本文地址:http://blog.csdn.net/sushengmiyan/article/details/39933993

shiro官网:http://shiro.apache.org/

shiro中文手册:http://wenku.baidu.com/link?url=ZnnwOHFP20LTyX5ILKpd_P94hICe9Ga154KLj_3cCDXpJWhw5Evxt7sfr0B5QSZYXOKqG_FtHeD-RwQvI5ozyTBrMAalhH8nfxNzyoOW21K

本文作者:sushengmiyan

------------------------------------------------------------------------------------------------------------------------------------

一。新建java web工程 这里取名为shirodemo

二。添加依赖的jar包,如下:

三。添加web对shiro的支持

如第一篇文章所述,在此基础上增加webs.xml部署描述:

  <listener>

  	<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>

  </listener>

  <filter>

  	<filter-name>shiro</filter-name>

  	<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>

  </filter>

  <filter-mapping>

  	<filter-name>shiro</filter-name>

  	<url-pattern>/*</url-pattern>

  </filter-mapping>

四。添加jsp页面登陆按钮以及标签支持:

<%

 String user = request.getParameter("username");

 String pwd = request.getParameter("password");

if(user != null && pwd != null){

	 Subject sub = SecurityUtils.getSubject();

	 String context = request.getContextPath();

	 try{

	 	sub.login(new UsernamePasswordToken(user.toUpperCase(),pwd));

	 	out.println("登录成功");

	 }catch(IncorrectCredentialsException e){

		 out.println("{success:false,msg:'用户名与密码不正确!'}");

	 }catch(UnknownAccountException e){

		 out.println("{success:false,msg:'用户名不存在!'}");

	 }

	 return;

}

%>

在jsp页面中增加用户名和密码登陆框。

五。新建realm实现

package com.susheng.shiro;

import javax.annotation.PostConstruct;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.IncorrectCredentialsException;

import org.apache.shiro.authc.LockedAccountException;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UnknownAccountException;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.cache.CacheManager;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

//认证数据库存储

public class ShiroRealm extends AuthorizingRealm {

	public Logger logger = LoggerFactory.getLogger(getClass());

	final static String AUTHCACHENAME = "AUTHCACHENAME";

	public static final String HASH_ALGORITHM = "MD5";

	public static final int HASH_INTERATIONS = 1;

	public ShiroDbRealm() {

		// 认证

		super.setAuthenticationCachingEnabled(false);

		// 授权

		super.setAuthorizationCacheName(AUTHCACHENAME);

	}

	// 授权

	@Override

	protected AuthorizationInfo doGetAuthorizationInfo(

			PrincipalCollection principalCollection) {

		if (!SecurityUtils.getSubject().isAuthenticated()) {

			doClearCache(principalCollection);

			SecurityUtils.getSubject().logout();

			return null;

		}

		// 添加角色及权限信息

		SimpleAuthorizationInfo sazi = new SimpleAuthorizationInfo();

		return sazi;

	}

	// 认证

	@Override

	protected AuthenticationInfo doGetAuthenticationInfo(

			AuthenticationToken token) throws AuthenticationException {

		UsernamePasswordToken upToken = (UsernamePasswordToken) token;

		String userName = upToken.getUsername();

		String passWord = new String(upToken.getPassword());

		AuthenticationInfo authinfo = new SimpleAuthenticationInfo(

				userName, passWord, getName());

		return authinfo;

	}

	/**

	 * 设定Password校验的Hash算法与迭代次数.

	 */

	@PostConstruct

	public void initCredentialsMatcher() {

		HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(

				HASH_ALGORITHM);

		matcher.setHashIterations(HASH_INTERATIONS);

		setCredentialsMatcher(matcher);

	}

}

六。shiro.ini文件内容增加对realm的支持。

#

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements.  See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership.  The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License.  You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied.  See the License for the

# specific language governing permissions and limitations

# under the License.

#

# =============================================================================

# Quickstart INI Realm configuration

#

# For those that might not understand the references in this file, the

# definitions are all based on the classic Mel Brooks' film "Spaceballs". ;)

# =============================================================================

# -----------------------------------------------------------------------------

# Users and their assigned roles

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc

# -----------------------------------------------------------------------------

#realm

myRealm = com.susheng.shiro.ShiroDbRealm

securityManager.realm = $myRealm

[users]

# user 'root' with password 'secret' and the 'admin' role

root = secret, admin

# user 'guest' with the password 'guest' and the 'guest' role

guest = guest, guest

# user 'presidentskroob' with password '12345' ("That's the same combination on

# my luggage!!!" ;)), and role 'president'

presidentskroob = 12345, president

# user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz'

darkhelmet = ludicrousspeed, darklord, schwartz

# user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz'

lonestarr = vespa, goodguy, schwartz

# -----------------------------------------------------------------------------

# Roles with assigned permissions

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc

# -----------------------------------------------------------------------------

[roles]

# 'admin' role has all permissions, indicated by the wildcard '*'

admin = *

# The 'schwartz' role can do anything (*) with any lightsaber:

schwartz = lightsaber:*

# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with

# license plate 'eagle5' (instance specific id)

goodguy = winnebago:drive:eagle5

[urls]

/login.jsp = anon

/index.html = user

/index.jsp = user

/homePageDebug.jsp = user

/module/** = user

七。tomcat增加对这个应用的部署。启动tomcat,输入对应的url。

查看实现效果:

登录界面的显示

点击登录之后,插入了shiro的实现。暂时没有进行实质认证,只是大概搭建的shiro环境。自己插入自己的realm实现就可以了。

OK。现在,以及实现了对web的支持。

代码下载地址:http://download.csdn.net/detail/sushengmiyan/8022503

[shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证的更多相关文章

  1. [struts2学习笔记] 第二节 使用Maven搞定管理和构造Struts 2 Web应用程序的七个步骤

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/40303897 官方文档:http://struts.apache.org/releas ...

  2. [shiro学习笔记]第一节 使用eclipse/myeclipse搭建一个shiro程序

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/39519509 shiro官网:http://shiro.apache.org/ shi ...

  3. 【shiro】shiro学习笔记1 - 初识shiro

    [TOC] 认证流程 st=>start: Start e=>end: End op1=>operation: 构造SecurityManager环境 op2=>operati ...

  4. [ExtJS5学习笔记]第二节 Sencha Cmd 学习笔记 使你的sencha cmd跑起来

    本文地址: http://blog.csdn.net/sushengmiyan/article/details/38313537 本文作者:sushengmiyan ----------------- ...

  5. [ExtJS5学习笔记]第九节 Extjs5的mvc与mvvm框架结构简单介绍

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/38537431 本文作者:sushengmiyan ------------------ ...

  6. opengl学习笔记(五):组合变换,绘制一个简单的太阳系

    创建太阳系模型 描述的程序绘制一个简单的太阳系,其中有一颗行星和一颗太阳,用同一个函数绘制.需要使用glRotate*()函数让这颗行星绕太阳旋转,并且绕自身的轴旋转.还需要使用glTranslate ...

  7. Shiro学习笔记(5)——web集成

    Web集成 shiro配置文件shiroini 界面 webxml最关键 Servlet 測试 基于 Basic 的拦截器身份验证 Web集成 大多数情况.web项目都会集成spring.shiro在 ...

  8. Shiro学习笔记总结,附加" 身份认证 "源码案例(一)

    Shiro学习笔记总结 内容介绍: 一.Shiro介绍 二.subject认证主体 三.身份认证流程 四.Realm & JDBC reaml介绍 五.Shiro.ini配置介绍 六.源码案例 ...

  9. shiro学习笔记_0600_自定义realm实现授权

    博客shiro学习笔记_0400_自定义Realm实现身份认证 介绍了认证,这里介绍授权. 1,仅仅通过配置文件来指定权限不够灵活且不方便.在实际的应用中大多数情况下都是将用户信息,角色信息,权限信息 ...

随机推荐

  1. [HNOI2005]狡猾的商人

    题目描述 输入输出格式 输入格式: 从文件input.txt中读入数据,文件第一行为一个正整数w,其中w < 100,表示有w组数据,即w个账本,需要你判断.每组数据的第一行为两个正整数n和m, ...

  2. ●洛谷P3168 [CQOI2015]任务查询系统

    题链: https://www.luogu.org/problemnew/show/P3168题解: 主席树 强制在线? 那就直接对每一个前缀时间建一个线段树(可持久化线段树),线段树维护优先度权值. ...

  3. 2015多校联赛 ——HDU5288(数学)

    OO’s Sequence Time Limit: 4000/2000 MS (Java/Others)    Memory Limit: 131072/131072 K (Java/Others) ...

  4. hdu 5446(中国剩余+lucas+按位乘)

    题意:c( n, m)%M    M = P1 * P2 * ......* Pk Lucas定理是用来求 c(n,m) mod p,p为素数的值.得出一个存余数数组,在结合中国剩余定理求值 其中有个 ...

  5. 51Nod 1326 遥远的旅途

    题目描述: 一个国家有N个城市,这些城市被标为0,1,2,...N-1.这些城市间连有M条道路,每条道路连接两个不同的城市,且道路都是双向的.一个小鹿喜欢在城市间沿着道路自由的穿梭,初始时小鹿在城市0 ...

  6. bzoj2243[SDOI2011]染色 树链剖分+线段树

    2243: [SDOI2011]染色 Time Limit: 20 Sec  Memory Limit: 512 MBSubmit: 9012  Solved: 3375[Submit][Status ...

  7. python实现tab键自动补全

    一.查询python安装路径,一般默认是/usr/lib64/ [root@host2 ~]# python Python (r266:, Jul , ::) [GCC (Red Hat -)] on ...

  8. Vue生命周期-手动挂载理解

    改前端遇到个bug,console能够输出值,但是前端不能显示. 我简直一脸懵逼,vue的问题?网络的问题?浏览器的缓存问题? 公司网络,所以直接排除网络问题. 浏览器缓存,试了下确实一定概率可以显示 ...

  9. ubuntu 修改计算机名

    ubuntu装好系统之后打开终端,命令行前边会有一长串名字,看起来好烦(格式为:用户名@计算机名:~$),所以改计算机名: 需要改两个文件: sudo gedit /etc/hostname sudo ...

  10. FJUT寒假作业第三周数蚂蚁(记录第一道并查集)

    http://210.34.193.66:8080/vj/Contest.jsp?cid=162#P7 思路:用并查集合并集合,最后遍历,找到集合的根的个数. 并查集是森林,森林中的每一颗树是一个集合 ...