Apache Shiro Learning Note (v) Web integration extensions

Ruchunli's work notes , a good memory is worse than a bad pen

Http://shiro.apache.org/web-features.html

Basic-based Interceptor authentication

Shiro-authc-basic.ini

# Basic-based Interceptor authentication [main]# default is/login.jspauthc.loginurl=/loginauthcbasic.applicationname= please login [users]# username = password, role lucl= 123456,adminwang=123456[roles]admin=user:*,menu:*[urls]/login=anon/static/**=anon/role=authcbasic,roles[admin] /permission=authcbasic,perms["User:create"]/logout=logout

Authcbasic is an instance of the Org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter type.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/85/3E/wKiom1ed84CSm1bFAAFvN61mtmc158.jpg "title=" Qq20160731204706.jpg "alt=" Wkiom1ed84csm1bfaafvn61mtmc158.jpg "/>

Note: Since the login at this time is the filter to achieve, in the INI file, the user name = password, the password is clear-text storage, no longer applicable/login logon method (the servlet password is encrypted).

Form-Based Interceptor authentication

Shiro-form-filter.ini

# Basic-based Interceptor authentication [main]authc.loginurl=/loginformauthc.usernameparam=usernameauthc.passwordparam= passwordauthc.successurl=/shiro/admin/success.jspauthc.failurekeyattribute=shirologinfailure[users]# User name = password, Character Lucl=123456,adminwang=123456[roles]admin=user:*,menu:*[urls]/loginform=authc/static/**=anon/role=authc,roles [admin]/permission=authc,perms["User:create"]/logout=logout

Description

AUTHC is an instance of the Org.apache.shiro.web.filter.authc.FormAuthenticationFilter type that is used for real
Now forms-based authentication.

Specify the login form when authenticating with loginurl;

USERNAMEPARAM Specifies the name of the user name parameter that the login form submits;

PASSWORDPARAM Specifies the password parameter name submitted by the login form;

SUCCESSURL Specifies the default address for redirection after a successful login (the default is "/") (if there is a previous address that will automatically redirect the address);

Failurekeyattribute Specifies the Request property key (default shirologinfailure) when login fails, so you can get the error in the Login form key to display the corresponding error message;

Loginformservlet

package com.invicme.apps.servlet.form;import java.io.ioexception;import  javax.servlet.servletexception;import javax.servlet.annotation.webservlet;import  javax.servlet.http.httpservlet;import javax.servlet.http.httpservletrequest;import  javax.servlet.http.httpservletresponse;import org.apache.shiro.securityutils;import  org.apache.shiro.authc.incorrectcredentialsexception;import  org.apache.shiro.authc.unknownaccountexception;import org.apache.shiro.subject.subject;/** * @ author lucl */@WebServlet ("/loginform") public class loginformservlet extends  httpservlet {    private static final long serialversionuid  = 1l;    public loginformservlet ()  {         super ();     }    protected void doget ( httpservletrequest request,             httpservletresponse response)   throws servletexception, ioexception {         This.dopost (Request, response);    }    protected void  DoPost (Httpservletrequest request, httpservletresponse response)  throws  servletexception, ioexception {        string  errorclassname =  (String) request.getattribute ("Shirologinfailure");         String msg =  "";                 subject subject = securityutils.getsubject ();                 if ( UnknownAccountException.class.getName (). Equals (Errorclassname))  {&NBsp;           msg =  "username/password Error";         } else if (IncorrectCredentialsException.class.getName (). Equals ( Errorclassname))  {            msg =   "username/password Error";         } else if (errorclassname !=  null)  {            msg =  " Unknown error: " + errorClassName;        }         request.setattribute ("msg",  msg);         Request.setattribute ("Subject",  subject);         Request.getrequestdispatcher ("shiro/admin/loginform.jsp"). Forward (Request, response);     }}

loginform.jsp

<%@ page language= "java"  contenttype= "Text/html; charset=utf-8"     pageencoding= "UTF-8"%><! doctype html public  "-//w3c//dtd html 4.01 transitional//en"   "HTTP// Www.w3.org/TR/html4/loose.dtd ">

1. Visit http://localhost:8080/invicme/role
2. Jump to Http://localhost:8080/invicme/loginForm
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/3E/wKiom1ed9dfi99IIAAEgU6gb5gE342.jpg "title=" Qq20160731205626.jpg "alt=" Wkiom1ed9dfi99iiaaegu6gb5ge342.jpg "/>
3, enter the user name password, jump to http://localhost:8080/invicme/role corresponding page

This article is from the "world of Stuffy Gourd" blog, please be sure to keep this source http://luchunli.blog.51cto.com/2368057/1832556
Apache Shiro Learning Note (v) Web integration extensions