本文共 7049 字,大约阅读时间需要 23 分钟。
本篇文章我们将讲解如何通过shiro实现对web请求的权限控制。
首先向大家展示下shiro.ini文件的信息:
[main]authc.loginUrl=/loginroles.unauthorizedUrl=/unauthorized.jspperms.unauthorizedUrl=/unauthorized.jsp[users]java=123456,adminjack=123,teachermarry=234[roles]admin=user:createteacher=student:*[urls]/login=anon/admin=authc/student=roles[teacher]/teacher=perms["user:create"]通过shiro官网,我们可以发现urls配置的请求对应的filter处理:
| Filter Name | Class |
|---|---|
| anon | |
| authc | |
| authcBasic | |
| logout | |
| noSessionCreation | |
| perms | |
| port | |
| rest | |
| roles | |
| ssl | |
| user |
4.0.0 com.tgb.shiro ShiroWeb war 0.0.1-SNAPSHOT ShiroWeb Maven Webapp http://maven.apache.org junit junit 3.8.1 test javax.servlet javax.servlet-api 3.1.0 javax.servlet.jsp javax.servlet.jsp-api 2.3.1 javax.servlet jstl 1.2 log4j log4j 1.2.17 commons-logging commons-logging 1.2 org.apache.shiro shiro-core 1.2.4 org.apache.shiro shiro-web 1.2.4 org.slf4j slf4j-api 1.7.12 ShiroWeb
然后我们分别完成LoginServlet、AdminServlet、StudentServlet的请求处理:ShrioWeb index.html index.htm index.jsp default.html default.htm default.jsp org.apache.shiro.web.env.EnvironmentLoaderListener ShiroFilter org.apache.shiro.web.servlet.ShiroFilter ShiroFilter /* loginServlet com.tgb.servlet.LoginServlet adminServlet com.tgb.servlet.AdminServlet studentServlet com.tgb.servlet.StudentServlet loginServlet /login adminServlet /admin studentServlet /student
package com.tgb.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("login doget"); req.getRequestDispatcher("login.jsp").forward(req, resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("login dopost"); String userName = req.getParameter("userName"); String password = req.getParameter("password"); Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(userName, password); try { subject.login(token); resp.sendRedirect("success.jsp"); } catch (Exception e) { e.printStackTrace(); req.setAttribute("errorInfo", "用户名或密码错误"); req.getRequestDispatcher("login.jsp").forward(req, resp); } }} package com.tgb.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class AdminServlet extends HttpServlet { private static final long serialVersionUID = 1L; public AdminServlet() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("admin do get"); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("admin do post"); }} package com.tgb.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class StudentServlet extends HttpServlet { private static final long serialVersionUID = 1L; public StudentServlet() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("student do get"); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("student do post"); }} 转载地址:http://dokui.baihongyu.com/