1.新建一个maven web项目
2.导包
<dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> <!--添加servlet支持--> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.0.1</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>2.1</version> </dependency> <!--end--> <!--添加jstl支持--> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <!--end--> <!--日志--> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!--end--> <!--数据源--> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.0.29</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.6</version> </dependency> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <!--end--> <!--shiro--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.21</version> <scope>test</scope> </dependency> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.3.2</version> </dependency> <!--end-->
3.新建一个login.jsp登录页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>登录</title> </head> <body> <form action="login" method="post"> userName:<input type="text" name="userName"/><br/> password:<input type="password" name="password"/><br/> <input type="submit" value="登录"/> </form> </body> </html>
4.建立意见 LoginSetvlet 来获取请求
package com.spf.servlet; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * @Auther SPF */ public class LoginSetvlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("Login doGet"); req.getRequestDispatcher("login.jsp").forward(req,resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String username = req.getParameter("userName"); String pwd = req.getParameter("password"); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(username,pwd); try{ subject.login(token); Session session = subject.getSession(); System.out.println("session id:"+session.getId()); System.out.println("session time:"+session.getTimeout()); resp.sendRedirect("success.jsp"); } catch (AuthenticationException e) { e.printStackTrace(); req.setAttribute("erroe","用户名或密码错误"); req.getRequestDispatcher("login.jsp").forward(req,resp); } } }
身份验证成功后跳转到成功页面
5.新建一个success.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>welcome</title> </head> <body> 登录成功 <shiro:hasRole name="admin"> 欢迎admin超级用户通过身份认证! </shiro:hasRole> <shiro:hasPermission name="student:add"> 欢迎teacher用户通过权限认证! </shiro:hasPermission> <shiro:hasRole name="student"> </shiro:hasRole> </body> </html>
shiro标签:
shiro:hasRole 判断用户当前角色
shiro:hasPermission 判断当前用户权限
6.配置web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>ShrioWeb</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <!--shiro--> <listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> <init-param> <param-name>shiroConfigLocations</param-name> <param-value>classpath*:/shiro_jdbc.ini</param-value> </init-param> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>loginServlet</servlet-name> <servlet-class>com.spf.servlet.LoginSetvlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginServlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>adminServlet</servlet-name> <servlet-class>com.spf.servlet.AdminSetvlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>adminServlet</servlet-name> <url-pattern>/admin</url-pattern> </servlet-mapping> </web-app>
7.新建一个shiro.ini,注意这里这个名字时候规定了的
[main] authc.loginUrl=/login -->配置需要认证的路径 roles.unauthorizedUrl=/unauthorized.jsp --> 配置角色认证不成功跳转路径 perms.unauthorizedUrl=/unauthorized.jsp --> 配置权限验证不成功跳转路径#配置自定义Realm jdbcRealm=com.spf.utils.realm.MyRealm securityManager.realms=$jdbcRealm [urls] /login=anon -->配置login路径不需要验证 /admin*/**=authc -->配置admin需要验证,若没用验证直接访问,就通过上面的配置,跳转到login路径 /student=roles[teacher] -->配置访问该路径所需要的角色 /teacher=perms["user:create"] -->配置访问该路径所需要的权限8.我们在新建一个权限验证不通过跳转的unauthorized.jsp<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>unauthorized</title> </head> <body> 认证未通过,或者权限不足! </body> </html>
然后再把前面自定义Realm的三个方法导入
9.数据库新建三个表,根据自己自定义的Realm来设置表名,和字段
t_user用户表: id:序号 username:用户名 password: 密码 roleId :用户与角色表id的关联字段t_role角色表: id:序号 roleName:角色名称t_permission权限表: id:序号 permissionName:权限名 roleId :权限与角色表id的关联字段
好了现在可以去运行跑跑看了,根据我们配置
当我们访问 admin 路径的时候由于需要身份认证,所以就会跳转到登录页面,
登录成功后,因为数据库给admin配置的权限是user:creat,角色是admin;所以当我再去访问student 这个路径会提示权限不足,访问 teacher 这个路径就会提示 欢迎admin超级用户通过身份认证!当然,我们也可以在数据库给admin用户配置所有角色与权限!ok!