet extends HttpServlet {
private static final long serialVersionUID = -8898740167735658141L;
@Overridepublic void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {request.getRequestDispatcher("/admin.jsp").forward(request, response);}}