This address: http://blog.csdn.net/sushengmiyan/article/details/39933993
Shiro Official Website: http://shiro.apache.org/
Shiro Chinese Manual: Http://wenku.baidu.com/link?url=ZnnwOHFP20LTyX5ILKpd_P94hICe9Ga154KLj_ 3ccdxpjwhw5evxt7sfr0b5qszyxokqg_fthed-rwqvi5ozytbrmaalhh8nfxnzyoow21k
This article Sushengmiyan
--------------------------------------------------------------------------------------------------------------- ---------------------
One. New Java Web Project named Shirodemo here
Two. Add the dependent jar package as follows:
Three. Add Web support for Shiro
As described in the first article, add the Webs.xml deployment description on this basis:
<listener> <listener-class>org.apache.shiro.web.env.environmentloaderlistener</ listener-class> </listener> <filter> <filter-name>shiro</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter> <filter-mapping> <filter-name>shiro</filter-name> <url-pattern>/*</ Url-pattern> </filter-mapping>
Four. Add JSP page Login button and tag support:
<% String user = Request.getparameter ("username"); String pwd = request.getparameter ("password"); if (user! = null && pwd! = null) {Subject sub = SECURITYUTILS.GETSUBJ ECT (); String context = Request.getcontextpath (); try{Sub.login (New Usernamepasswordtoken (User.touppercase (), PWD); OUT.PRINTLN ("Login Successful");} catch (Incorrectcredentialsexception e) {out.println ("{success:false,msg: ' username and password is incorrect! ‘}"); }catch (unknownaccountexception e) {out.println ("{success:false,msg: ' username does not exist! ‘}"); } return; %>
In the JSP page, add the user name and password login box.
Five. New Realm Implementation
Package Com.susheng.shiro;import Javax.annotation.postconstruct;import Org.apache.shiro.securityutils;import Org.apache.shiro.authc.authenticationexception;import Org.apache.shiro.authc.authenticationinfo;import Org.apache.shiro.authc.authenticationtoken;import Org.apache.shiro.authc.incorrectcredentialsexception;import Org.apache.shiro.authc.lockedaccountexception;import Org.apache.shiro.authc.simpleauthenticationinfo;import Org.apache.shiro.authc.unknownaccountexception;import Org.apache.shiro.authc.usernamepasswordtoken;import Org.apache.shiro.authc.credential.hashedcredentialsmatcher;import Org.apache.shiro.authz.AuthorizationInfo; Import Org.apache.shiro.authz.simpleauthorizationinfo;import Org.apache.shiro.cache.cachemanager;import Org.apache.shiro.realm.authorizingrealm;import Org.apache.shiro.subject.principalcollection;import Org.apache.shiro.subject.subject;import org.slf4j.logger;import org.slf4j.loggerfactory;//Certified Database Stores public class Shirorealm extends Authorizingrealm {publicLogger Logger = Loggerfactory.getlogger (GetClass ()), final static String authcachename = "Authcachename";p ublic static Final String hash_algorithm = "MD5";p ublic static final int hash_interations = 1;public Shirodbrealm () {//Authentication Super.setauth Enticationcachingenabled (false);//Authorization Super.setauthorizationcachename (authcachename);} Authorized @overrideprotected Authorizationinfo Dogetauthorizationinfo (principalcollection PrincipalCollection) {if (! Securityutils.getsubject (). IsAuthenticated ()) {Doclearcache (principalcollection); Securityutils.getsubject (). Logout (); return null;} Add roles and permissions information Simpleauthorizationinfo Sazi = new Simpleauthorizationinfo (); return Sazi;} Certified @overrideprotected authenticationinfo Dogetauthenticationinfo (Authenticationtoken token) throws authenticationexception {Usernamepasswordtoken Uptoken = (usernamepasswordtoken) token; String userName = Uptoken.getusername (); String PassWord = new String (Uptoken.getpassword ()); AuthenticationInfo authinfo = new Simpleauthenticationinfo (userName, PassWord, GetName ()); return authinfo;} /** * Set the hash algorithm and the number of iterations of the password checksum. */@PostConstructpublic void Initcredentialsmatcher () {hashedcredentialsmatcher matcher = new Hashedcredentialsmatcher (hash_algorithm); matcher.sethashiterations (hash_interations); Setcredentialsmatcher (Matcher);}}
Six. Shiro.ini file content adds support for realm.
# # Licensed to the Apache software Foundation (ASF) under one# or more contributor license agreements. See the NOTICE file# distributed and this work for additional information# regarding copyright ownership. The ASF licenses this file# to you under the Apache License, Version 2.0 (the# "License"); You are not a use of this file except in compliance# with the License. Obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## unless required by applicable l AW or agreed to writing,# software distributed under the License are distributed on an# "as is" BASIS, without Warrantie S or CONDITIONS of any# KIND, either express OR implied. See the License for the# specific language governing permissions and limitations# under the license.## =================== ==========================================================# Quickstart INI Realm configuration## for those that might Not understand the references in this file, the# definitions is all based on the ClassiC Mel Brooks ' film "Spaceballs". ;)# =============================================================================# ------------------------------ -----------------------------------------------# Users and their assigned roles## each line conforms to the format defined In the# org.apache.shiro.realm.text.textconfigurationrealm#setuserdefinitions javadoc#--------------------------- --------------------------------------------------#realmmyRealm = Com.susheng.shiro.ShiroDbRealmsecurityManager.realm = $myRealm [users]# user ' root ' with password ' secret ' and the ' admin ' Roleroot = secret, admin# user ' guest ' with the password ' guest ' and the ' guest ' roleguest = Guest, guest# user ' preside Ntskroob ' with password ' 12345 ' ("that ' s the same combination on# my luggage!!!";)), and role ' president ' Presidentskroob = 12345, president# user ' Darkhelmet ' with password ' ludicrousspeed ' and Roles ' Darklord ' and ' schwartz ' Darkhelmet = ludic Rousspeed, Darklord, schwartz# user ' Lonestarr ' with password ' veSpa ' and roles ' Goodguy ' and ' schwartz ' Lonestarr = Vespa, Goodguy, schwartz#------------------------------------------- ----------------------------------# Roles with assigned permissions# # All line conforms to the format defined in the# or G.apache.shiro.realm.text.textconfigurationrealm#setroledefinitions javadoc#----------------------------------- ------------------------------------------[roles]# ' admin ' role have all permissions, indicated by the wildcard ' * ' admin = *# the ' Schwartz ' role can do anything (*) with any Lightsaber:schwartz = lightsaber:*# the ' goodguy ' role was allowed to ' Drive ' (action) the Winnebago (type) with# license plate ' eagle5 ' (instance specific id) Goodguy = winnebago:drive:eagle5[ urls]/login.jsp = anon/index.html = user/index.jsp = user/homepagedebug.jsp = user/module/** = user
Ok. Now, and support for the Web is implemented.
Code: http://download.csdn.net/detail/sushengmiyan/8022503
[Shiro Study notes] section II Shiro and Web fusion implement a simple authorization authentication