首页 > Web开发 > 详细

shiro-web-01

时间:2018-11-03 20:51:13      阅读:133      评论:0      收藏:0      [点我收藏+]

MyRealm.java

package cn.mldn.realm;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import cn.mldn.service.MemberLoginService;
import cn.mldn.vo.Member;

public class MyRealm extends AuthorizingRealm {

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("*********** 1、用户登录认证操作的处理   doGetAuthenticationInfo ***********");
        // 登录认证的方法先执行,需要用它来判断登录的用户信息是否合法
        String username = (String) token.getPrincipal() ; // 取得用户名
        MemberLoginService service = new MemberLoginService() ;
        Member vo = service.get(username) ; // 取得的是用户的信息
        service.close();
        if (vo == null) {
            throw new UnknownAccountException("该用户不存在!");
        }
        else {  //进心密码验证处理
            String password = new String((char []) token.getCredentials());
            // 将数据库中的密码与输入的密码进行比较,这样就可以确定当前用户是否可以正常的登录了。
            if(vo.getPassword().equals(password)) {
                AuthenticationInfo auth = new SimpleAuthenticationInfo(username,password,"memberRealm");
                return auth ;
            }
            else {
                throw new IncorrectCredentialsException("密码错误");
            }
        }
    }
    
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("*********** 2、用户角色与权限 doGetAuthorizationInfo  ***********");
        String username = (String) principals.getPrimaryPrincipal() ; // 取得用户名
        SimpleAuthorizationInfo auth = new SimpleAuthorizationInfo() ; // 定义授权信息的返回处理
        MemberLoginService service = new MemberLoginService() ;
        auth.setRoles(service.listRolesByMember(username)); // 所有的角色必须以set集合出现
        auth.setStringPermissions(service.listActionsByMember(username));
        service.close();
        
        
        return null;
    }
    
}

MemberLoginService.java

package cn.mldn.service;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashSet;
import java.util.Set;

import org.gjt.mm.mysql.Driver;

import cn.mldn.vo.Member;

public class MemberLoginService {
    private Connection conn ;
    
    private static final String DBDRIVER = "org.gjt.mm.mysql.Driver" ;
    private static final String DBURL  =   "jdbc:mysql://192.168.43.3:3306/shirodb" ;
    private static final String DBUSER = "root" ;
    private static final String PASSWORD = "mysqladmin" ;
    private PreparedStatement pstmt = null ;
    public MemberLoginService () {
        this.connectDataBase();
    }
    
    public Member get (String username) {
        Member vo = null ;
        try {

            String sql = "SELECT mid , password FROM member WHERE mid=?" ;
            this.pstmt = this.conn.prepareStatement(sql);
            this.pstmt.setString(1, username);
            ResultSet rs = this.pstmt.executeQuery(); 
            
            if (rs.next()) {
                vo = new Member() ;
                vo.setMid(rs.getString(1));
                vo.setPassword(rs.getString(2));
            }
            
        } catch (SQLException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        
        return vo ;
    }
    
    /**
     *  SELECT flag FROM role WHERE rid IN (
     *      SELECT rid FROM member_role WHERE mid=? )
     */
    public Set<String> listRolesByMember(String mid) {
        Set<String> allRoles = new HashSet<String>() ;
        String sql = " SELECT flag FROM role WHERE rid IN ( SELECT rid FROM member_role WHERE mid=? )" ;
        
        try {
            this.pstmt = this.conn.prepareStatement(sql) ;
            this.pstmt.setString(1, mid);
            ResultSet rs = this.pstmt.executeQuery() ;
            while(rs.next()){
                allRoles.add(rs.getString(1)) ;
            }
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        return allRoles;
    }
    
    /**
     * 
     * @param mid
     * @return
     */
    public Set<String> listActionsByMember(String mid) {
        Set<String> allActions = new HashSet<String>() ;
        String sql = " SELECT flag FROM action WHERE actid IN ( SELECT actid FROM role_action WHERE rid in ("
                + "SELECT rid FROM member_role WHERE mid=?"
                + ") )" ;
        
        try {
            this.pstmt = this.conn.prepareStatement(sql) ;
            this.pstmt.setString(1, mid);
            ResultSet rs = this.pstmt.executeQuery() ;
            while(rs.next()){
                allActions.add(rs.getString(1)) ;
            }
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        return allActions;
    }
    
    
    public void close() {
        if(this.conn != null){
            try {
                this.conn.close();
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
    }
    
    private void connectDataBase(){
        try {
            Class.forName(DBDRIVER);
            this.conn = DriverManager.getConnection(DBURL,DBUSER,PASSWORD);
            
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
 }

Member.java

package cn.mldn.vo;

import java.io.Serializable;

public class Member implements Serializable {
    private String mid ;
    private String name ;
    private String password ;
    public String getMid() {
        return mid;
    }
    public void setMid(String mid) {
        this.mid = mid;
    }
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    
}

LoginServlet.java

package cn.mldn.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

@SuppressWarnings("serial")
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String mid = request.getParameter("mid") ;
        String password = request.getParameter("password") ;
        Subject subject = SecurityUtils.getSubject() ;
        UsernamePasswordToken token = new UsernamePasswordToken(mid, password) ;
        subject.login(token);
        request.getRequestDispatcher("/pages/welcome.jsp").forward(request, response);
    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        doGet(request, response);
    }

}

shiro.ini     shiro 过滤检测 anon authc authcBasic perms port rest roles ssl user

[main]
# 如果现在认证失败,则跳转到loginUrl配置路径
authc.loginUrl=/login.jsp
jdbcRealm=cn.mldn.realm.MyRealm
securityManager.realms=$jdbcRealm

[urls]
# 登陆页面不需要进行检测处理的
/shiroLogin=anon
# 指定的页面需要进行登录检测的
/pages/welcome.jsp=authc

web.xml    配置监听器参考路径 : http://shiro.apache.org/webapp-tutorial.html

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
  <display-name>shirodemo</display-name>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
  <listener>
    <listener-class>
            org.apache.shiro.web.env.EnvironmentLoaderListener
        </listener-class>
  </listener>
  <filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
    <init-param>
      <param-name>configPath</param-name>
      <param-value>classpath:shiro.ini</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
  </filter-mapping>
</web-app>

login.jsp

<%@ page language="java"  pageEncoding="UTF-8"%>
<%
    String path = request.getContextPath() ;
    String basePath = request.getScheme() + "://" +request.getServerName() 
    + ":" +request.getServerPort() + path + "/" ;
%>
<html>
<head>
<base href="<%=basePath%>">
<title>Shiro Login Demo</title>
</head>
<body>
    <form action="LoginServlet" method="post">
        用户名: <input type="text" name="mid" id="mid" >  <br>
        密码:    <input type="password" name="password" id="password" >  <br>
        <input type="submit" value="提交">
    </form>
</body>
</html>

welcome.jsp

<%@ page language="java"  pageEncoding="UTF-8"%>
<html>
<head>

<title>Insert title here</title>
</head>
<body>
    <h1>Welcome !</h1>
</body>
</html>

 

shiro-web-01

原文:https://www.cnblogs.com/blog-747674599/p/shiro.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!