Apache Shiro教程(四)Spring框架集成
1、配置web.xml1
2
6
7 contextConfigLocation
8
9 /WEB-INF/applicationContext.xml
10 /WEB-INF/shiro-security.xml
11
12
13
14 org.springframework.web.context.ContextLoaderListener
15
16
17 org.springframework.web.util.Log4jConfigListener
18
19
20
21 characterEncodingFilter
22 org.springframework.web.filter.CharacterEncodingFilter
23
24 encoding
25 UTF-8
26
27
28
29 characterEncodingFilter
30 /*
31
32
33
34 shiroFilter
35 org.springframework.web.filter.DelegatingFilterProxy
36
37 targetFilterLifecycle
38 true
39
40
41
42 shiroFilter
43 /*
44
45
46
47
48 dispatch
49 org.springframework.web.servlet.DispatcherServlet
50
51
52 dispatch
53 /
54
55
56 default
57 *.css
58
59
60 default
61 *.gif
62
63
64 default
65 *.jpg
66
67
68 default
69 *.jpeg
70
71
72 default
73 *.png
74
75
76 default
77 *.js
78
79
80 default
81 *.html
82
83
84
85 index.html
86 index.htm
87 index.jsp
88
89
90
2、配置Spring相关文件
shiro-security.xml
1
2
3
4
5
6
7
8 /index.jsp = anon
9 /logout = logout
10 /app/* = anon
11 /** = authc
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
3、控制器
1 package com.cnblogs.javalouvre.controller;
2
3 import javax.servlet.http.HttpServletRequest;
4
5 import org.apache.commons.lang.StringUtils;
6 import org.apache.shiro.SecurityUtils;
7 import org.apache.shiro.authc.IncorrectCredentialsException;
8 import org.apache.shiro.authc.LockedAccountException;
9 import org.apache.shiro.authc.UnknownAccountException;
10 import org.apache.shiro.authc.UsernamePasswordToken;
11 import org.apache.shiro.subject.Subject;
12 import org.apache.shiro.web.util.WebUtils;
13 import org.slf4j.Logger;
14 import org.slf4j.LoggerFactory;
15 import org.springframework.stereotype.Controller;
16 import org.springframework.web.bind.annotation.RequestMapping;
17
18 @Controller
19 @RequestMapping("/app")
20 public class AppController {
21
22 private static final Logger logger = LoggerFactory.getLogger(AppController.class);
23
24 @RequestMapping("/index")
25 public String handleInit() {
26 return "/app/login";
27 }
28
29 @RequestMapping("/login")
30 public String handleLogin(HttpServletRequest request) {
31 String message = "";
32 Subject subject = SecurityUtils.getSubject();
33 if (!subject.isAuthenticated()) {
34 String username = WebUtils.getCleanParam(request, "username");
35 String password = WebUtils.getCleanParam(request, "password");
36 String rememberMe = WebUtils.getCleanParam(request, "rememberMe");
37
38 UsernamePasswordToken token = new UsernamePasswordToken(username, password);
39 if (StringUtils.isNotBlank(rememberMe)) {
40 token.setRememberMe(true);
41 }
42 try {
43 subject.login(token);
44 } catch (UnknownAccountException uae) {
45 logger.info("There is no user with username of " + token.getPrincipal());
46 message = "用户 " + token.getPrincipal() + " 不存在!";
47 } catch (IncorrectCredentialsException ice) {
48 logger.info("Password for account " + token.getPrincipal() + " was incorrect!");
49 message = "用户 " + token.getPrincipal() + " 密码输入有误!";
50 } catch (LockedAccountException lae) {
51 logger.info("The account for username " + token.getPrincipal() + " is locked.Please contact your administrator to unlock it.");
52 message = "帐号 " + token.getPrincipal() + " 已锁,请联系管理员解锁!";
53 }
54 token.clear();
55
56 if (StringUtils.isNotBlank(message)) {
57 request.setAttribute("username", username);
58 request.setAttribute("rememberMe", rememberMe);
59 request.setAttribute("error", message);
60
61 return "/app/login";
62 }
63 }
64 return "/app/main";
65 }
66
67 }
示例下载
页:
[1]