本文地址:http://blog.csdn.net/sushengmiyan/article/details/39933993

shiro官网:http://shiro.apache.org/

shiro中文手册:http://wenku.baidu.com/link?url=ZnnwOHFP20LTyX5ILKpd_P94hICe9Ga154KLj_3cCDXpJWhw5Evxt7sfr0B5QSZYXOKqG_FtHeD-RwQvI5ozyTBrMAalhH8nfxNzyoOW21K

本文作者:sushengmiyan

------------------------------------------------------------------------------------------------------------------------------------

一。新建java web工程 这里取名为shirodemo

二。添加依赖的jar包,如下:

三。添加web对shiro的支持

如第一篇文章所述,在此基础上增加webs.xml部署描述:

  <listener>

  	<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>

  </listener>

  <filter>

  	<filter-name>shiro</filter-name>

  	<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>

  </filter>

  <filter-mapping>

  	<filter-name>shiro</filter-name>

  	<url-pattern>/*</url-pattern>

  </filter-mapping>

四。添加jsp页面登陆按钮以及标签支持:

<%

 String user = request.getParameter("username");

 String pwd = request.getParameter("password");

if(user != null && pwd != null){

	 Subject sub = SecurityUtils.getSubject();

	 String context = request.getContextPath();

	 try{

	 	sub.login(new UsernamePasswordToken(user.toUpperCase(),pwd));

	 	out.println("登录成功");

	 }catch(IncorrectCredentialsException e){

		 out.println("{success:false,msg:'用户名与密码不正确!'}");

	 }catch(UnknownAccountException e){

		 out.println("{success:false,msg:'用户名不存在!'}");

	 }

	 return;

}

%>

在jsp页面中增加用户名和密码登陆框。

五。新建realm实现

package com.susheng.shiro;

import javax.annotation.PostConstruct;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.IncorrectCredentialsException;

import org.apache.shiro.authc.LockedAccountException;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UnknownAccountException;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.cache.CacheManager;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

//认证数据库存储

public class ShiroRealm extends AuthorizingRealm {

	public Logger logger = LoggerFactory.getLogger(getClass());

	final static String AUTHCACHENAME = "AUTHCACHENAME";

	public static final String HASH_ALGORITHM = "MD5";

	public static final int HASH_INTERATIONS = 1;

	public ShiroDbRealm() {

		// 认证

		super.setAuthenticationCachingEnabled(false);

		// 授权

		super.setAuthorizationCacheName(AUTHCACHENAME);

	}

	// 授权

	@Override

	protected AuthorizationInfo doGetAuthorizationInfo(

			PrincipalCollection principalCollection) {

		if (!SecurityUtils.getSubject().isAuthenticated()) {

			doClearCache(principalCollection);

			SecurityUtils.getSubject().logout();

			return null;

		}

		// 添加角色及权限信息

		SimpleAuthorizationInfo sazi = new SimpleAuthorizationInfo();

		return sazi;

	}

	// 认证

	@Override

	protected AuthenticationInfo doGetAuthenticationInfo(

			AuthenticationToken token) throws AuthenticationException {

		UsernamePasswordToken upToken = (UsernamePasswordToken) token;

		String userName = upToken.getUsername();

		String passWord = new String(upToken.getPassword());

		AuthenticationInfo authinfo = new SimpleAuthenticationInfo(

				userName, passWord, getName());

		return authinfo;

	}

	/**

	 * 设定Password校验的Hash算法与迭代次数.

	 */

	@PostConstruct

	public void initCredentialsMatcher() {

		HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(

				HASH_ALGORITHM);

		matcher.setHashIterations(HASH_INTERATIONS);

		setCredentialsMatcher(matcher);

	}

}

六。shiro.ini文件内容增加对realm的支持。

#

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements.  See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership.  The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License.  You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied.  See the License for the

# specific language governing permissions and limitations

# under the License.

#

# =============================================================================

# Quickstart INI Realm configuration

#

# For those that might not understand the references in this file, the

# definitions are all based on the classic Mel Brooks' film "Spaceballs". ;)

# =============================================================================

# -----------------------------------------------------------------------------

# Users and their assigned roles

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc

# -----------------------------------------------------------------------------

#realm

myRealm = com.susheng.shiro.ShiroDbRealm

securityManager.realm = $myRealm

[users]

# user 'root' with password 'secret' and the 'admin' role

root = secret, admin

# user 'guest' with the password 'guest' and the 'guest' role

guest = guest, guest

# user 'presidentskroob' with password '12345' ("That's the same combination on

# my luggage!!!" ;)), and role 'president'

presidentskroob = 12345, president

# user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz'

darkhelmet = ludicrousspeed, darklord, schwartz

# user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz'

lonestarr = vespa, goodguy, schwartz

# -----------------------------------------------------------------------------

# Roles with assigned permissions

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc

# -----------------------------------------------------------------------------

[roles]

# 'admin' role has all permissions, indicated by the wildcard '*'

admin = *

# The 'schwartz' role can do anything (*) with any lightsaber:

schwartz = lightsaber:*

# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with

# license plate 'eagle5' (instance specific id)

goodguy = winnebago:drive:eagle5

[urls]

/login.jsp = anon

/index.html = user

/index.jsp = user

/homePageDebug.jsp = user

/module/** = user

七。tomcat增加对这个应用的部署。启动tomcat,输入对应的url。

查看实现效果:

登录界面的显示

点击登录之后,插入了shiro的实现。暂时没有进行实质认证,只是大概搭建的shiro环境。自己插入自己的realm实现就可以了。

OK。现在,以及实现了对web的支持。

代码下载地址:http://download.csdn.net/detail/sushengmiyan/8022503

[shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证的更多相关文章

  1. [struts2学习笔记] 第二节 使用Maven搞定管理和构造Struts 2 Web应用程序的七个步骤

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/40303897 官方文档:http://struts.apache.org/releas ...

  2. [shiro学习笔记]第一节 使用eclipse/myeclipse搭建一个shiro程序

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/39519509 shiro官网:http://shiro.apache.org/ shi ...

  3. 【shiro】shiro学习笔记1 - 初识shiro

    [TOC] 认证流程 st=>start: Start e=>end: End op1=>operation: 构造SecurityManager环境 op2=>operati ...

  4. [ExtJS5学习笔记]第二节 Sencha Cmd 学习笔记 使你的sencha cmd跑起来

    本文地址: http://blog.csdn.net/sushengmiyan/article/details/38313537 本文作者:sushengmiyan ----------------- ...

  5. [ExtJS5学习笔记]第九节 Extjs5的mvc与mvvm框架结构简单介绍

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/38537431 本文作者:sushengmiyan ------------------ ...

  6. opengl学习笔记(五):组合变换,绘制一个简单的太阳系

    创建太阳系模型 描述的程序绘制一个简单的太阳系,其中有一颗行星和一颗太阳,用同一个函数绘制.需要使用glRotate*()函数让这颗行星绕太阳旋转,并且绕自身的轴旋转.还需要使用glTranslate ...

  7. Shiro学习笔记(5)——web集成

    Web集成 shiro配置文件shiroini 界面 webxml最关键 Servlet 測试 基于 Basic 的拦截器身份验证 Web集成 大多数情况.web项目都会集成spring.shiro在 ...

  8. Shiro学习笔记总结,附加" 身份认证 "源码案例(一)

    Shiro学习笔记总结 内容介绍: 一.Shiro介绍 二.subject认证主体 三.身份认证流程 四.Realm & JDBC reaml介绍 五.Shiro.ini配置介绍 六.源码案例 ...

  9. shiro学习笔记_0600_自定义realm实现授权

    博客shiro学习笔记_0400_自定义Realm实现身份认证 介绍了认证,这里介绍授权. 1,仅仅通过配置文件来指定权限不够灵活且不方便.在实际的应用中大多数情况下都是将用户信息,角色信息,权限信息 ...

随机推荐

  1. poj 3525 凸多边形多大内切圆

    Most Distant Point from the Sea Time Limit: 5000MS   Memory Limit: 65536K Total Submissions: 4758   ...

  2. 数据挖掘实战<1>:数据质量检查

    数据行业有一句很经典的话--"垃圾进,垃圾出"(Garbage in, Garbage out, GIGO),意思就是,如果使用的基础数据有问题,那基于这些数据得到的任何产出都是没 ...

  3. vrn:基于直接体积回归的单幅图像大姿态三维人脸重建

    3D面部重建是一个非常困难的基本计算机视觉问题.目前的系统通常假设多个面部图像(有时来自同一主题)作为输入的可用性,并且必须解决许多方法学挑战,例如在大的面部姿势,表情和不均匀照明之间建立密集的对应. ...

  4. 64. Minimum Path Sum(中等, 又做出一个DP题, 你们非问我开不开心,当然开心喽!^^)

    Given an m x n grid filled with nonnegative numbers, find a path from top left to bottom right which ...

  5. java求素数

    按定义 即除了1和它本身以外不再被其他的除数整数 public static void main(String[] args) { for (int i = 2; i < 100; i++) { ...

  6. Node.js NPM 使用介绍

    NPM是随同NodeJS一起安装的包管理工具,能解决NodeJS代码部署上的很多问题,常见的使用场景有以下几种: 允许用户从NPM服务器下载别人编写的第三方包到本地使用. 允许用户从NPM服务器下载并 ...

  7. jQuery – AJAX load() 方法

    jQuery load() 方法 jQuery load() 方法是简单但强大的 AJAX 方法. load() 方法从服务器加载数据,并把返回的数据放入被选元素中. 语法: $(selector). ...

  8. PHP MySQL 创建数据表

    PHP 创建 MySQL 表 一个数据表有一个唯一名称,并有行和列组成. 使用 MySQLi 和 PDO 创建 MySQL 表 CREATE TABLE 语句用于创建 MySQL 表. 我们将创建一个 ...

  9. iOS控制反转(IoC)与依赖注入(DI)的实现

    背景 最近接触了一段时间的SpringMVC,对其控制反转(IoC)和依赖注入(DI)印象深刻,此后便一直在思考如何使用OC语言较好的实现这两个功能.Java语言自带的注解特性为IoC和DI带来了极大 ...

  10. 在MPAndroidChart库K线图的基础上画均线

    CombinedChart 可以直接使用MPAndroidChart库里面提供的CombinedChart实现组合图形 Demo:CombinedChartDemo ------分割线(如果想在一个图 ...