shiro实战(1)--web
目录结构:
数据库结构:
一·web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>shiro_web</display-name>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<context-param>
<param-name>shiroEnvironmentClass</param-name>
<param-value>org.apache.shiro.web.env.IniWebEnvironment</param-value>
</context-param>
<context-param>
<param-name>shiroConfigLocations</param-name>
<param-value>classpath:shiro.ini</param-value>
</context-param>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
二·shiro.ini
[main]
#使用数据库验证授权
databaseRealm=com.yuanbo.DatabaseRealm
securityManager.realms=$databaseRealm
#配置一个url拥有多个role
roles=com.yuanbo.CustomRolesAuthorizationFilter
#没有验证的情况
authc.loginUrl=/login.jsp
#没有角色的情况
roles.unauthorizedUrl=/noRoles.jsp
#没有权限的情况
perms.unauthorizedUrl=/noPerms.jsp
#数据库中取得,不需要配置
[users]
[urls]
/doLogout=logout
#可以匿名访问
/login.jsp=anon
/noRoles.jsp=anon
/noPerms.jsp=anon
#登录后才能查看
/listProduct.jsp=authc
/deleteProduct.jsp=authc,roles[admin,productManager]
/deleteOrder.jsp=authc,perms["deleteOrder"]
三·实体类
package com.yuanbo; public class User {
private int id;
private String name;
private String password; public int getId() {
return id;
} public void setId(int id) {
this.id = id;
} public String getName() {
return name;
} public void setName(String name) {
this.name = name;
} public String getPassword() {
return password;
} public void setPassword(String password) {
this.password = password;
} }
四·DB
package com.yuanbo; import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashSet;
import java.util.Set; public class Dao {
public Dao() {
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
} public Connection getConnection() throws SQLException {
return DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/shiro?serverTimezone=UTC", "root",
"123456");
} public String getPassword(String userName) {
String sql = "select password from user where name = ?";
try (Connection c = getConnection(); PreparedStatement ps = c.prepareStatement(sql);) { ps.setString(1, userName); ResultSet rs = ps.executeQuery(); if (rs.next())
return rs.getString("password"); } catch (SQLException e) { e.printStackTrace();
}
return null;
} public Set<String> listRoles(String userName) { Set<String> roles = new HashSet<>();
String sql = "select r.name from user u " + "left join user_role ur on u.id = ur.uid "
+ "left join Role r on r.id = ur.rid " + "where u.name = ?";
try (Connection c = getConnection(); PreparedStatement ps = c.prepareStatement(sql);) {
ps.setString(1, userName);
ResultSet rs = ps.executeQuery(); while (rs.next()) {
roles.add(rs.getString(1));
} } catch (SQLException e) { e.printStackTrace();
}
return roles;
} public Set<String> listPermissions(String userName) {
Set<String> permissions = new HashSet<>();
String sql = "select p.name from user u " + "left join user_role ru on u.id = ru.uid "
+ "left join role r on r.id = ru.rid " + "left join role_permission rp on r.id = rp.rid "
+ "left join permission p on p.id = rp.pid " + "where u.name =?"; try (Connection c = getConnection(); PreparedStatement ps = c.prepareStatement(sql);) { ps.setString(1, userName); ResultSet rs = ps.executeQuery(); while (rs.next()) {
permissions.add(rs.getString(1));
} } catch (SQLException e) { e.printStackTrace();
}
return permissions;
} public static void main(String[] args) {
System.out.println(new Dao().listRoles("zhang3"));
System.out.println(new Dao().listRoles("li4"));
System.out.println(new Dao().listPermissions("zhang3"));
System.out.println(new Dao().listPermissions("li4"));
}
}
五·realm
package com.yuanbo; import java.util.Set; import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection; public class DatabaseRealm extends AuthorizingRealm { @Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
String userName = (String) principalCollection.getPrimaryPrincipal();
Set<String> permissions = new Dao().listPermissions(userName);
Set<String> roles = new Dao().listRoles(userName);
SimpleAuthorizationInfo s = new SimpleAuthorizationInfo();
s.setStringPermissions(permissions);
s.setRoles(roles);
return s;
} @Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken t = (UsernamePasswordToken) token;
//String userName = token.getPrincipal().toString();
String userName =new String(t.getUsername());
String password = new String(t.getPassword()); String passwordInDB = new Dao().getPassword(userName); if(passwordInDB == null || !passwordInDB.equals(password))
throw new AuthenticationException(); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName,password,getName());
return info;
} }
六·过滤器(一个url多个roles访问)
package com.yuanbo; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter; public class CustomRolesAuthorizationFilter extends AuthorizationFilter { @Override
protected boolean isAccessAllowed(ServletRequest req, ServletResponse resp, Object mappedValue) throws Exception {
Subject subject = getSubject(req, resp);
String[] rolesArray = (String[]) mappedValue; if (rolesArray == null || rolesArray.length == 0) { //没有角色限制,有权限访问
return true;
}
for (int i = 0; i < rolesArray.length; i++) {
if (subject.hasRole(rolesArray[i])) { //若当前用户是rolesArray中的任何一个,则有权限访问
return true;
}
} return false;
} }
七·servlet
package com.yuanbo; import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject; /**
* Servlet implementation class LoginServlet
*/
@WebServlet(name = "loginServlet", urlPatterns = "/login")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L; protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String userName = request.getParameter("userName");
String password = request.getParameter("password");
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName, password); try {
subject.login(token);
Session session = subject.getSession();
session.setAttribute("subject", subject); response.sendRedirect("index.jsp");
} catch (AuthenticationException e) {
request.setAttribute("error","验证失败");
request.getRequestDispatcher("login.jsp").forward(request, response);
}
} }
八·index.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<link rel="stylesheet" type="text/css" href="static/css/style.css"/>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<div class="workingroom">
<div class="loginDiv">
<c:if test="${empty subject.principal }">
<a href="login.jsp">login</a><br>
</c:if>
<c:if test="${!empty subject.principal }">
<span class="desc">hello,${subject.principal }!</span><br>
<a href="doLogout">logout</a>
</c:if>
<br>
<a href="listProduct.jsp">query product</a><span class="desc">(登录后才能查看)</span><br>
<a href="deleteProduct.jsp">delete product</a><span class="desc">(需要产品管理员角色)</span><br>
<a href="deleteOrder.jsp">delete order</a><span class="desc">(需要删除订单权限)</span><br>
</div>
</div>
</body>
</html>
九·login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%>
<html>
<link rel="stylesheet" type="text/css" href="static/css/style.css" />
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<div class="workingroom">
<div class="errorInfo">${error }</div>
<form action="login" method="post">
account: <input type="text" name="userName" /><br>
password: <input type="password" name="password"/><br>
<br>
<input type="submit" value="login">
<div>
<span class="desc">账号:zhang3 密码:12345 角色:admin</span><br>
<span class="desc">账号:li4 密码:abcde 角色:productManager</span><br>
</div>
</form>
</div>
</body>
</html>
十
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<link rel="stylesheet" type="text/css" href="static/css/style.css" />
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<div class="workingroom">
listProduct.jsp ,能进来,就表示已经登录成功了
<br>
<a href="#" onclick="javascript:history.back()">return</a>
</div>
</body>
</html>
十一
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<link rel="stylesheet" type="text/css" href="static/css/style.css" />
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<div class="workingroom"> deleteProduct.jsp,能进来<br>就表示拥有 productManager 角色
<br>
<a href="#" onClick="javascript:history.back()">返回</a>
</div>
</body>
</html>
十二
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<link rel="stylesheet" type="text/css" href="static/css/style.css" />
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<div class="workingroom"> deleteOrder.jsp ,能进来,就表示有deleteOrder权限
<br>
<a href="#" onClick="javascript:history.back()">返回</a>
</div>
</body>
</html>
十三
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<link rel="stylesheet" type="text/css" href="static/css/style.css" />
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<div class="workingroom"> 权限不足
<br>
<a href="#" onClick="javascript:history.back()">返回</a>
</div>
</body>
</html>
十四
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<html>
<link rel="stylesheet" type="text/css" href="static/css/style.css" />
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<div class="workingroom"> 角色不匹配
<br>
<a href="#" onClick="javascript:history.back()">返回</a>
</div>
</body>
</html>
最后,推荐一个java学习平台吧,感觉挺不错的,写得挺细的,还有问答,可以解疑
https://how2j.cn/k/shiro/shiro-web/1722.html?p=81485
shiro实战(1)--web的更多相关文章
- Shiro实战教程-刘志敏-专题视频课程
Shiro实战教程-62人已学习 课程介绍 本教程只介绍基本的 Shiro 使用,不会过多分析源码等,重在使用. 适用人群: 1.了解基于Servlet进行Web应用开发 2.了解Spr ...
- 自学Zabbix4.3 zabbix实战监控Web网站性能
自学Zabbix4.3 zabbix实战监控Web网站性能 用zabbix如何监控web性能和可用性呢?一般分为四个步骤:打开网站.登陆.登陆验证.退出,看实例. 1. 检测流程 1. 打开网站:如果 ...
- Apache Shiro:【1】Shiro基础及Web集成
Apache Shiro:[1]Shiro基础及Web集成 Apache Shiro是什么 Apache Shiro是一个强大且易于使用的Java安全框架,提供了认证.授权.加密.会话管理,与spri ...
- Spring Boot集成Shiro实战
Spring Boot集成Shiro权限验证框架,可参考: https://shiro.apache.org/spring-boot.html 引入依赖 <dependency> < ...
- 从0到1实战移动Web App开发
从0到1实战移动Web App开发 教程介绍 从0到1 实战webapp,通过热门的web前端技术实现移动端app应用,先基础.后实战,在讲解的同时引导思考,会抛出自己独特的观点,一行一行写代码讲 ...
- shiro实战系列(九)之Web
一.Configuration(配置) 将 Shiro 集成到任何 Web 应用程序的最简单的方法是在 web.xml 中配置 ContextListener 和 Filter,理解如何读取 Shir ...
- shiro实战系列(二)之入门实战续
下面讲解基于实战系列一,所以相关的java文件获取pom.xml及其log4j文件同样适用于本次讲解. 一.Using Shiro Using Shiro 现在我们的 SecurityManager ...
- shiro实战系列(一)之入门实战
一.什么是shiro? Apache Shiro 是一个强大而灵活的开源安全框架,它干净利落地处理身份认证,授权,企业会话管理和加密. Apache Shiro 的首要目标是易于使用和理解.安全有 ...
- Springmvc+Shiro实战
原文链接:http://blog.csdn.net/qq_37936542/article/details/79010449 springmvc+shiro实现系统粗细粒度的权限管理步骤: 1:表格设 ...
随机推荐
- CSS3选择器归类整理
CSS3选择器归类整理(附CSS优先级要点) CSS是用于网页设计可用的最强大的工具之一.使用它我们可以在几分钟内改变一个网站的界面,而不用改变页面的标签.在深入研究CSS选择器之前,我们应该先搞懂C ...
- c语言I博客专业06
问题 答案 这个作业属于那个课程 C语言程序设计II 这个作业要求在哪里 https://edu.cnblogs.com/campus/zswxy/CST2019-2/homework/8655 我在 ...
- lvm_lv_create
lvm lv create 开机自动挂载 neokylinV7.0 [root@localhost ~]# fdisk -l 磁盘 /dev/vda:322.1 GB, 322122547200 字 ...
- 腾讯视频缓存 tdl 转 mp4
找到腾讯视频->设置,看下缓存文件的目录地址,然后cmd,通过命令进行转化. copy/b *.tdl 1.mp4
- [ch04-04] 多样本单特征值计算
系列博客,原文在笔者所维护的github上:https://aka.ms/beginnerAI, 点击star加星不要吝啬,星越多笔者越努力. 4.4 多样本单特征值计算 在前面的代码中,我们一直使用 ...
- javascript基础修炼(13)——记一道有趣的JS脑洞练习题【华为云技术分享】
版权声明:本文为博主原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明. 本文链接:https://blog.csdn.net/devcloud/article/detai ...
- png兼容IE6的方法
1.通过CSS滤镜使背景图的PNG对IE6进行兼容 定义一个样式,给某个div应用这个样式后,div的透明png背景图片自动透明了. <style> body{background: li ...
- luogu P2345 奶牛集会 |排序+树状数组
题目描述 约翰的N 头奶牛每年都会参加"哞哞大会".哞哞大会是奶牛界的盛事.集会上的活动很多,比如堆干草,跨栅栏,摸牛仔的屁股等等.它们参加活动时会聚在一起,第i 头奶牛的坐标为X ...
- mac本地如何搭建IPv6环境测试你的APP
转自:http://www.cocoachina.com/ios/20160525/16431.html 投稿文章,作者:请勺子喝杯咖啡(简书) IPv6的简介 IPv4 和 IPv6的区别就是 IP ...
- Vue&Cesium&Ribbon界面: 将桌面GIS搬进浏览器
上一篇文章在这里:vue集成cesium,webgis平台第一步 把界面改了一下,开始实际填充功能. Ribbon是一种以面板及标签页为架构的用户界面(User Interface),原先出现在Mic ...