第一个Shiro案例-简单的登录认证

添jar包，编写maven的pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.hwh.shiro</groupId>
	<artifactId>shiro-first</artifactId>
	<packaging>war</packaging>
	<version>0.0.1-SNAPSHOT</version>
	<name>shiro-first Maven Webapp</name>
	<url>http://maven.apache.org</url>

	<properties>
		<shiro.version>1.2.4</shiro.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-api</artifactId>
			<version>1.7.5</version>
		</dependency>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>jcl-over-slf4j</artifactId>
			<version>1.7.5</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>ch.qos.logback</groupId>
			<artifactId>logback-classic</artifactId>
			<version>1.0.13</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-core</artifactId>
			<version>${shiro.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-web</artifactId>
			<version>${shiro.version}</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<version>3.1.0</version>
			<scope>provided</scope>
		</dependency>
	</dependencies>
	<build>
		<finalName>shiro-first</finalName>

		<pluginManagement>
			<plugins>
				<plugin>
					<groupId>org.apache.maven.plugins</groupId>
					<artifactId>maven-compiler-plugin</artifactId>
					<version>3.0</version>
					<configuration>
						<source>1.6</source>
						<target>1.6</target>
					</configuration>
				</plugin>

				<plugin>
					<groupId>org.mortbay.jetty</groupId>
					<artifactId>jetty-maven-plugin</artifactId>
					<configuration>
						<scanIntervalSeconds>10</scanIntervalSeconds>
						<webApp>
							<contextPath>/shiro</contextPath>
						</webApp>
						<connectors>
							<connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector">
								<port>8888</port>
								<maxIdleTime>60000</maxIdleTime>
							</connector>
						</connectors>
					</configuration>
				</plugin>
			</plugins>
		</pluginManagement>

	</build>
</project>

在WEB-INF中建立shiro.ini文件

[main]

authc.loginUrl=/login

[users]
#提供了对用户/密码及其角色的配置，用户名=密码，角色1，角色2  
huwenhua=199316
admin=123

[urls]
#用于web，提供了对web url拦截相关的配置，url=拦截器[参数]，拦截器 
/admin/**=authc
/login=anon

配置web.xml

<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
	http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<display-name>Archetype Created Web Application</display-name>
	<servlet>
		<servlet-name>LoginServlet</servlet-name>
		<display-name>LoginServlet</display-name>
		<description></description>
		<servlet-class>com.hwh.shiro.LoginServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>LoginServlet</servlet-name>
		<url-pattern>/login</url-pattern>
	</servlet-mapping>

	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>


	<listener>
		<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
	</listener>

	<filter>
		<filter-name>ShiroFilter</filter-name>
		<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>ShiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>INCLUDE</dispatcher>
		<dispatcher>ERROR</dispatcher>
	</filter-mapping>




</web-app>

编写一个Servlet

package com.hwh.shiro;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

public class LoginServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    public LoginServlet() {
        super();
    }

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
	}

    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String username = request.getParameter("username");
		String password = request.getParameter("password");
		
		/**得到Subject及创建用户名/密码身份验证Token（即用户身份/凭证）  */
		Subject subject = SecurityUtils.getSubject();
		UsernamePasswordToken token = new UsernamePasswordToken(username,password);
		String msg = null;
		try {
			//登录，即身份验证  
			subject.login(token);
		} catch (UnknownAccountException e) {
			msg = "用户名不存在！";
		}catch (IncorrectCredentialsException e) {
			msg = "密码不正确！";
		}catch (AuthenticationException e) {
			msg = "其他异常："+e.getMessage();
		}
		
		if(msg!=null){
			request.setAttribute("msg", msg);
			request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
		}else{
			response.sendRedirect(request.getContextPath()+"/");
		}
		
	}

}

编写一个JSP登录页面

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login</title>
</head>
<body>
	<form method="post">
		<div>${msg }</div>
		username:<input type="text" name="username"><br>
		password:<input type="password" name="password"><br>
		<input type="submit" value="登录">
	</form>
</body>
</html>

----------------------------------------------------------------------------------分割线----------------------------------------------------------------------------

当浏览器地址栏输入 http://localhost:8888/shiro/admin/xxxxx 时, 它访问servlet的get方法,自动跳转到login页面

随便输入一个用户名

输入正确的用户名,密码乱输

输入正确的用户名/密码,admin/123。见shiro.ini文件

在WEB-INF中建立index.jsp(默认欢迎页)

-------

至此,第一个shiro的小案例就已完成。