Apache Shiro学习笔记(五)Web集成扩展
鲁春利的工作笔记,好记性不如烂笔头http://shiro.apache.org/web-features.html
基于Basic的拦截器身份验证
shiro-authc-basic.ini
# 基于Basic的拦截器身份验证
# 默认是/login.jsp
authc.loginUrl=/login
authcBasic.applicationName=请登录
# 用户名=密码,角色
lucl=123456,admin
wang=123456
admin=user:*,menu:*
/login=anon
/static/**=anon
/role=authcBasic,roles
/permission=authcBasic,perms["user:create"]
/logout=logout authcBasic是org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter类型的实例。
说明:由于此时的登录是Filter来实现的,在ini文件中,用户名=密码,密码是明文存储的,不再适用/login登录方式(Servlet中密码是加密过的)。
基于表单的拦截器身份验证
shiro-form-filter.ini
# 基于Basic的拦截器身份验证
authc.loginUrl=/loginForm
authc.usernameParam=username
authc.passwordParam=password
authc.successUrl=/shiro/admin/success.jsp
authc.failureKeyAttribute=shiroLoginFailure
# 用户名=密码,角色
lucl=123456,admin
wang=123456
admin=user:*,menu:*
/loginForm=authc
/static/**=anon
/role=authc,roles
/permission=authc,perms["user:create"]
/logout=logout 说明:
authc 是org.apache.shiro.web.filter.authc.FormAuthenticationFilter 类型的实例,其用于实
现基于表单的身份验证。
通过loginUrl指定当身份验证时的登录表单;
usernameParam指定登录表单提交的用户名参数名;
passwordParam指定登录表单提交的密码参数名;
successUrl指定登录成功后重定向的默认地址(默认是“/”)(如果有上一个地址会自动重定向带该地址);
failureKeyAttribute指定登录失败时的request属性key(默认shiroLoginFailure);这样可以在登录表单得到该错误key显示相应的错误消息;
LoginFormServlet
package com.invicme.apps.servlet.form;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.subject.Subject;
/**
* @author lucl
*/
@WebServlet("/loginForm")
public class LoginFormServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public LoginFormServlet() {
super();
}
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String errorClassName = (String)request.getAttribute("shiroLoginFailure");
String msg = "";
Subject subject = SecurityUtils.getSubject();
if(UnknownAccountException.class.getName().equals(errorClassName)) {
msg = "用户名/密码错误";
} else if(IncorrectCredentialsException.class.getName().equals(errorClassName)) {
msg = "用户名/密码错误";
} else if(errorClassName != null) {
msg = "未知错误:" + errorClassName;
}
request.setAttribute("msg", msg);
request.setAttribute("subject", subject);
request.getRequestDispatcher("shiro/admin/loginForm.jsp").forward(request, response);
}
}
loginForm.jsp
登录页
This is login page.${msg}
用户名:
密码:
1、访问http://localhost:8080/invicme/role
2、跳转到http://localhost:8080/invicme/loginForm
3、输入用户名密码,跳转到http://localhost:8080/invicme/role对应页面
页:
[1]