Shiro 集成 Web 配置
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<!-- 添加shiro支持 -->
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> ---------------------------------------------------------------------------------------
[main]
authc.loginUrl=/login 没登录的话先进行身份认证
roles.unauthorizedUrl=/unauthorized.jsp
//权限不够
perms.unauthorizedUrl=/unauthorized.jsp
/权限不够
[users]
java1234=123456,admin
jack=123,teacher
marry=234
json=345
[roles]
admin=user:*
teacher=student:*
[urls]
/login=anon
/admin=authc
/student=roles[teacher] 请求/student这个url必须有一个用户里角色为teacher的用户
/teacher=perms["user:create"]
---------------------------------------------------------------------------------------------------------------------------
public class LoginServlet extends HttpServlet{
authc.loginUrl=/login 没登录的话先进行身份认证
roles.unauthorizedUrl=/unauthorized.jsp
//权限不够
perms.unauthorizedUrl=/unauthorized.jsp
/权限不够
[users]
java1234=123456,admin
jack=123,teacher
marry=234
json=345
[roles]
admin=user:*
teacher=student:*
[urls]
/login=anon
/admin=authc
/student=roles[teacher] 请求/student这个url必须有一个用户里角色为teacher的用户
/teacher=perms["user:create"]
---------------------------------------------------------------------------------------------------------------------------
public class LoginServlet extends HttpServlet{
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// TODO Auto-generated method stub
System.out.println("login doget");
req.getRequestDispatcher("login.jsp").forward(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
System.out.println("login dopost");
String userName=req.getParameter("userName");
String password=req.getParameter("password");
Subject subject=SecurityUtils.getSubject();
UsernamePasswordToken token=new UsernamePasswordToken(userName, password);
try{
subject.login(token);
Session session = subject.getSession();
System.out.println("sessionId:"+session.getId());
System.out.println("sessionHost:"+session.getHost());
System.out.println("sessionTimeout:"+session.getTimeout());
session.setAttribute("info", "session的数据");
resp.sendRedirect("success.jsp");
}catch(Exception e){
e.printStackTrace();
req.setAttribute("errorInfo", "用户名或者密码错误");
req.getRequestDispatcher("login.jsp").forward(req, resp);
}
}
--------------------------------------------------------------------------------------------
<body>欢迎你!
<shiro:hasRole name="admin">
欢迎有admin角色的用户
</shiro:hasRole>
<shiro:hasPermission name="student:create">
欢迎有student:create权限的用户
<shiro:principal/>
</shiro:hasPermission>
</body>
<body>欢迎你!
<shiro:hasRole name="admin">
欢迎有admin角色的用户
</shiro:hasRole>
<shiro:hasPermission name="student:create">
欢迎有student:create权限的用户
<shiro:principal/>
</shiro:hasPermission>
</body>