第一步:建立一个maven web项目,引入jar包:
| <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency>
<dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.1</version> </dependency>
<!-- 添加jstl支持 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency>
<dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency>
<dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency>
<!-- 添加shiro支持 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.4</version> </dependency>
<!-- 添加shiroweb支持 --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.4</version> </dependency>
<dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.12</version> </dependency> |
第二步:修改web.xml,设置拦截器
| <!-- 第一种方式集成web --> <listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener>
<!-- 第二种方式集成web ,在第一种的基础之上,再加上如下--> <!-- 添加shiro支持 --> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter> <!-- 代表过滤所有请求 --> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
<servlet> <servlet-name>loginServlet</servlet-name> <servlet-class>com.java1234.servlet.LoginServlet</servlet-class> </servlet>
<servlet-mapping> <servlet-name>loginServlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping>
<servlet> <servlet-name>adminServlet</servlet-name> <servlet-class>com.java1234.servlet.AdminServlet</servlet-class> </servlet>
<servlet-mapping> <servlet-name>adminServlet</servlet-name> <url-pattern>/admin</url-pattern> </servlet-mapping>
|
第三步,设置shiro.ini文件。放在WEB-INF下面
第四步:写一个登陆拦截类,LoginServlet,一个用户管理拦截类,adminServlet
| public class LoginServlet extends HttpServlet{ private static final long serialVersionUID = 1209977306501176672L;
@Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("login doget()"); //转发到login页面 req.getRequestDispatcher("login.jsp").forward(req, resp); }
@Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("LoginServlet.doPost()"); String userName=req.getParameter("userName"); String password=req.getParameter("password"); Subject subject=SecurityUtils.getSubject(); UsernamePasswordToken token=new UsernamePasswordToken(userName, password); try { subject.login(token);//登录成功就会跳转到成功页面 resp.sendRedirect("success.jsp"); } catch (Exception e) { e.printStackTrace(); req.setAttribute("errorInfo", "用户名或者密码错误!"); //登录失败//转发到login页面 req.getRequestDispatcher("login.jsp").forward(req, resp); } } } |
| public class AdminServlet extends HttpServlet{ /** * */ private static final long serialVersionUID = -221998007523145697L;
@Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("admin doget()");
}
@Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("admin do doPost()");
} } |
第五步:写一个登陆页面
第六步:启动服务,输入:http://localhost:8080/ShiroWeb/admin
根据shiro.ini文件里面的内容,输入admin是需要进行身份验证的,所以输入上面的url会转发到login.jsp。
输入用户名密码后就会登陆成功转跳到success页面,此时,如果在url上直接输入http://localhost:8080/ShiroWeb/admin,就会根据AdminServlet拦截类的要求进入admin对应的页面。
总结:
上面讲的是authc,anon,用户认证,其实在shiro.ini里面还有其他的,比如角色认证(roles),权限认证(perms)
访问Url的权限设置如下:
