Apache Shiro Notes collation of Web integration one

Source: Internet
Author: User

The following is a look at the Brother Tao's "learn Shiro with Me" and the video "a plunge into the Shiro" after the preparation of the memo and facilitate themselves and other people to learn.

Personal homepage:http://www.itit123.cn/ Many other dry goods waiting for you to get

Step one: Create a maven version of the Web project: http://blog.csdn.net/qq_19558705/article/details/49887717

Required after creation: right-click on Project----> build path----> Config build path----> Add library----> Server Runtime----> choose the right To avoid "thesuperclass" Javax.servlet.http.HttpServlet "is not found on the Java Build Path" Error


Step two: Import the relevant jar

<!--log Management--><dependency><groupid>log4j</groupid><artifactid>log4j</artifactid ><version>1.2.17</version></dependency><dependency><groupid>commons-logging </groupid><artifactid>commons-logging</artifactid><version>1.2</version></ dependency><!--Shiro--><dependency><groupid>org.apache.shiro</groupid>< artifactid>shiro-core</artifactid><version>1.2.4</version></dependency>< Dependency><groupid>org.apache.shiro</groupid><artifactid>shiro-web</artifactid> <version>1.2.4</version></dependency><dependency><groupid>org.slf4j</groupid ><artifactId>slf4j-api</artifactId><version>1.7.12</version></dependency>

Step Three: Configure the Web. xml file (The configuration method is to load the Shiro.ini method, not in actual development, able to crossing Web documents)

<!--Shiro Monitor--><listener><listener-class>org.apache.shiro.web.env.environmentloaderlistener </listener-class></listener><!--Shiro Intercept--><filter><filter-name>shirofilter</ Filter-name><filter-class>org.apache.shiro.web.servlet.shirofilter</filter-class></filter ><filter-mapping><filter-name>shirofilter</filter-name><url-pattern>/*</ Url-pattern></filter-mapping>

Fourth Step: Authentication

Shiro.ini file:

[main] #用户登入路径authc. Loginurl=/login[users]itdragon=123456,admin[urls] #该路径为匿名登入/login=anon# authentication after you log in/ADMIN=AUTHC


LOGIN.JSP:

<%@ page language= "java" contenttype= "text/html; Charset=utf-8 "pageencoding=" Utf-8 "%><! DOCTYPE html>


Loginservlet:

Package Com.shiro.servlet;import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.annotation.webservlet;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import Org.apache.shiro.securityutils;import Org.apache.shiro.authc.usernamepasswordtoken;import Org.apache.shiro.subject.Subject, @WebServlet ("/login") public class Loginservlet extends HttpServlet {private static Final long serialversionuid = 1l;protected void doget (httpservletrequest request,httpservletresponse response) throws Servletexception, IOException {System.out.println ("login doget ... "); Request.getrequestdispatcher (" login.jsp "). Forward (request, response);} protected void DoPost (HttpServletRequest request,httpservletresponse response) throws Servletexception, IOException { SYSTEM.OUT.PRINTLN ("Login doPost ... "); String userName = Request.getparameter ("UserName"); String Password = request.getparameter ("password"); Subject Subject = Securityutils.getsubject (); Usernamepasswordtoken token = new Usernamepasswordtoken (Username,password); try {subject.login (token); Response.sendredirect ("success.jsp");} catch (Exception e) {e.printstacktrace (); Request.setattribute ("ErrorInfo", "Username or password error"); Request.getrequestdispatcher ("login.jsp"). Forward (request, response);}}

Browse through the browser to find: Not logged in access to the/admin will jump to the login page, if logged in after the interview can enter the Success page, indicating the success of authentication.


Fifth Step: Authority authentication

Shiro file:

[main] #用户登入路径authc. loginurl=/login# Role Validation roles.unauthorizedurl=/unauthorized.jsp# permission validation perms.unauthorizedurl=/ Unauthorized.jsp[users]itdragon=123456,adminteacher1=123456,teacherstudent1=123456[roles]admin=user:*teacher= Student:*[urls] #该路径为匿名登入/login=anon# Authentication Ability Login/admin=authc# The path verifies that the teacher role is in place/student=roles[teacher]# The path verifies whether the role has permissions/teacher=perms["Admin:delete"]

unauthorized.jsp:

<%@ page language= "java" contenttype= "text/html; Charset=utf-8 "    pageencoding=" Utf-8 "%><! DOCTYPE html>

Visit /student in the browser. Will skip to the login page for authentication. And then infer whether the user advocates for teacher role permissions

In the browser, ask/teacher to infer whether the user has this permission.

Because the corresponding servlet is not prepared, the correct case will show 404, and if you do not have permission, you will be skipped to the unauthorized.jsp page.


This completes the HelloWorld of Shiro in the Web, followed by a specific note.


Source code Download Path: http://download.csdn.net/detail/qq_19558705/9449892



Apache Shiro Notes collation of Web integration one

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.