Apache Shiro Notes collation of Web integration one

The following is a look at the Brother Tao's "learn Shiro with Me" and the video "a plunge into the Shiro" after the preparation of the memo and facilitate themselves and other people to learn.

Personal homepage:http://www.itit123.cn/ Many other dry goods waiting for you to get

Step one: Create a maven version of the Web project: http://blog.csdn.net/qq_19558705/article/details/49887717

Required after creation: right-click on Project----> build path----> Config build path----> Add library----> Server Runtime----> choose the right To avoid "thesuperclass" Javax.servlet.http.HttpServlet "is not found on the Java Build Path" Error

Step two: Import the relevant jar

<!--log Management--><dependency><groupid>log4j</groupid><artifactid>log4j</artifactid ><version>1.2.17</version></dependency><dependency><groupid>commons-logging </groupid><artifactid>commons-logging</artifactid><version>1.2</version></ dependency><!--Shiro--><dependency><groupid>org.apache.shiro</groupid>< artifactid>shiro-core</artifactid><version>1.2.4</version></dependency>< Dependency><groupid>org.apache.shiro</groupid><artifactid>shiro-web</artifactid> <version>1.2.4</version></dependency><dependency><groupid>org.slf4j</groupid ><artifactId>slf4j-api</artifactId><version>1.7.12</version></dependency>

Step Three: Configure the Web. xml file (The configuration method is to load the Shiro.ini method, not in actual development, able to crossing Web documents)

<!--Shiro Monitor--><listener><listener-class>org.apache.shiro.web.env.environmentloaderlistener </listener-class></listener><!--Shiro Intercept--><filter><filter-name>shirofilter</ Filter-name><filter-class>org.apache.shiro.web.servlet.shirofilter</filter-class></filter ><filter-mapping><filter-name>shirofilter</filter-name><url-pattern>/*</ Url-pattern></filter-mapping>

Fourth Step: Authentication

Shiro.ini file:

[main] #用户登入路径authc. Loginurl=/login[users]itdragon=123456,admin[urls] #该路径为匿名登入/login=anon# authentication after you log in/ADMIN=AUTHC

LOGIN.JSP:

<%@ page language= "java" contenttype= "text/html; Charset=utf-8 "pageencoding=" Utf-8 "%><! DOCTYPE html>

Loginservlet:
Package Com.shiro.servlet;import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.annotation.webservlet;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import Org.apache.shiro.securityutils;import Org.apache.shiro.authc.usernamepasswordtoken;import Org.apache.shiro.subject.Subject, @WebServlet ("/login") public class Loginservlet extends HttpServlet {private static Final long serialversionuid = 1l;protected void doget (httpservletrequest request,httpservletresponse response) throws Servletexception, IOException {System.out.println ("login doget ... "); Request.getrequestdispatcher (" login.jsp "). Forward (request, response);} protected void DoPost (HttpServletRequest request,httpservletresponse response) throws Servletexception, IOException { SYSTEM.OUT.PRINTLN ("Login doPost ... "); String userName = Request.getparameter ("UserName"); String Password = request.getparameter ("password"); Subject Subject = Securityutils.getsubject (); Usernamepasswordtoken token = new Usernamepasswordtoken (Username,password); try {subject.login (token); Response.sendredirect ("success.jsp");} catch (Exception e) {e.printstacktrace (); Request.setattribute ("ErrorInfo", "Username or password error"); Request.getrequestdispatcher ("login.jsp"). Forward (request, response);}}

Browse through the browser to find: Not logged in access to the/admin will jump to the login page, if logged in after the interview can enter the Success page, indicating the success of authentication. 

Fifth Step: Authority authentication
Shiro file:
[main] #用户登入路径authc. loginurl=/login# Role Validation roles.unauthorizedurl=/unauthorized.jsp# permission validation perms.unauthorizedurl=/ Unauthorized.jsp[users]itdragon=123456,adminteacher1=123456,teacherstudent1=123456[roles]admin=user:*teacher= Student:*[urls] #该路径为匿名登入/login=anon# Authentication Ability Login/admin=authc# The path verifies that the teacher role is in place/student=roles[teacher]# The path verifies whether the role has permissions/teacher=perms["Admin:delete"]

unauthorized.jsp:
<%@ page language= "java" contenttype= "text/html; Charset=utf-8 "    pageencoding=" Utf-8 "%><! DOCTYPE html>

Visit /student in the browser. Will skip to the login page for authentication. And then infer whether the user advocates for teacher role permissions
In the browser, ask/teacher to infer whether the user has this permission.
Because the corresponding servlet is not prepared, the correct case will show 404, and if you do not have permission, you will be skipped to the unauthorized.jsp page. 

This completes the HelloWorld of Shiro in the Web, followed by a specific note.

Source code Download Path: http://download.csdn.net/detail/qq_19558705/9449892


 
Apache Shiro Notes collation of Web integration one