Web 集成 Shiro 的练习项目。

Servlet + Shiro

项目结构

Shiro 集成 Web_apache

  • 新建Maven项目,pom配置如下
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.zhen.shiro</groupId>
  <artifactId>0322ShiroWeb</artifactId>
  <packaging>war</packaging>
  <version>0.0.1-SNAPSHOT</version>
  <name>0322ShiroWeb Maven Webapp</name>
  <url>http://maven.apache.org</url>
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    
    <!-- 添加servlet支持 -->
  <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>javax.servlet-api</artifactId>
      <version>3.1.0</version>
  </dependency>
    <!-- servlet end -->
    
    <!-- jsp -->
    <dependency>
      <groupId>javax.servlet.jsp</groupId>
      <artifactId>javax.servlet.jsp-api</artifactId>
      <version>2.3.1</version>
  </dependency>
  <!-- jsp end -->
    
    <!-- 添加 jstl 支持 -->
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>jstl</artifactId>
      <version>1.2</version>
  </dependency>
    
    <!-- 添加 log4j 日志支持  -->
    <dependency>
      <groupId>log4j</groupId>
      <artifactId>log4j</artifactId>
      <version>1.2.17</version>
  </dependency>
  <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
      <version>1.7.21</version>
  </dependency>
  
  <!-- commons-logging -->   
  <dependency>
      <groupId>commons-logging</groupId>
      <artifactId>commons-logging</artifactId>
      <version>1.2</version>
  </dependency>
    
    <!-- 添加 shiro 支持 -->
    <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-core</artifactId>
      <version>1.3.2</version>
  </dependency>
  <!-- 添加 shiro web 支持 -->
  <dependency>
      <groupId>org.apache.shiro</groupId>
      <artifactId>shiro-web</artifactId>
      <version>1.3.2</version>
  </dependency>
    
  </dependencies>
  <build>
    <finalName>0322ShiroWeb</finalName>
  </build>
</project>
  • 两个Servlet类
  • LoginServlet 代码如下
package com.zhen.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

public class LoginServlet extends HttpServlet{

  /**
   * 
   */
  private static final long serialVersionUID = 1L;

  @Override
  protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    // TODO Auto-generated method stub
    System.out.println("login doGet");
    req.getRequestDispatcher("login.jsp").forward(req, resp);
  }
  
  @Override
  protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

    System.out.println("login doPost");
    String userName = req.getParameter("userName");
    String password = req.getParameter("password");
    System.out.println("login:name="+userName+" password="+password);
    
    Subject currentUser = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
    try {
      currentUser.login(token);
      resp.sendRedirect("success.jsp");
    } catch (Exception e) {
      e.printStackTrace();
      req.setAttribute("errorInfo", "用户名或者密码错误");
      req.getRequestDispatcher("login.jsp").forward(req, resp);
    }
    
  }
}
  • AdminServlet 代码如下
package com.zhen.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class AdminServlet extends HttpServlet{

  /**
   * 
   */
  private static final long serialVersionUID = 1L;

  @Override
  protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    System.out.println("admin doGet");
  }
  
  @Override
  protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    System.out.println("admin doPost");
  }
}

  • 配置 web.xml 文件,如下
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  <display-name>0322ShiroWeb</display-name>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
  
  
  <listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
  </listener>
  
  <!-- 添加 shiro 支持 -->
  <filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
   <!--  <init-param>
      <param-name>configPath</param-name>
      <param-value>/WEB-INF/shiro.ini</param-value>
    </init-param> -->
  </filter>
  
  <filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <!-- <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher> -->
  </filter-mapping>
  
  <servlet>
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>com.zhen.servlet.LoginServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/login</url-pattern>
  </servlet-mapping>
  
  <servlet>
    <servlet-name>adminServlet</servlet-name>
    <servlet-class>com.zhen.servlet.AdminServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>adminServlet</servlet-name>
    <url-pattern>/admin</url-pattern>
  </servlet-mapping>
  
  
</web-app>
  • WEB-INF 下创建 shiro.ini文件,如下
[main]
authc.loginUrl=/login
roles.unauthorizedUrl=/unauthorized.jsp
perms.unauthorizedUrl=/unauthorized.jsp
[users]
zhen=123,admin
jack=jack,teacher
marry=marry
json=json
[roles]
admin=user:*
teacher=student:*
[urls]
/login=anon
/admin=authc
/admin?=authc
/admin*=authc
/admin/**=authc
/student=roles[teacher]
/teacher=perms[user:create]

项目大概就这么些东西,主要来看下 shiro.ini 文件中每行代表的意思

[main]

authc.loginUrl=/login  :身份验证的登录路径

roles.unauthorizedUrl=/unauthorized.jsp  :角色认证不通过要跳转到的路径

perms.unauthorizedUrl=/unauthorized.jsp  :权限认证不通过要跳转到的路径

[users]

zhen=123,admin   :zhen用户,密码为123,角色为admin

jack=jack,teacher :jack用户,密码为jack,角色为teacher

marry=marry    :marry用户,密码为marry

[roles]

admin=user:*    :admin角色拥有的权限为 user:*

teacher=student:* :teacher角色拥有的权限为 student:*

[urls]

/login=anon  : 表明 /login 此请求不需要进行身份认证

/admin=authc  : 表明 /admin 请求需要进行身份认证,身份认证的登录路径对应上边的 authc.loginUrl

/admin?=authc  : 表明 /admin? 请求需要进行身份认证,/admin? 可以匹配为 /admin1   /admin2,?匹配一个字符

/admin*=authc  : 表明 /admin* 请求需要进行身份认证,/admin* 可以匹配为 /admin1,/admin12,/admin, * 匹配零个、一个或多个字符

/admin/**=authc :表明 /admin/** 请求需要进行身份认证,/admin/** 可以匹配为 /admin/a , /admin/a/b, **匹配零个或多个路径

/student=roles[teacher]  : 表明 /student 请求只有角色为 teacher 的用户才能访问

/teacher=perms[user:create] : 表明 /teacher 请求只有拥有 user:create 权限的用户才能访问

url 匹配符 


  • 匹配一个字符
  • *
    匹配零个、一个或多个字符
  • **
    匹配零个或多个路径