鲁春利的工作笔记,好记性不如烂笔头
http://shiro.apache.org/web-features.html
基于Basic的拦截器身份验证
shiro-authc-basic.ini
# 基于Basic的拦截器身份验证 [main] # 默认是/login.jsp authc.loginUrl=/login authcBasic.applicationName=请登录 [users] # 用户名=密码,角色 lucl=123456,admin wang=123456 [roles] admin=user:*,menu:* [urls] /login=anon /static/**=anon /role=authcBasic,roles[admin] /permission=authcBasic,perms["user:create"] /logout=logout
authcBasic是org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter类型的实例。
说明:由于此时的登录是Filter来实现的,在ini文件中,用户名=密码,密码是明文存储的,不再适用/login登录方式(Servlet中密码是加密过的)。
基于表单的拦截器身份验证
shiro-form-filter.ini
# 基于Basic的拦截器身份验证 [main] authc.loginUrl=/loginForm authc.usernameParam=username authc.passwordParam=password authc.successUrl=/shiro/admin/success.jsp authc.failureKeyAttribute=shiroLoginFailure [users] # 用户名=密码,角色 lucl=123456,admin wang=123456 [roles] admin=user:*,menu:* [urls] /loginForm=authc /static/**=anon /role=authc,roles[admin] /permission=authc,perms["user:create"] /logout=logout
说明:
authc 是org.apache.shiro.web.filter.authc.FormAuthenticationFilter 类型的实例,其用于实
现基于表单的身份验证。
通过loginUrl指定当身份验证时的登录表单;
usernameParam指定登录表单提交的用户名参数名;
passwordParam指定登录表单提交的密码参数名;
successUrl指定登录成功后重定向的默认地址(默认是“/”)(如果有上一个地址会自动重定向带该地址);
failureKeyAttribute指定登录失败时的request属性key(默认shiroLoginFailure);这样可以在登录表单得到该错误key显示相应的错误消息;
LoginFormServlet
package com.invicme.apps.servlet.form;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.subject.Subject;
/**
* @author lucl
*/
@WebServlet("/loginForm")
public class LoginFormServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public LoginFormServlet() {
super();
}
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String errorClassName = (String)request.getAttribute("shiroLoginFailure");
String msg = "";
Subject subject = SecurityUtils.getSubject();
if(UnknownAccountException.class.getName().equals(errorClassName)) {
msg = "用户名/密码错误";
} else if(IncorrectCredentialsException.class.getName().equals(errorClassName)) {
msg = "用户名/密码错误";
} else if(errorClassName != null) {
msg = "未知错误:" + errorClassName;
}
request.setAttribute("msg", msg);
request.setAttribute("subject", subject);
request.getRequestDispatcher("shiro/admin/loginForm.jsp").forward(request, response);
}
}
loginForm.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页</title>
</head>
<body>
<h1>This is login page.</h1><font color="red">${msg}</font>
<form name="loginForm" action="<%=request.getContextPath()%>/loginForm" method="POST">
用户名:<input type="text" name="username" value="" />
<br/>
密码:<input type="password" name="password" value="" />
<br/>
<input type="submit" name="sub" value="提交" />
</form>
</body>
</html>
1、访问http://localhost:8080/invicme/role
2、跳转到http://localhost:8080/invicme/loginForm
3、输入用户名密码,跳转到http://localhost:8080/invicme/role对应页面
时间: 2024-10-17 14:51:07