shiro环境搭建
参考shiro官方文档进行学习http://shiro.apache.org/java-authentication-guide.html
1.环境搭建
采用eclipse + maven + jetty插件的方式
使用版本1.2.4
pom文件内容
1 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
3 <modelVersion>4.0.0</modelVersion>
4 <groupId>com.kite</groupId>
5 <artifactId>shiro</artifactId>
6 <packaging>war</packaging>
7 <version>0.0.1-SNAPSHOT</version>
8 <name>shiro Maven Webapp</name>
9 <url>http://maven.apache.org</url>
10 <properties>
11 <shiro.version>1.2.4</shiro.version>
12 </properties>
13 <dependencies>
14 <dependency>
15 <groupId>junit</groupId>
16 <artifactId>junit</artifactId>
17 <version>4.10</version>
18 <scope>test</scope>
19 </dependency>
20 <dependency>
21 <groupId>org.apache.shiro</groupId>
22 <artifactId>shiro-core</artifactId>
23 <version>${shiro.version}</version>
24 </dependency>
25 <dependency>
26 <groupId>org.apache.shiro</groupId>
27 <artifactId>shiro-web</artifactId>
28 <version>${shiro.version}</version>
29 </dependency>
30 <dependency>
31 <groupId>org.apache.shiro</groupId>
32 <artifactId>shiro-ehcache</artifactId>
33 <version>${shiro.version}</version>
34 </dependency>
35 <dependency>
36 <groupId>javax.servlet</groupId>
37 <artifactId>javax.servlet-api</artifactId>
38 <version>3.0.1</version>
39 </dependency>
40 </dependencies>
41 <build>
42 <finalName>shiro</finalName>
43 <plugins>
44 <!-- jetty插件 -->
45 <plugin>
46 <groupId>org.mortbay.jetty</groupId>
47 <artifactId>maven-jetty-plugin</artifactId>
48 <version>6.1.5</version>
49 <configuration>
50 <webAppSourceDirectory>src/main/webapp</webAppSourceDirectory>
51 <scanIntervalSeconds>3</scanIntervalSeconds>
52 <contextPath>/</contextPath>
53 <connectors>
54 <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
55 <port>80</port>
56 </connector>
57 </connectors>
58 </configuration>
59 </plugin>
60 </plugins>
61 </build>
62 </project>
web.xml配置
1 <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
3 http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
4 version="2.4">
5 <display-name>Archetype Created Web Application</display-name>
6 <listener>
7 <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
8 </listener>
9
10 <filter>
11 <filter-name>ShiroFilter</filter-name>
12 <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
13 </filter>
14
15 <filter-mapping>
16 <filter-name>ShiroFilter</filter-name>
17 <url-pattern>/*</url-pattern>
18 <dispatcher>REQUEST</dispatcher>
19 <dispatcher>FORWARD</dispatcher>
20 <dispatcher>INCLUDE</dispatcher>
21 <dispatcher>ERROR</dispatcher>
22 </filter-mapping>
23 <servlet>
24 <servlet-name>LoginServlet</servlet-name>
25 <servlet-class>com.kite.servlet.LoginServlet</servlet-class>
26 </servlet>
27 <servlet-mapping>
28 <servlet-name>LoginServlet</servlet-name>
29 <url-pattern>/login</url-pattern>
30 </servlet-mapping>
31 </web-app>
View Code shiro.ini配置后期会采用数据库的方式,只需要简单了解即可,users表示当前可用登录用户,urls表示连接, authc表示需要登录hour才能使用,anon表示无需登录就可以使用
1
2
3
4 kite=aaa123456
5 tom=kite
6
7 /index.jsp=authc
8 /login.jsp=anon
9 /login=anon
10 /index=authc
login.jsp页面用来登录
<!DOCTYPE html>
<body>
<h2>Hello World!</h2>
<form action="login">
username:<input type="text" name="username" /><br/>
password:<input type="text" name="password" /><br/>
<input type="submit"/>
</form>
</body>
</html>
loginServlet
1 package com.kite.servlet;
2
3 import java.io.IOException;
4
5 import javax.servlet.ServletException;
6 import javax.servlet.http.HttpServlet;
7 import javax.servlet.http.HttpServletRequest;
8 import javax.servlet.http.HttpServletResponse;
9
10 import org.apache.shiro.SecurityUtils;
11 import org.apache.shiro.authc.AuthenticationException;
12 import org.apache.shiro.authc.ExcessiveAttemptsException;
13 import org.apache.shiro.authc.IncorrectCredentialsException;
14 import org.apache.shiro.authc.LockedAccountException;
15 import org.apache.shiro.authc.UnknownAccountException;
16 import org.apache.shiro.authc.UsernamePasswordToken;
17 import org.apache.shiro.subject.Subject;
18
19 /**
20* Servlet implementation class LoginServlet
21*/
22 public class LoginServlet extends HttpServlet {
23 private static final long serialVersionUID = 1L;
24
25 /**
26 * @see HttpServlet#HttpServlet()
27 */
28 public LoginServlet() {
29 super();
30 // TODO Auto-generated constructor stub
31 }
32
33 /**
34 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
35 * response)
36 */
37 protected void doGet(HttpServletRequest request,
38 HttpServletResponse response) throws ServletException, IOException {
39 this.doPost(request, response);
40 }
41
42 /**
43 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
44 * response)
45 */
46 protected void doPost(HttpServletRequest request,
47 HttpServletResponse response) throws ServletException, IOException {
48 String username = request.getParameter("username");
49 String password = request.getParameter("password");
50 UsernamePasswordToken token = new UsernamePasswordToken(username,
51 password);
52 Subject subject = SecurityUtils.getSubject();
53 String emsg = null;
54 try {
55 subject.login(token);
56 } catch (UnknownAccountException uae) {
57 emsg = "账号不存在";
58 } catch (IncorrectCredentialsException ice) {
59 emsg = "密码错误";
60 } catch (LockedAccountException lae) {
61 emsg = "账号已锁定";
62 } catch (ExcessiveAttemptsException eae) {
63 emsg = "重试次数超限";
64 } catch (AuthenticationException ae) {
65 emsg = "其他错误:" + ae.getMessage();
66 }
67 System.out.println(emsg);
68 if(emsg == null) {
69 request.getRequestDispatcher("index.jsp").forward(request, response);
70 } else {
71 response.sendRedirect(request.getContextPath() + "/login.jsp");
72 }
73 }
74
75 }
index.jsp页面
1 <html>
2 <body>
3 <h2>Hello World!</h2>
4 </body>
5 </html>
同过一个简单的helloWord案例来进入shiro
页:
[1]