[shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证
2014-10-11 08:23
781 查看
本文地址:http://blog.csdn.net/sushengmiyan/article/details/39933993
shiro官网: http://shiro.apache.org/ href="http://docs.sencha.com/extjs/5.0/apidocs/#!/api/Ext-method-each" target=_blank>
shiro中文手册:http://wenku.baidu.com/link?url=ZnnwOHFP20LTyX5ILKpd_P94hICe9Ga154KLj_3cCDXpJWhw5Evxt7sfr0B5QSZYXOKqG_FtHeD-RwQvI5ozyTBrMAalhH8nfxNzyoOW21K
本文作者:sushengmiyan
------------------------------------------------------------------------------------------------------------------------------------
一。新建java web工程 这里取名为shirodemo
二。添加依赖的jar包,如下:
三。添加web对shiro的支持
如第一篇文章所述,在此基础上增加webs.xml部署描述:
四。添加jsp页面登陆按钮以及标签支持:
五。新建realm实现
六。shiro.ini文件内容增加对realm的支持。
七。tomcat增加对这个应用的部署。启动tomcat,输入对应的url。
查看实现效果:
登录界面的显示
点击登录之后,插入了shiro的实现。暂时没有进行实质认证,只是大概搭建的shiro环境。自己插入自己的realm实现就可以了。
OK。现在,以及实现了对web的支持。
代码下载地址:http://download.csdn.net/detail/sushengmiyan/8022503
shiro官网: http://shiro.apache.org/ href="http://docs.sencha.com/extjs/5.0/apidocs/#!/api/Ext-method-each" target=_blank>
shiro中文手册:http://wenku.baidu.com/link?url=ZnnwOHFP20LTyX5ILKpd_P94hICe9Ga154KLj_3cCDXpJWhw5Evxt7sfr0B5QSZYXOKqG_FtHeD-RwQvI5ozyTBrMAalhH8nfxNzyoOW21K
本文作者:sushengmiyan
------------------------------------------------------------------------------------------------------------------------------------
一。新建java web工程 这里取名为shirodemo
二。添加依赖的jar包,如下:
三。添加web对shiro的支持
如第一篇文章所述,在此基础上增加webs.xml部署描述:
<listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>shiro</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter> <filter-mapping> <filter-name>shiro</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
四。添加jsp页面登陆按钮以及标签支持:
<% String user = request.getParameter("username"); String pwd = request.getParameter("password"); if(user != null && pwd != null){ Subject sub = SecurityUtils.getSubject(); String context = request.getContextPath(); try{ sub.login(new UsernamePasswordToken(user.toUpperCase(),pwd)); out.println("登录成功"); }catch(IncorrectCredentialsException e){ out.println("{success:false,msg:'用户名与密码不正确!'}"); }catch(UnknownAccountException e){ out.println("{success:false,msg:'用户名不存在!'}"); } return; } %>在jsp页面中增加用户名和密码登陆框。
五。新建realm实现
package com.susheng.shiro; import javax.annotation.PostConstruct; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cache.CacheManager; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.Subject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; //认证数据库存储 public class ShiroRealm extends AuthorizingRealm { public Logger logger = LoggerFactory.getLogger(getClass()); final static String AUTHCACHENAME = "AUTHCACHENAME"; public static final String HASH_ALGORITHM = "MD5"; public static final int HASH_INTERATIONS = 1; public ShiroDbRealm() { // 认证 super.setAuthenticationCachingEnabled(false); // 授权 super.setAuthorizationCacheName(AUTHCACHENAME); } // 授权 @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principalCollection) { if (!SecurityUtils.getSubject().isAuthenticated()) { doClearCache(principalCollection); SecurityUtils.getSubject().logout(); return null; } // 添加角色及权限信息 SimpleAuthorizationInfo sazi = new SimpleAuthorizationInfo(); return sazi; } // 认证 @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; String userName = upToken.getUsername(); String passWord = new String(upToken.getPassword()); AuthenticationInfo authinfo = new SimpleAuthenticationInfo( userName, passWord, getName()); return authinfo; } /** * 设定Password校验的Hash算法与迭代次数. */ @PostConstruct public void initCredentialsMatcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher( HASH_ALGORITHM); matcher.setHashIterations(HASH_INTERATIONS); setCredentialsMatcher(matcher); } }
六。shiro.ini文件内容增加对realm的支持。
# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # ============================================================================= # Quickstart INI Realm configuration # # For those that might not understand the references in this file, the # definitions are all based on the classic Mel Brooks' film "Spaceballs". ;) # ============================================================================= # ----------------------------------------------------------------------------- # Users and their assigned roles # # Each line conforms to the format defined in the # org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc # ----------------------------------------------------------------------------- #realm myRealm = com.susheng.shiro.ShiroDbRealm securityManager.realm = $myRealm [users] # user 'root' with password 'secret' and the 'admin' role root = secret, admin # user 'guest' with the password 'guest' and the 'guest' role guest = guest, guest # user 'presidentskroob' with password '12345' ("That's the same combination on # my luggage!!!" ;)), and role 'president' presidentskroob = 12345, president # user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz' darkhelmet = ludicrousspeed, darklord, schwartz # user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz' lonestarr = vespa, goodguy, schwartz # ----------------------------------------------------------------------------- # Roles with assigned permissions # # Each line conforms to the format defined in the # org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc # ----------------------------------------------------------------------------- [roles] # 'admin' role has all permissions, indicated by the wildcard '*' admin = * # The 'schwartz' role can do anything (*) with any lightsaber: schwartz = lightsaber:* # The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with # license plate 'eagle5' (instance specific id) goodguy = winnebago:drive:eagle5 [urls] /login.jsp = anon /index.html = user /index.jsp = user /homePageDebug.jsp = user /module/** = user
七。tomcat增加对这个应用的部署。启动tomcat,输入对应的url。
查看实现效果:
登录界面的显示
点击登录之后,插入了shiro的实现。暂时没有进行实质认证,只是大概搭建的shiro环境。自己插入自己的realm实现就可以了。
OK。现在,以及实现了对web的支持。
代码下载地址:http://download.csdn.net/detail/sushengmiyan/8022503
相关文章推荐
- [shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证
- [shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证
- [shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证
- linux0.11学习笔记-技术铺垫-简单AB任务切换程序(1)-实现一个简单的bootloader
- core java 8 学习笔记(一) 一个简单的图片查看器的实现
- IOS学习笔记之实现一个简单的表
- linux0.11学习笔记-技术铺垫-简单AB任务切换程序(1)-实现一个简单的bootloader
- 网络编程学习笔记二(实现一个基于简单TCP的用户注册程序)
- web中采用shiro实现登录认证与权限授权管理
- python学习笔记:"爬虫+有道词典"实现一个简单的英译汉程序
- Python web入门:Django学习与实践二(简单页面实现和创建一个模板)
- 《Orange's 一个操作系统的实现》学习笔记--一个简单的引导扇区
- JSP/Servlet Web 学习笔记 DayThree —— 实现一个登陆小界面
- Silverlight学习笔记一(理解一下机制,使用一下布局,实现一个简单的用户登录)
- sql server 关于表中只增标识问题 C# 实现自动化打开和关闭可执行文件(或 关闭停止与系统交互的可执行文件) ajaxfileupload插件上传图片功能,用MVC和aspx做后台各写了一个案例 将小写阿拉伯数字转换成大写的汉字, C# WinForm 中英文实现, 国际化实现的简单方法 ASP.NET Core 2 学习笔记(六)ASP.NET Core 2 学习笔记(三)
- DayDayUp之HTML5学习笔记 二 使用header、aside、section、footer实现一个简单的界面
- Go学习笔记:写一个简单的web程序
- 学习 UNIX网络编程卷1:套接字 笔记1-实现一个简单的回射客户服务器程序
- 一个无聊男人的疯狂《数据结构与算法分析-C++描述》学习笔记 用C++/lua/python/bash的四重实现(7)习题2.8 随机数组的三种生成算法
- Struts 1 学习笔记-5-2(编写一个简单的支持I18N的登录系统)