- Url 匹配方式
? 匹配一个字符 /admin? 可以匹配/admin1 或者/admin2 但是不能匹配/admin12 或者/admin
* 匹配零个或者一个或者多个字符 /admin* 可以匹配 /admin 或者/admin1 或者 /admin12 但是不能匹配/admin/abc
** 匹配零个或者多个路径 /admin/** 可以匹配/admin /admin/a 或者/admin/a/b
-
pom.xml依赖
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.shyroke</groupId> <artifactId>shiro_web</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>shiro_web Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>javax.servlet.jsp.jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.1</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.tomcat</groupId> <artifactId>servlet-api</artifactId> <version>6.0.53</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.4.0</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.25</version> <scope>test</scope> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> </dependencies> <build> <finalName>shiro_web</finalName> <plugins> <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>8.1.15.v20140411</version> <configuration> <webAppSourceDirectory>src/main/webapp</webAppSourceDirectory> <scanIntervalSeconds>5</scanIntervalSeconds> <reload>manual</reload> <connectors> <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector"> <port>3032</port> </connector> </connectors> </configuration> </plugin> </plugins> </build> </project>
- shiro.ini
[main]
authc.loginUrl= /login
roles.unauthorizedUrl= /unauthorized.jsp
perms.unauthorizedUrl= /unauthorized.jsp
[users]
admin=123,role1
user1=456
[roles]
role1=admin:*
#如果加入了shiro-web支持,则需要配置urls,否则报错:Caused by: org.apache.shiro.env.RequiredTypeException: Object named 'filterChainResolver' is not of required type [org.apache.shiro.web.filter.mgt.FilterChainResolver].
[urls]
/index.jsp = authc
/ = authc
/admin.jsp = authc,roles[role1]
/login = anon
/logout = logout
-
#如果加入了shiro-web支持,则需要配置urls,否则报错:Caused by: org.apache.shiro.env.RequiredTypeException:
Object named 'filterChainResolver' is not of required type [org.apache.shiro.web.filter.mgt.FilterChainResolver].
- web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>t</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <context-param> <param-name>shiroConfigLocations</param-name> <param-value>classpath:shiro.ini</param-value> </context-param> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> <servlet> <servlet-name>loginServlet</servlet-name> <servlet-class>com.shyroke.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginServlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> </web-app>
- login.jsp
<body> <form action="<%=path%>/login" method="post"> userName:<input type="text" name="username" /><br /> passWord:<input type="password" name="password" /><br /> <input type="submit" value="登录"> </form> </body>
- LoginServlet.java:【url-pattern:/login】
package com.shyroke.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; public class LoginServlet extends HttpServlet { /** * */ private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { /** * 如果用户没有登录就即没有在index.jsp页面登录就会跳转到这个方法 */ request.getRequestDispatcher("/login.jsp").forward(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("UTF-8"); String userName = request.getParameter("username"); String passWord = request.getParameter("password"); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord); try { subject.login(token); System.out.println("登录成功"); request.getRequestDispatcher("/index.jsp").forward(request, response); } catch (UnknownAccountException e) { System.out.println("用户名错误"); response.sendRedirect("/login.jsp"); } catch (IncorrectCredentialsException e) { System.out.println("密码错误"); response.sendRedirect("/login.jsp"); } } }
- index.jsp
<body> 欢迎登陆 </body>
- admin.jsp
<body> admin.jsp </body>
- unauthorized.jsp
<body> 该用户没有权限访问 </body>
- 目录结构
结果:
- 上例是身份和角色认证、权限认证参考第一章的demo