用Eclipse搭建SSM+Maven+Shiro环境

Eclipse中整合SSM+Maven+Shiro。 项目中有用到shiro,所以查了些资料搭建了个Demo，有兴趣的可以看看。

1.搭建完后项目结构

1.1 创建Maven项目

打包方式选war

2.配置文件

2.1 pom.xml

[html]  view plain  copy

1. <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.shiro.demo</groupId>
     <artifactId>shiro-demo</artifactId>
     <version>0.0.1-SNAPSHOT</version>
     <packaging>war</packaging>  
     <name>shiro-demo</name>  
     <url>http://maven.apache.org</url>  
     <dependencies>  
       <!-- shiro核心包 -->  
       <dependency>  
         <groupId>org.apache.shiro</groupId>  
         <artifactId>shiro-core</artifactId>  
         <version>1.2.5</version>  
       </dependency>  
       <!-- 添加shiro web支持 -->  
       <dependency>  
         <groupId>org.apache.shiro</groupId>  
         <artifactId>shiro-web</artifactId>  
         <version>1.2.5</version>  
       </dependency>  
       <!-- 添加shiro spring支持 -->  
       <dependency>  
         <groupId>org.apache.shiro</groupId>  
         <artifactId>shiro-spring</artifactId>  
         <version>1.2.5</version>  
       </dependency>  
       <!-- 添加sevlet支持 -->  
       <dependency>  
         <groupId>javax.servlet</groupId>  
         <artifactId>javax.servlet-api</artifactId>  
         <version>3.1.0</version>  
       </dependency>  
       <!-- 添加jsp支持 -->  
       <dependency>  
         <groupId>javax.servlet.jsp</groupId>  
         <artifactId>javax.servlet.jsp-api</artifactId>  
         <version>2.3.1</version>  
       </dependency>  
       <!-- 添加jstl支持 -->  
       <dependency>  
         <groupId>javax.servlet</groupId>  
         <artifactId>jstl</artifactId>  
         <version>1.2</version>  
       </dependency>  
       <!-- 添加log4j日志 -->  
       <dependency>  
         <groupId>log4j</groupId>  
         <artifactId>log4j</artifactId>  
         <version>1.2.17</version>  
       </dependency>  
       <dependency>  
         <groupId>commons-logging</groupId>  
         <artifactId>commons-logging</artifactId>  
         <version>1.2</version>  
       </dependency>  
       <dependency>  
         <groupId>org.slf4j</groupId>  
         <artifactId>slf4j-api</artifactId>  
         <version>1.7.21</version>  
       </dependency>  
     
       <!-- 添加spring支持 -->  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-core</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-beans</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-context</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-context-support</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-web</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-webmvc</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-tx</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-jdbc</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-aop</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
       <dependency>  
         <groupId>org.springframework</groupId>  
         <artifactId>spring-aspects</artifactId>  
         <version>4.3.0.RELEASE</version>  
       </dependency>  
     
       <!-- 添加mybatis支持 -->  
       <dependency>  
         <groupId>org.mybatis</groupId>  
         <artifactId>mybatis</artifactId>  
         <version>3.4.0</version>  
       </dependency>  
       <dependency>  
         <groupId>org.mybatis</groupId>  
         <artifactId>mybatis-spring</artifactId>  
         <version>1.3.0</version>  
       </dependency>  
     
       <!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
   <dependency>
      <groupId>com.alibaba</groupId>
      <artifactId>druid</artifactId>
      <version>1.0.18</version>
   </dependency>
       
       <dependency>
   <groupId>mysql</groupId>
   <artifactId>mysql-connector-java</artifactId>
   <version>5.1.15</version>
   </dependency>
   <dependency>
   <groupId>cglib</groupId>
   <artifactId>cglib-nodep</artifactId>
   <version>2.2</version>
   </dependency>
   <dependency>
   <groupId>c3p0</groupId>
   <artifactId>c3p0</artifactId>
   <version>0.9.1.2</version>
   </dependency>
     
       <dependency>  
         <groupId>junit</groupId>  
         <artifactId>junit</artifactId>  
         <version>4.12</version>  
         <scope>test</scope>  
       </dependency>  
     </dependencies>  
     <build>  
       <finalName>shiro</finalName>  
     </build>  
     
   </project>

2.2 log4j.properties

[java]  view plain  copy

1. log4j.rootLogger=DEBUG, Console    
2.   
3. #Console    
4. log4j.appender.Console=org.apache.log4j.ConsoleAppender    
5. log4j.appender.Console.layout=org.apache.log4j.PatternLayout    
6. log4j.appender.Console.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n    
7.   
8. log4j.logger.java.sql.ResultSet=INFO    
9. log4j.logger.org.apache=INFO    
10. log4j.logger.java.sql.Connection=DEBUG    
11. log4j.logger.java.sql.Statement=DEBUG    
12. log4j.logger.java.sql.PreparedStatement=DEBUG    

2.2.1 conf-db.properties

datasource.driverClassName=com.mysql.jdbc.Driver
datasource.timeBetweenEvictionRunsMillis=60000
datasource.minEvictableIdleTimeMillis=300000
datasource.validationQuery=SELECT 'x'
datasource.testWhileIdle=true
datasource.testOnBorrow=false
datasource.testOnReturn=false

datasource.url=jdbc:mysql://***.***.**.**:3306/**?useUnicode=true&characterEncoding=UTF-8
datasource.username=****
datasource.password=****
datasource.initialSize=3
datasource.minIdle=3
datasource.maxActive=20
datasource.maxWait=60000

2.3 web.xml

[html]  view plain  copy

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">  
3.   <display-name>shiro-demo</display-name>  
4.   <welcome-file-list>  
5.     <welcome-file>index.jsp</welcome-file>  
6.   </welcome-file-list>  
7.   
8.   <!-- spring监听器 -->  
9.   <listener>  
10.     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
11.   </listener>  
12.   <context-param>  
13.     <param-name>contextConfigLocation</param-name>  
14.     <param-value>classpath:applicationContext.xml</param-value>  
15.   </context-param>  
16.   
17.   <!-- 添加springmvc支持 -->  
18.   <servlet>  
19.     <servlet-name>springMVC</servlet-name>  
20.     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>  
21.     <init-param>  
22.         <param-name>contextConfigLocation</param-name>  
23.         <param-value>classpath:spring-mvc.xml</param-value>  
24.     </init-param>  
25.   </servlet>  
26.   <servlet-mapping>  
27.     <servlet-name>springMVC</servlet-name>  
28.     <url-pattern>*.do</url-pattern>  
29.   </servlet-mapping>  
30.   
31.   <!-- 添加shiro过滤器 -->  
32.   <filter>  
33.     <filter-name>shiroFilter</filter-name>  
34.     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
35.     <init-param>  
36.         <!-- 该值缺省为false，表示声明周期由SpringApplicationContext管理，设置为true表示ServletContainer管理 -->  
37.         <param-name>targetFilterLifecycle</param-name>  
38.         <param-value>true</param-value>  
39.     </init-param>  
40.   </filter>  
41.   <filter-mapping>  
42.     <filter-name>shiroFilter</filter-name>  
43.     <url-pattern>/*</url-pattern>  
44.   </filter-mapping>  
45.   
46.   <!-- 编码过滤器 -->  
47.   <filter>  
48.     <filter-name>encodingFilter</filter-name>  
49.     <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>  
50.     <async-supported>true</async-supported>  
51.     <init-param>  
52.         <param-name>encoding</param-name>  
53.         <param-value>UTF-8</param-value>  
54.     </init-param>  
55.   </filter>  
56.   <filter-mapping>  
57.     <filter-name>encodingFilter</filter-name>  
58.     <url-pattern>/*</url-pattern>  
59.   </filter-mapping>  
60. </web-app>  

2.4  applicationContext.xml（核心配置）

[html]  view plain  copy

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <beans xmlns="http://www.springframework.org/schema/beans"  
3.        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
4.        xmlns:p="http://www.springframework.org/schema/p"  
5.        xmlns:aop="http://www.springframework.org/schema/aop"  
6.        xmlns:context="http://www.springframework.org/schema/context"  
7.        xmlns:jee="http://www.springframework.org/schema/jee"  
8.        xmlns:tx="http://www.springframework.org/schema/tx"  
9.        xsi:schemaLocation=" http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd  
10.         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd  
11.         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd  
12.         http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd  
13.         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">  
14.   
15.     <!-- 自动扫描 -->  
16.     <context:component-scan base-package="com.demo.service" />
17.     <!-- 加载配置we -->
    
18. <context:property-placeholder location="classpath*:conf*.properties"/>  
19.   
20.     <!--配置数据源-->  
21.   

    	<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
    		init-method="init" destroy-method="close">
    		<!--数据源驱动类可不写，Druid默认会自动根据URL识别DriverClass -->
    		<property name="driverClassName" value="${datasource.driverClassName}" />
    		<!--基本属性 url user password -->
    		<property name="url" value="${datasource.url}" />
    		<property name="username" value="${datasource.username}" />
    		<property name="password" value="${datasource.password}" />
    
    		<!--配置初始化大小、最小、最大 -->
    		<property name="initialSize" value="${datasource.initialSize}" />
    		<property name="minIdle" value="${datasource.minIdle}" />
    		<property name="maxActive" value="${datasource.maxActive}" />
    
    		<!--配置获取连接等待超时的时间 -->
    		<property name="maxWait" value="${datasource.maxWait}" />
    
    		<!--配置间隔多久才进行一次检测，检测需要关闭的空闲连接，单位是毫秒 -->
    		<property name="timeBetweenEvictionRunsMillis" value="${datasource.timeBetweenEvictionRunsMillis}" />
    
    		<!--配置一个连接在池中最小生存的时间，单位是毫秒 -->
    		<property name="minEvictableIdleTimeMillis" value="${datasource.minEvictableIdleTimeMillis}" />
    
    		<property name="validationQuery" value="${datasource.validationQuery}" />
    		<property name="testWhileIdle" value="${datasource.testWhileIdle}" />
    		<property name="testOnBorrow" value="${datasource.testOnBorrow}" />
    		<property name="testOnReturn" value="${datasource.testOnReturn}" />
    		<!-- 配置监控统计拦截的filters -->
    		<property name="filters" value="stat" />
    	</bean>

    
    
22.     <!--配置mybatis的sqlSessionFactory-->  
23.     <bean name="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">  
24.         <property name="dataSource" ref="dataSource"/>  
25.         <!-- 自动扫描mappers.xml文件 -->  
26.         <property name="mapperLocations" value="classpath:demo/mappers/*.xml "/>  
27.         <!--mybatis配置文件-->  
28.         <property name="configLocation" value="classpath:mybatis-config.xml"/>  
29.     </bean>  
30.   
31.     <!--DAO接口所在包名，spring 会自动查找其下的-->  
32.     <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">  
33.         <property name="basePackage" value="com.demo.dao"/>  
34.         <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"/>  
35.     </bean>  
36.   
37.     <!--自定义Realm-->  
38.     <bean id="myRealm" class="com.demo.realm.MyRealm"/>  
39.   
40.     <!--安全管理-->  
41.     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">  
42.         <property name="realm" ref="myRealm"></property>  
43.     </bean>  
44.   
45.     <!--shiro 过滤器-->  
46.     <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">  
47.         <!-- Shiro过滤器的核心安全接口，这个属性是必须的-->  
48.         <property name="securityManager" ref="securityManager"/>  
49.         <!--身份认证失败，则跳转到登录页面的配置-->  
50.         <property name="loginUrl" value="/login.jsp"/>  
51.         <!--权限认证失败，则跳转到指定页面-->  
52.         <property name="unauthorizedUrl" value="/unauthorized.jsp"/>  
53.         <!-- Shiro连接约束配置，即过滤链的定义-->  
54.         <property name="filterChainDefinitions">  
55.             <value>  
56.                 /login=anon  
57.                 /user/admin*=authc 
58.                 /user/student*/**=roles[teacher]  
59.                 /user/teacher*/**=perms["user:create"]  
60.             </value>  
61.         </property>  
62.     </bean>  
63. </beans>  

3.整合Mybatis

3.1全局配置文件

    首先配置一个mybatis的全局配置文件mybatis-config.xml,因为数据源都交给spring管理了，所以全局配置文件就比较清晰了。

   mybatis-config.xml

[html]  view plain  copy

1. <?xml version="1.0" encoding="UTF-8" ?>  
2. <!DOCTYPE configuration  
3.         PUBLIC "-//mybatis.org//DTD Config 3.0//EN"  
4.         "http://mybatis.org/dtd/mybatis-3-config.dtd">  
5. <configuration>  
6.     <!-- 别名 -->  
7.     <typeAliases>  
8.         <package name="com.demo.entity"/>  
9.     </typeAliases>  
10. </configuration>  

3.2配置mapper映射文件

    UserMapper.xml

[html]  view plain  copy

1. <?xml version="1.0" encoding="UTF-8" ?>  
2. <!DOCTYPE mapper  
3.         PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"  
4.         "http://mybatis.org/dtd/mybatis-3-mapper.dtd">  
5. <mapper namespace="com.demo.entity.User">  
6.     <select id="getByUsername" parameterType="String" resultType="user">  
7.         select * from tb_user where username=#{username}  
8.     </select>  
9.   
10.     <select id="getRoles" parameterType="String" resultType="String">  
11.         select r.rolename  from t_user u,t_role r where u.role_id=r.id and u.username=#{username}  
12.     </select>  
13.   
14.     <select id="getPermissions" parameterType="String" resultType="String">  
15.         select p.permissionname from t_user u,t_role r,t_permission p where u.role_id=r.id and p.role_id=r.id  
16.         and u.username=#{username}  
17.     </select>  
18. </mapper>  

3.3mapper接口（UserMapper.java）

[java]  view plain  copy

1. public interface UserMapper {  
2.     public User getByUsername(String username);  
3.   
4.     public Set<String> getRoles(String username);  
5.   
6.     public Set<String> getPermissions(String username);  
7.   
8. }  

    只需要写接口，不需要写实现，spring的配置文件中会去扫描mapper，会自动创建一个代理对象来执行相应的方法，要注意的是这个接口的方法名要和上面mapper映射文件的id号一样的，否则是无法映射到具体的statement上面的，会报错。

3.4 entity类

    这里写个简单的User类

[java]  view plain  copy

1. public class User {  
2.     private Integer  id;  
3.     private String username;  
4.     private String password;  
5.     //get set方法省略  
6.   
7. }  

3.5  Service
    接口UserService.java

[java]  view plain  copy

1. public interface UserService {  
2.     public User getByUsername(String username);  
3.   
4.     public Set<String> getRoles(String username);  
5.   
6.     public Set<String> getPermissions(String username);  
7.   
8. }  

    UserServiceImpl.Java

[java]  view plain  copy

1. @Service  
2. public class UserServiceImpl implements UserService {  
3.     @Resource  
4.     private UserMapper userDao;  
5.     public User getByUsername(String username){  
6.             return userDao.getByUsername(username);  
7.     }  
8.     public Set<String> getRoles(String username){  
9.             return userDao.getRoles(username);  
10.     }  
11.     public Set<String> getPermissions(String username){  
12.            return userDao.getPermissions(username);  
13.     }  
14. }  

在service的实现类中，注入刚刚写好的dao接口即可调用其中的方法了，使用的是spring自动创建的代理对象去执行的。

4 整合SpringMVC

4.1配置文件

spring-mvc.xml

[html]  view plain  copy

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <beans xmlns="http://www.springframework.org/schema/beans"  
3.        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
4.        xmlns:p="http://www.springframework.org/schema/p"  
5.        xmlns:aop="http://www.springframework.org/schema/aop"  
6.        xmlns:context="http://www.springframework.org/schema/context"  
7.        xmlns:jee="http://www.springframework.org/schema/jee"  
8.        xmlns:tx="http://www.springframework.org/schema/tx"  
9.        xsi:schemaLocation="  
10.         http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd  
11.         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd  
12.         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd  
13.         http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd  
14.         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">  
15. <!-- 使用注解的包，包括子集-->  
16. <context:component-scan base-package="demo.controller"/>  
17.   
18. <!--视图解析器-->  
19. <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">  
20.     <property name="prefix" value="/"></property>  
21.     <property name="suffix" value=".jsp"></property>  
22. </bean>  
23. </beans>  

4.2 Controller

    UserController.java

[java]  view plain  copy

1. package demo.controller;  
2.   
3. import demo.entity.User;  
4. import org.apache.shiro.SecurityUtils;  
5. import org.apache.shiro.authc.UsernamePasswordToken;  
6. import org.apache.shiro.subject.Subject;  
7. import org.springframework.web.bind.annotation.RequestMapping;  
8. import org.springframework.stereotype.Controller;  
9. import javax.servlet.http.HttpServletRequest;  
10.   
11. @Controller  
12. @RequestMapping("/user")  
13. public class UserController {  
14.     //用户登录  
15.     @RequestMapping("/login")  
16.     public String login(User user, HttpServletRequest request){  
17.   
18.         Subject subject=SecurityUtils.getSubject();  
19.         UsernamePasswordToken token=new UsernamePasswordToken(user.getUsername(),user.getPassword());  
20.         try {  
21.             //调用subject.login(token)进行登录，会自动委托给securityManager,调用之前  
22.             subject.login(token);//会跳到我们自定义的realm中  
23.             request.getSession().setAttribute("user",user);  
24.             return "success";  
25.         }catch (Exception e){  
26.             e.printStackTrace();  
27.             request.getSession().setAttribute("user",user);  
28.             request.setAttribute("error","用户名或密码错误");  
29.             return "login";  
30.         }  
31.     }  
32.   
33.     @RequestMapping("/logout")  
34.     public String logout(HttpServletRequest request){  
35.         request.getSession().invalidate();  
36.         return "index";  
37.     }  
38.   
39.     @RequestMapping("/admin")  
40.     public String admin(HttpServletRequest request){  
41.         return "success";  
42.     }  
43.   
44.     @RequestMapping("/student")  
45.     public String student(HttpServletRequest request){  
46.         return "success";  
47.     }  
48.   
49.     @RequestMapping("/teacher")  
50.     public String teacher(HttpServletRequest request){  
51.         return "success";  
52.     }  
53. }  

4.3完成自定义的realm

    上面用户登录会执行一个subject.login(token);这里会跳转到我们自定义的realm中，接下来就定义一下我们自己的realm,由于这里是和mybatis整合了，所以不需要原来的那个Dbutil去连接数据库了，直接使用mybatis中的mapper接口，也就是上面写的dao。

[java]  view plain  copy

1. public class MyRealm extends AuthorizingRealm {  
2.     @Resource  
3.     private UserServiceImpl userServiceImpl;  
4.   
5.     //为当前登录成功的用户授予权限和角色，已经登录成功了。  
6.     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {  
7.         String username=(String) principals.getPrimaryPrincipal();  
8.         SimpleAuthorizationInfo  authorizationInfo=new SimpleAuthorizationInfo();  
9.         authorizationInfo.setRoles(userServiceImpl.getRoles(username));  
10.         authorizationInfo.setStringPermissions(userServiceImpl.getPermissions(username));  
11.         return authorizationInfo;  
12.     }  
13.     //验证当前登录的用户，获取认证信息。  
14.     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {  
15.         String username=(String) token.getPrincipal();//获取用户名  
16.         User user=userServiceImpl.getByUsername(username);  
17.         if(user!=null){  
18.             AuthenticationInfo authcInfo =new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),"myRealm");  
19.             return authcInfo;  
20.         }else{  
21.             return null;  
22.         }  
23.     }  
24. }  

5.几个jsp页面

login.jsp

[java]  view plain  copy

1. <body>  
2.     <form action="${pageContext.request.contextPath }/user/login.do" method="post">  
3.         username:<input type="text" name="username"/><br>  
4.         password:<input type="password" name="password"/><br>  
5.         <input type="submit" value="登录">${error}  
6.     </form>  
7. </body>  

success.jsp

[java]  view plain  copy

1. <body>  
2.     欢迎你${user.username}  
3.     <a href="/user/logout.do">退出</a>  
4. </body>  

unauthorized.jsp

[java]  view plain  copy

1. <body>  
2.      认证未通过，或者权限不足  
3.      <a href="${pageContext.request.contextPath}/user/login.do">退出</a>  
4. </body>  

6.测试

    根据spring的配置文件中对shiro的url拦截配置，我们首先请求：http://localhost:8080/shiro-demo/user/admin.do来测试身份认证，然后会跳转到登录页面让我们登录，登录成功后，再次请求这个url就会进入success.jsp页面了。

    再测试角色和权限认证，可以先后输入http://localhost:8080/shiro-demo/user/student.do来测试角色认证，输入http://localhost:8080/shiro-demo/user/teacher.do来测试权限认证。通过登陆不同的用户去测试即可。

参考这个博主的：http://blog.csdn.net/sanluo11/article/details/60581067