本文地址:http://blog.csdn.net/sushengmiyan/article/details/39933993

shiro官网:http://shiro.apache.org/

shiro中文手册:http://wenku.baidu.com/link?url=ZnnwOHFP20LTyX5ILKpd_P94hICe9Ga154KLj_3cCDXpJWhw5Evxt7sfr0B5QSZYXOKqG_FtHeD-RwQvI5ozyTBrMAalhH8nfxNzyoOW21K

本文作者:sushengmiyan

------------------------------------------------------------------------------------------------------------------------------------

一。新建java web工程 这里取名为shirodemo

二。添加依赖的jar包,如下:

三。添加web对shiro的支持

如第一篇文章所述,在此基础上增加webs.xml部署描述:

  <listener>

  	<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>

  </listener>

  <filter>

  	<filter-name>shiro</filter-name>

  	<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>

  </filter>

  <filter-mapping>

  	<filter-name>shiro</filter-name>

  	<url-pattern>/*</url-pattern>

  </filter-mapping>

四。添加jsp页面登陆按钮以及标签支持:

<%

 String user = request.getParameter("username");

 String pwd = request.getParameter("password");

if(user != null && pwd != null){

	 Subject sub = SecurityUtils.getSubject();

	 String context = request.getContextPath();

	 try{

	 	sub.login(new UsernamePasswordToken(user.toUpperCase(),pwd));

	 	out.println("登录成功");

	 }catch(IncorrectCredentialsException e){

		 out.println("{success:false,msg:'用户名与密码不正确!'}");

	 }catch(UnknownAccountException e){

		 out.println("{success:false,msg:'用户名不存在!'}");

	 }

	 return;

}

%>

在jsp页面中增加用户名和密码登陆框。

五。新建realm实现

package com.susheng.shiro;

import javax.annotation.PostConstruct;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.IncorrectCredentialsException;

import org.apache.shiro.authc.LockedAccountException;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UnknownAccountException;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.cache.CacheManager;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

//认证数据库存储

public class ShiroRealm extends AuthorizingRealm {

	public Logger logger = LoggerFactory.getLogger(getClass());

	final static String AUTHCACHENAME = "AUTHCACHENAME";

	public static final String HASH_ALGORITHM = "MD5";

	public static final int HASH_INTERATIONS = 1;

	public ShiroDbRealm() {

		// 认证

		super.setAuthenticationCachingEnabled(false);

		// 授权

		super.setAuthorizationCacheName(AUTHCACHENAME);

	}

	// 授权

	@Override

	protected AuthorizationInfo doGetAuthorizationInfo(

			PrincipalCollection principalCollection) {

		if (!SecurityUtils.getSubject().isAuthenticated()) {

			doClearCache(principalCollection);

			SecurityUtils.getSubject().logout();

			return null;

		}

		// 添加角色及权限信息

		SimpleAuthorizationInfo sazi = new SimpleAuthorizationInfo();

		return sazi;

	}

	// 认证

	@Override

	protected AuthenticationInfo doGetAuthenticationInfo(

			AuthenticationToken token) throws AuthenticationException {

		UsernamePasswordToken upToken = (UsernamePasswordToken) token;

		String userName = upToken.getUsername();

		String passWord = new String(upToken.getPassword());

		AuthenticationInfo authinfo = new SimpleAuthenticationInfo(

				userName, passWord, getName());

		return authinfo;

	}

	/**

	 * 设定Password校验的Hash算法与迭代次数.

	 */

	@PostConstruct

	public void initCredentialsMatcher() {

		HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(

				HASH_ALGORITHM);

		matcher.setHashIterations(HASH_INTERATIONS);

		setCredentialsMatcher(matcher);

	}

}

六。shiro.ini文件内容增加对realm的支持。

#

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements.  See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership.  The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License.  You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied.  See the License for the

# specific language governing permissions and limitations

# under the License.

#

# =============================================================================

# Quickstart INI Realm configuration

#

# For those that might not understand the references in this file, the

# definitions are all based on the classic Mel Brooks' film "Spaceballs". ;)

# =============================================================================

# -----------------------------------------------------------------------------

# Users and their assigned roles

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc

# -----------------------------------------------------------------------------

#realm

myRealm = com.susheng.shiro.ShiroDbRealm

securityManager.realm = $myRealm

[users]

# user 'root' with password 'secret' and the 'admin' role

root = secret, admin

# user 'guest' with the password 'guest' and the 'guest' role

guest = guest, guest

# user 'presidentskroob' with password '12345' ("That's the same combination on

# my luggage!!!" ;)), and role 'president'

presidentskroob = 12345, president

# user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz'

darkhelmet = ludicrousspeed, darklord, schwartz

# user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz'

lonestarr = vespa, goodguy, schwartz

# -----------------------------------------------------------------------------

# Roles with assigned permissions

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc

# -----------------------------------------------------------------------------

[roles]

# 'admin' role has all permissions, indicated by the wildcard '*'

admin = *

# The 'schwartz' role can do anything (*) with any lightsaber:

schwartz = lightsaber:*

# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with

# license plate 'eagle5' (instance specific id)

goodguy = winnebago:drive:eagle5

[urls]

/login.jsp = anon

/index.html = user

/index.jsp = user

/homePageDebug.jsp = user

/module/** = user

七。tomcat增加对这个应用的部署。启动tomcat,输入对应的url。

查看实现效果:

登录界面的显示

点击登录之后,插入了shiro的实现。暂时没有进行实质认证,只是大概搭建的shiro环境。自己插入自己的realm实现就可以了。

OK。现在,以及实现了对web的支持。

代码下载地址:http://download.csdn.net/detail/sushengmiyan/8022503

[shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证的更多相关文章

  1. [struts2学习笔记] 第二节 使用Maven搞定管理和构造Struts 2 Web应用程序的七个步骤

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/40303897 官方文档:http://struts.apache.org/releas ...

  2. [shiro学习笔记]第一节 使用eclipse/myeclipse搭建一个shiro程序

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/39519509 shiro官网:http://shiro.apache.org/ shi ...

  3. 【shiro】shiro学习笔记1 - 初识shiro

    [TOC] 认证流程 st=>start: Start e=>end: End op1=>operation: 构造SecurityManager环境 op2=>operati ...

  4. [ExtJS5学习笔记]第二节 Sencha Cmd 学习笔记 使你的sencha cmd跑起来

    本文地址: http://blog.csdn.net/sushengmiyan/article/details/38313537 本文作者:sushengmiyan ----------------- ...

  5. [ExtJS5学习笔记]第九节 Extjs5的mvc与mvvm框架结构简单介绍

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/38537431 本文作者:sushengmiyan ------------------ ...

  6. opengl学习笔记(五):组合变换,绘制一个简单的太阳系

    创建太阳系模型 描述的程序绘制一个简单的太阳系,其中有一颗行星和一颗太阳,用同一个函数绘制.需要使用glRotate*()函数让这颗行星绕太阳旋转,并且绕自身的轴旋转.还需要使用glTranslate ...

  7. Shiro学习笔记(5)——web集成

    Web集成 shiro配置文件shiroini 界面 webxml最关键 Servlet 測试 基于 Basic 的拦截器身份验证 Web集成 大多数情况.web项目都会集成spring.shiro在 ...

  8. Shiro学习笔记总结,附加" 身份认证 "源码案例(一)

    Shiro学习笔记总结 内容介绍: 一.Shiro介绍 二.subject认证主体 三.身份认证流程 四.Realm & JDBC reaml介绍 五.Shiro.ini配置介绍 六.源码案例 ...

  9. shiro学习笔记_0600_自定义realm实现授权

    博客shiro学习笔记_0400_自定义Realm实现身份认证 介绍了认证,这里介绍授权. 1,仅仅通过配置文件来指定权限不够灵活且不方便.在实际的应用中大多数情况下都是将用户信息,角色信息,权限信息 ...

随机推荐

  1. [Codeforces]862F - Mahmoud and Ehab and the final stage

    题目大意:n个字符串,支持修改一个位置上的字符串和查询一个区间的子区间中长度乘LCP的最大值,输入字符数和询问数不超过10^5. 做法:求出相邻的LCP长度,区间LCP等于区间最小值,查询分几种情况考 ...

  2. Gradle学习之基础篇

    一.gradle基础概念 Gradle是一个基于Apache Ant和Apache Maven概念的项目自动化构建工具.Gradle抛弃了基于各种繁琐的XML,使用一种基于Groovy的特定领域语言( ...

  3. 本地缓存,Redis缓存,数据库DB查询(结合代码分析)

    问题背景 为什么要使用缓存?本地缓存/Redis缓存/数据库查询优先级? 一.为什么要使用缓存 原因:CPU的速度远远高于磁盘IO的速度问题:很多信息存在数据库当中的,每次查询数据库就是一次IO操作所 ...

  4. ubuntu 16.04 安装 tensorflow-gpu 包括 CUDA ,CUDNN,CONDA

    ubuntu 16.04 安装 tensorflow-gpu 包括 CUDA ,CUDNN,CONDA 显卡驱动装好了,如图: 英文原文链接: https://github.com/williamFa ...

  5. Java HashMap的扩容

    最近博主参加面试,发现自己对于Java的HashMap的扩容过程理解不足,故最近在此进行总结. 首先说明博主德Java为1.8版本 HashMap中的变量 首先要了解HashMap的扩容过程,我们就得 ...

  6. 0. 迷之 -> 和 .

    0. 迷之 -> 和 . 箭头(->):左边必须为指针: 点号(.):左边必须为实体. e.g.1 class class A{ public: play(); }; int main() ...

  7. ABP文档笔记系列

    ABP文档笔记 - 模块系统 及 配置中心 ABP文档笔记 - 事件BUS ABP文档笔记 - 数据过滤 ABP文档笔记 - 规约 ABP文档笔记 - 配置.设置.版本.功能.权限 ABP文档笔记 - ...

  8. 深入了解Java虚拟机和内存管理

    1.java程序的执行过程      java源文件->解析器->class文件->java类加载器->java运行时数据区->执行引擎 2.我们接下来看一下java运行 ...

  9. jQuery CSS 类

    通过 jQuery,可以很容易地对 CSS 元素进行操作. jQuery 操作 CSS jQuery 拥有若干进行 CSS 操作的方法.我们将学习下面这些: addClass() - 向被选元素添加一 ...

  10. MongoDB 数据库引用

    MongoDB 引用有两种: 手动引用(Manual References) DBRefs DBRefs vs 手动引用 考虑这样的一个场景,我们在不同的集合中 (address_home, addr ...