Apache Shiro Web許可權控制(1)
阿新 • • 發佈:2018-11-30
Shiro官方文件:http://shiro.apache.org/web.html#Web-configuration
①建立一個maven web工程
②新增依賴
<dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api 新增servlet支援 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> <!-- https://mvnrepository.com/artifact/javax.servlet.jsp/jsp-api jsp--> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>2.2</version> <scope>provided</scope> </dependency> <!-- https://mvnrepository.com/artifact/javax.servlet.jsp.jstl/jstl jstl支援 --> <dependency> <groupId>javax.servlet.jsp.jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <!-- https://mvnrepository.com/artifact/log4j/log4j 新增日誌支援--> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.12</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core Shiro核心包--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.2.4</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-web shiro-web支援--> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-web</artifactId> <version>1.2.4</version> </dependency> </dependencies>
③ 配置web.xml檔案
④在/WEB-INF/資料夾下建立一個配置檔案 shiro.ini 不可更改名字
[main] authc.loginUrl=/login roles.unauthorizedUrl=/unauthorized.jsp perms.unauthorizedUrl=/unauthorized.jsp [users] java=123456,admin jack=123,teacher mary=123,student [roles] admin=*:* teacher=teacher:query student=student:query [urls] /login=anon /admin=authc /student=roles[teacher] /teacher=perms["teacher:query","teacher:add"]
⑤ 建立一個LoginServlet
public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub System.out.println("loginServlet 登入操作doget方法"); request.getRequestDispatcher("/login.jsp").forward(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub System.out.println("登入操作 dopost方法"); String username = request.getParameter("userName"); String password = request.getParameter("password"); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(username, password); try{ subject.login(token); System.out.println("登入成功!"); response.sendRedirect(request.getContextPath()+"/success.jsp"); }catch(Exception e){ e.printStackTrace(); System.out.println("登陸失敗!"); request.setAttribute("errorInfo", "使用者名稱或密碼錯誤"); request.getRequestDispatcher("login.jsp").forward(request, response); } } }
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="<%=basePath %>login" method="post">
username:<input type="text" name="userName"><br/>
password:<input type="password" name="password"><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
......
其中最重要的配置為 /WEB-INF/資料夾下的shiro.ini的配置檔案
[main]
authc.loginUrl=/login =====================登入驗證若沒有通過則跳轉到login下
roles.unauthorizedUrl=/unauthorized.jsp =====================角色認證未通過 到/unauthorized.jsp
perms.unauthorizedUrl=/unauthorized.jsp ====================== 許可權認證未通過到/unauthorized.jsp下
[users]
java=123456,admin
jack=123,teacher
mary=123,student
[roles]
admin=*:*
teacher=teacher:query
student=student:query
[urls]
/login=anon
/admin=authc
/student=roles[teacher]
/teacher=perms["teacher:query","teacher:add"]
紅色標識不可改變!!!