web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
<init-param>
<param-name>configPath</param-name>
<param-value>/WEB-INF/shiro.ini</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--以上是配置Shiro-->
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.java1234.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>AdminServlet</servlet-name>
<servlet-class>com.java1234.servlet.AdminServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AdminServlet</servlet-name>
<url-pattern>/admin</url-pattern>
</servlet-mapping>
</web-app>
shiro.ini:
[main]
authc.loginUrl=/login
roles.unauthorizedUrl=/unauthorizedUrl.jsp
perms.unauthorizedUrl=/unauthorizedUrl.jsp
[users]
java1234=123456,admin
jack=123,teacher
marry=234
json=345
[roles]
admin=user:*
teacher=student:*
[urls]
;'?'可匹配单个字符,可以匹配/admin1 /admin2 但是不能匹配/admin12 /admin
;'*'匹配零个或者一个或者多个字符 /admin* 可以匹配 /admin /admin1 /admin12 但是不能匹配/admin/abc
;'**'匹配零个或者多个路径/admin/** 可以匹配 /admin /admin/a /admin/a/b
;anon表示无需认证即可访问,authc表示需要登陆认证,roles表示需要角色认证,perms表示需要权限认证
/login=anon
/admin*/**=authc
;必须先登陆才能跳转到unauthorizedUrl.jsp页面不然跳转到/login请求
/student=roles[teacher]
/teacher=perms["user:create"]
LoginServle:
package com.java1234.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
public class LoginServlet extends HttpServlet{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// TODO Auto-generated method stub
System.out.println("Login doget");
req.getRequestDispatcher("login.jsp").forward(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// TODO Auto-generated method stub
System.out.println("Login doPost");
String userName=req.getParameter("userName");
String password=req.getParameter("password");
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken(userName, password);
try{
subject.login(token);
resp.sendRedirect("success.jsp");
}catch(Exception e){
e.printStackTrace();
req.setAttribute("errorInfo", "用户名密码错误");
req.getRequestDispatcher("login.jsp").forward(req, resp);
}
}
}