本文地址:http://blog.csdn.net/sushengmiyan/article/details/39933993

shiro官网:http://shiro.apache.org/

shiro中文手册:http://wenku.baidu.com/link?url=ZnnwOHFP20LTyX5ILKpd_P94hICe9Ga154KLj_3cCDXpJWhw5Evxt7sfr0B5QSZYXOKqG_FtHeD-RwQvI5ozyTBrMAalhH8nfxNzyoOW21K

本文作者:sushengmiyan

------------------------------------------------------------------------------------------------------------------------------------

一。新建java web工程 这里取名为shirodemo

二。添加依赖的jar包,如下:

三。添加web对shiro的支持

如第一篇文章所述,在此基础上增加webs.xml部署描述:

  <listener>

  	<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>

  </listener>

  <filter>

  	<filter-name>shiro</filter-name>

  	<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>

  </filter>

  <filter-mapping>

  	<filter-name>shiro</filter-name>

  	<url-pattern>/*</url-pattern>

  </filter-mapping>

四。添加jsp页面登陆按钮以及标签支持:

<%

 String user = request.getParameter("username");

 String pwd = request.getParameter("password");

if(user != null && pwd != null){

	 Subject sub = SecurityUtils.getSubject();

	 String context = request.getContextPath();

	 try{

	 	sub.login(new UsernamePasswordToken(user.toUpperCase(),pwd));

	 	out.println("登录成功");

	 }catch(IncorrectCredentialsException e){

		 out.println("{success:false,msg:'用户名与密码不正确!'}");

	 }catch(UnknownAccountException e){

		 out.println("{success:false,msg:'用户名不存在!'}");

	 }

	 return;

}

%>

在jsp页面中增加用户名和密码登陆框。

五。新建realm实现

package com.susheng.shiro;

import javax.annotation.PostConstruct;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.IncorrectCredentialsException;

import org.apache.shiro.authc.LockedAccountException;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

import org.apache.shiro.authc.UnknownAccountException;

import org.apache.shiro.authc.UsernamePasswordToken;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.cache.CacheManager;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.apache.shiro.subject.Subject;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

//认证数据库存储

public class ShiroRealm extends AuthorizingRealm {

	public Logger logger = LoggerFactory.getLogger(getClass());

	final static String AUTHCACHENAME = "AUTHCACHENAME";

	public static final String HASH_ALGORITHM = "MD5";

	public static final int HASH_INTERATIONS = 1;

	public ShiroDbRealm() {

		// 认证

		super.setAuthenticationCachingEnabled(false);

		// 授权

		super.setAuthorizationCacheName(AUTHCACHENAME);

	}

	// 授权

	@Override

	protected AuthorizationInfo doGetAuthorizationInfo(

			PrincipalCollection principalCollection) {

		if (!SecurityUtils.getSubject().isAuthenticated()) {

			doClearCache(principalCollection);

			SecurityUtils.getSubject().logout();

			return null;

		}

		// 添加角色及权限信息

		SimpleAuthorizationInfo sazi = new SimpleAuthorizationInfo();

		return sazi;

	}

	// 认证

	@Override

	protected AuthenticationInfo doGetAuthenticationInfo(

			AuthenticationToken token) throws AuthenticationException {

		UsernamePasswordToken upToken = (UsernamePasswordToken) token;

		String userName = upToken.getUsername();

		String passWord = new String(upToken.getPassword());

		AuthenticationInfo authinfo = new SimpleAuthenticationInfo(

				userName, passWord, getName());

		return authinfo;

	}

	/**

	 * 设定Password校验的Hash算法与迭代次数.

	 */

	@PostConstruct

	public void initCredentialsMatcher() {

		HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(

				HASH_ALGORITHM);

		matcher.setHashIterations(HASH_INTERATIONS);

		setCredentialsMatcher(matcher);

	}

}

六。shiro.ini文件内容增加对realm的支持。

#

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements.  See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership.  The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License.  You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied.  See the License for the

# specific language governing permissions and limitations

# under the License.

#

# =============================================================================

# Quickstart INI Realm configuration

#

# For those that might not understand the references in this file, the

# definitions are all based on the classic Mel Brooks' film "Spaceballs". ;)

# =============================================================================

# -----------------------------------------------------------------------------

# Users and their assigned roles

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc

# -----------------------------------------------------------------------------

#realm

myRealm = com.susheng.shiro.ShiroDbRealm

securityManager.realm = $myRealm

[users]

# user 'root' with password 'secret' and the 'admin' role

root = secret, admin

# user 'guest' with the password 'guest' and the 'guest' role

guest = guest, guest

# user 'presidentskroob' with password '12345' ("That's the same combination on

# my luggage!!!" ;)), and role 'president'

presidentskroob = 12345, president

# user 'darkhelmet' with password 'ludicrousspeed' and roles 'darklord' and 'schwartz'

darkhelmet = ludicrousspeed, darklord, schwartz

# user 'lonestarr' with password 'vespa' and roles 'goodguy' and 'schwartz'

lonestarr = vespa, goodguy, schwartz

# -----------------------------------------------------------------------------

# Roles with assigned permissions

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc

# -----------------------------------------------------------------------------

[roles]

# 'admin' role has all permissions, indicated by the wildcard '*'

admin = *

# The 'schwartz' role can do anything (*) with any lightsaber:

schwartz = lightsaber:*

# The 'goodguy' role is allowed to 'drive' (action) the winnebago (type) with

# license plate 'eagle5' (instance specific id)

goodguy = winnebago:drive:eagle5

[urls]

/login.jsp = anon

/index.html = user

/index.jsp = user

/homePageDebug.jsp = user

/module/** = user

七。tomcat增加对这个应用的部署。启动tomcat,输入对应的url。

查看实现效果:

登录界面的显示

点击登录之后,插入了shiro的实现。暂时没有进行实质认证,只是大概搭建的shiro环境。自己插入自己的realm实现就可以了。

OK。现在,以及实现了对web的支持。

代码下载地址:http://download.csdn.net/detail/sushengmiyan/8022503

[shiro学习笔记]第二节 shiro与web融合实现一个简单的授权认证的更多相关文章

  1. [struts2学习笔记] 第二节 使用Maven搞定管理和构造Struts 2 Web应用程序的七个步骤

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/40303897 官方文档:http://struts.apache.org/releas ...

  2. [shiro学习笔记]第一节 使用eclipse/myeclipse搭建一个shiro程序

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/39519509 shiro官网:http://shiro.apache.org/ shi ...

  3. 【shiro】shiro学习笔记1 - 初识shiro

    [TOC] 认证流程 st=>start: Start e=>end: End op1=>operation: 构造SecurityManager环境 op2=>operati ...

  4. [ExtJS5学习笔记]第二节 Sencha Cmd 学习笔记 使你的sencha cmd跑起来

    本文地址: http://blog.csdn.net/sushengmiyan/article/details/38313537 本文作者:sushengmiyan ----------------- ...

  5. [ExtJS5学习笔记]第九节 Extjs5的mvc与mvvm框架结构简单介绍

    本文地址:http://blog.csdn.net/sushengmiyan/article/details/38537431 本文作者:sushengmiyan ------------------ ...

  6. opengl学习笔记(五):组合变换,绘制一个简单的太阳系

    创建太阳系模型 描述的程序绘制一个简单的太阳系,其中有一颗行星和一颗太阳,用同一个函数绘制.需要使用glRotate*()函数让这颗行星绕太阳旋转,并且绕自身的轴旋转.还需要使用glTranslate ...

  7. Shiro学习笔记(5)——web集成

    Web集成 shiro配置文件shiroini 界面 webxml最关键 Servlet 測试 基于 Basic 的拦截器身份验证 Web集成 大多数情况.web项目都会集成spring.shiro在 ...

  8. Shiro学习笔记总结,附加" 身份认证 "源码案例(一)

    Shiro学习笔记总结 内容介绍: 一.Shiro介绍 二.subject认证主体 三.身份认证流程 四.Realm & JDBC reaml介绍 五.Shiro.ini配置介绍 六.源码案例 ...

  9. shiro学习笔记_0600_自定义realm实现授权

    博客shiro学习笔记_0400_自定义Realm实现身份认证 介绍了认证,这里介绍授权. 1,仅仅通过配置文件来指定权限不够灵活且不方便.在实际的应用中大多数情况下都是将用户信息,角色信息,权限信息 ...

随机推荐

  1. 51 nod 1427 文明 (并查集 + 树的直径)

    1427 文明 题目来源: CodeForces 基准时间限制:1.5 秒 空间限制:131072 KB 分值: 160 难度:6级算法题   安德鲁在玩一个叫“文明”的游戏.大妈正在帮助他. 这个游 ...

  2. Educational Codeforces Round 18

    A. New Bus Route 题目大意:给出n个不同的数,问差值最小的数有几对.(n<=200,000) 思路:排序一下,差值最小的一定是相邻的,直接统计即可. #include<cs ...

  3. 【UOJ UNR #1】争夺圣杯

    来自FallDream的博客,未经允许,请勿转载,谢谢. 传送门 考虑直接对每个数字,统计它会产生的贡献. 单调栈求出每个数字左边第一个大等于他的数,右边第一个大于他的 (注意只能有一边取等) 假设左 ...

  4. springboot集成redis(mybatis、分布式session)

    安装Redis请参考:<CentOS快速安装Redis> 一.springboot集成redis并实现DB与缓存同步 1.添加redis及数据库相关依赖(pom.xml) <depe ...

  5. TensorFlow-Bitcoin-Robot:Tensorflow 比特币交易机器人

    简介 一个比特币交易机器人基于 Tensorflow LSTM 模型,仅供娱乐. A Bitcoin trade robot based on Tensorflow LSTM model.Just f ...

  6. Map,HashMap,TreeMap

    一.HashMap,TreeMap差别 1.两种常规Map性能 HashMap:适用于在Map中插入.删除和定位元素. Treemap:适用于按自然顺序或自定义顺序遍历键(key). 2.总结 Has ...

  7. Java HashMap的扩容

    最近博主参加面试,发现自己对于Java的HashMap的扩容过程理解不足,故最近在此进行总结. 首先说明博主德Java为1.8版本 HashMap中的变量 首先要了解HashMap的扩容过程,我们就得 ...

  8. 关于Node.js中HTTP请求返回数据需要JSON解析的问题

    在编写项目过程中,需要用到实时数据的推送需求, 所以首先想到了NodeJS的websocket模块 在网上找了一个聊天室的例子  然后将其改为自己需求的推送 其中遇到的问题 返回数据问题  :   由 ...

  9. centos6 网卡配置,多IP设置

    ##云服务器 centos6网卡配置 #设置出口IP vim /etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=seth0 #网卡名称 BOOTPROTO ...

  10. Vue 波纹按钮组件

    代码链接:https://github.com/zhangKunUserGit/vue-component 效果图: 大家可以在线运行: https://zhangkunusergit.github. ...