Ruchunli's work notes , a good memory is worse than a bad pen
Http://shiro.apache.org/web-features.html
Basic-based Interceptor authentication
Shiro-authc-basic.ini
# Basic-based Interceptor authentication [main]# default is/login.jspauthc.loginurl=/loginauthcbasic.applicationname= please login [users]# username = password, role lucl= 123456,adminwang=123456[roles]admin=user:*,menu:*[urls]/login=anon/static/**=anon/role=authcbasic,roles[admin] /permission=authcbasic,perms["User:create"]/logout=logout
Authcbasic is an instance of the Org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter type.
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/85/3E/wKiom1ed84CSm1bFAAFvN61mtmc158.jpg "title=" Qq20160731204706.jpg "alt=" Wkiom1ed84csm1bfaafvn61mtmc158.jpg "/>
Note: Since the login at this time is the filter to achieve, in the INI file, the user name = password, the password is clear-text storage, no longer applicable/login logon method (the servlet password is encrypted).
Form-Based Interceptor authentication
Shiro-form-filter.ini
# Basic-based Interceptor authentication [main]authc.loginurl=/loginformauthc.usernameparam=usernameauthc.passwordparam= passwordauthc.successurl=/shiro/admin/success.jspauthc.failurekeyattribute=shirologinfailure[users]# User name = password, Character Lucl=123456,adminwang=123456[roles]admin=user:*,menu:*[urls]/loginform=authc/static/**=anon/role=authc,roles [admin]/permission=authc,perms["User:create"]/logout=logout
Description
AUTHC is an instance of the Org.apache.shiro.web.filter.authc.FormAuthenticationFilter type that is used for real
Now forms-based authentication.
Specify the login form when authenticating with loginurl;
USERNAMEPARAM Specifies the name of the user name parameter that the login form submits;
PASSWORDPARAM Specifies the password parameter name submitted by the login form;
SUCCESSURL Specifies the default address for redirection after a successful login (the default is "/") (if there is a previous address that will automatically redirect the address);
Failurekeyattribute Specifies the Request property key (default shirologinfailure) when login fails, so you can get the error in the Login form key to display the corresponding error message;
Loginformservlet
package com.invicme.apps.servlet.form;import java.io.ioexception;import javax.servlet.servletexception;import javax.servlet.annotation.webservlet;import javax.servlet.http.httpservlet;import javax.servlet.http.httpservletrequest;import javax.servlet.http.httpservletresponse;import org.apache.shiro.securityutils;import org.apache.shiro.authc.incorrectcredentialsexception;import org.apache.shiro.authc.unknownaccountexception;import org.apache.shiro.subject.subject;/** * @ author lucl */@WebServlet ("/loginform") public class loginformservlet extends httpservlet { private static final long serialversionuid = 1l; public loginformservlet () { super (); } protected void doget ( httpservletrequest request, httpservletresponse response) throws servletexception, ioexception { This.dopost (Request, response); } protected void DoPost (Httpservletrequest request, httpservletresponse response) throws servletexception, ioexception { string errorclassname = (String) request.getattribute ("Shirologinfailure"); String msg = ""; subject subject = securityutils.getsubject (); if ( UnknownAccountException.class.getName (). Equals (Errorclassname))  {&NBsp; msg = "username/password Error"; } else if (IncorrectCredentialsException.class.getName (). Equals ( Errorclassname)) { msg = "username/password Error"; } else if (errorclassname != null) { msg = " Unknown error: " + errorClassName; } request.setattribute ("msg", msg); Request.setattribute ("Subject", subject); Request.getrequestdispatcher ("shiro/admin/loginform.jsp"). Forward (Request, response); }}
loginform.jsp
<%@ page language= "java" contenttype= "Text/html; charset=utf-8" pageencoding= "UTF-8"%><! doctype html public "-//w3c//dtd html 4.01 transitional//en" "HTTP// Www.w3.org/TR/html4/loose.dtd ">
1. Visit http://localhost:8080/invicme/role
2. Jump to Http://localhost:8080/invicme/loginForm
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/3E/wKiom1ed9dfi99IIAAEgU6gb5gE342.jpg "title=" Qq20160731205626.jpg "alt=" Wkiom1ed9dfi99iiaaegu6gb5ge342.jpg "/>
3, enter the user name password, jump to http://localhost:8080/invicme/role corresponding page
This article is from the "world of Stuffy Gourd" blog, please be sure to keep this source http://luchunli.blog.51cto.com/2368057/1832556
Apache Shiro Learning Note (v) Web integration extensions