MyRealm.java
package cn.mldn.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.SimpleAccount; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import cn.mldn.service.MemberLoginService; import cn.mldn.vo.Member; public class MyRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { System.out.println("*********** 1、用户登录认证操作的处理 doGetAuthenticationInfo ***********"); // 登录认证的方法先执行,需要用它来判断登录的用户信息是否合法 String username = (String) token.getPrincipal() ; // 取得用户名 MemberLoginService service = new MemberLoginService() ; Member vo = service.get(username) ; // 取得的是用户的信息 service.close(); if (vo == null) { throw new UnknownAccountException("该用户不存在!"); } else { //进心密码验证处理 String password = new String((char []) token.getCredentials()); // 将数据库中的密码与输入的密码进行比较,这样就可以确定当前用户是否可以正常的登录了。 if(vo.getPassword().equals(password)) { AuthenticationInfo auth = new SimpleAuthenticationInfo(username,password,"memberRealm"); return auth ; } else { throw new IncorrectCredentialsException("密码错误"); } } } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("*********** 2、用户角色与权限 doGetAuthorizationInfo ***********"); String username = (String) principals.getPrimaryPrincipal() ; // 取得用户名 SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo() ; // 定义授权信息的返回处理 MemberLoginService service = new MemberLoginService() ; auth.setRoles(service.listRolesByMember(username)); // 所有的角色必须以set集合出现 auth.setStringPermissions(service.listActionsByMember(username)); service.close(); return null; } }
MemberLoginService.java
package cn.mldn.service; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.HashSet; import java.util.Set; import org.gjt.mm.mysql.Driver; import cn.mldn.vo.Member; public class MemberLoginService { private Connection conn ; private static final String DBDRIVER = "org.gjt.mm.mysql.Driver" ; private static final String DBURL = "jdbc:mysql://192.168.43.3:3306/shirodb" ; private static final String DBUSER = "root" ; private static final String PASSWORD = "mysqladmin" ; private PreparedStatement pstmt = null ; public MemberLoginService () { this.connectDataBase(); } public Member get (String username) { Member vo = null ; try { String sql = "SELECT mid , password FROM member WHERE mid=?" ; this.pstmt = this.conn.prepareStatement(sql); this.pstmt.setString(1, username); ResultSet rs = this.pstmt.executeQuery(); if (rs.next()) { vo = new Member() ; vo.setMid(rs.getString(1)); vo.setPassword(rs.getString(2)); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return vo ; } /** * SELECT flag FROM role WHERE rid IN ( * SELECT rid FROM member_role WHERE mid=? ) */ public Set<String> listRolesByMember(String mid) { Set<String> allRoles = new HashSet<String>() ; String sql = " SELECT flag FROM role WHERE rid IN ( SELECT rid FROM member_role WHERE mid=? )" ; try { this.pstmt = this.conn.prepareStatement(sql) ; this.pstmt.setString(1, mid); ResultSet rs = this.pstmt.executeQuery() ; while(rs.next()){ allRoles.add(rs.getString(1)) ; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return allRoles; } /** * * @param mid * @return */ public Set<String> listActionsByMember(String mid) { Set<String> allActions = new HashSet<String>() ; String sql = " SELECT flag FROM action WHERE actid IN ( SELECT actid FROM role_action WHERE rid in (" + "SELECT rid FROM member_role WHERE mid=?" + ") )" ; try { this.pstmt = this.conn.prepareStatement(sql) ; this.pstmt.setString(1, mid); ResultSet rs = this.pstmt.executeQuery() ; while(rs.next()){ allActions.add(rs.getString(1)) ; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return allActions; } public void close() { if(this.conn != null){ try { this.conn.close(); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } } } private void connectDataBase(){ try { Class.forName(DBDRIVER); this.conn = DriverManager.getConnection(DBURL,DBUSER,PASSWORD); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } }
Member.java
package cn.mldn.vo; import java.io.Serializable; public class Member implements Serializable { private String mid ; private String name ; private String password ; public String getMid() { return mid; } public void setMid(String mid) { this.mid = mid; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
LoginServlet.java
package cn.mldn.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; @SuppressWarnings("serial") @WebServlet("/LoginServlet") public class LoginServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String mid = request.getParameter("mid") ; String password = request.getParameter("password") ; Subject subject = SecurityUtils.getSubject() ; UsernamePasswordToken token = new UsernamePasswordToken(mid, password) ; subject.login(token); request.getRequestDispatcher("/pages/welcome.jsp").forward(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
shiro.ini shiro 过滤检测 anon authc authcBasic perms port rest roles ssl user
[main] # 如果现在认证失败,则跳转到loginUrl配置路径 authc.loginUrl=/login.jsp jdbcRealm=cn.mldn.realm.MyRealm securityManager.realms=$jdbcRealm [urls] # 登陆页面不需要进行检测处理的 /shiroLogin=anon # 指定的页面需要进行登录检测的 /pages/welcome.jsp=authc
web.xml 配置监听器参考路径 : http://shiro.apache.org/webapp-tutorial.html
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>shirodemo</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <listener> <listener-class> org.apache.shiro.web.env.EnvironmentLoaderListener </listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> <init-param> <param-name>configPath</param-name> <param-value>classpath:shiro.ini</param-value> </init-param> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> </web-app>
login.jsp
<%@ page language="java" pageEncoding="UTF-8"%> <% String path = request.getContextPath() ; String basePath = request.getScheme() + "://" +request.getServerName() + ":" +request.getServerPort() + path + "/" ; %> <html> <head> <base href="<%=basePath%>"> <title>Shiro Login Demo</title> </head> <body> <form action="LoginServlet" method="post"> 用户名: <input type="text" name="mid" id="mid" > <br> 密码: <input type="password" name="password" id="password" > <br> <input type="submit" value="提交"> </form> </body> </html>
welcome.jsp
<%@ page language="java" pageEncoding="UTF-8"%> <html> <head> <title>Insert title here</title> </head> <body> <h1>Welcome !</h1> </body> </html>
原文:https://www.cnblogs.com/blog-747674599/p/shiro.html